ibm qradar siem foundations - global...
TRANSCRIPT
BQ103G www.globalknowledge.ae [email protected] 00 971 4 446 4987
IBM QRadar SIEM Foundations
Duration: 3 Days Course Code: BQ103G
Overview:
IBM QRadar SIEM provides deep visibility into network, user, and application activity. It provides collection, normalization, correlation, andsecure storage of events, flows, asset profiles, and vulnerabilities. QRadar SIEM classifies suspected attacks and policy violations as offenses.
In this 3-day instructor-led course, you learn how to perform the following tasks: Describe how QRadar SIEM collects data todetect suspicious activitiesDescribe the QRadar SIEM component architecture and data flowsNavigate theuser interfaceInvestigate suspected attacks and policy breachesSearch, filter, group, and analyze securitydataInvestigate the vulnerabilities and services of assetsUse network hierarchiesLocate custom rules andinspect actions and responses of rulesAnalyze offenses created by QRadar SIEMUse indexmanagementNavigate and customize the QRadar SIEM dashboardUse QRadar SIEM to create customizedreportsUse charts and filtersUse AQL for advanced searchesAnalyze a real world scenarioExtensive lab exercises are provided to allow students an insight into the routine work of an IT Security Analyst operating the IBM QRadar
SIEM platform. The exercises cover the following topics:Using the QRadar SIEM user interfaceInvestigating an Offensetriggered by eventsInvestigating the events of an offenseInvestigating an offense that is triggered byflowsUsing rulesUsing the Network HierarchyIndex and Aggregated Data ManagementUsing the QRadarSIEM dashboardCreating QRadar SIEM reportsUsing AQL for advanced searchesAnalyze a real-worldlarge-scale attackThe lab environment for this course uses the IBM QRadar SIEM 7.3 platform.
Target Audience:
This course is designed for security analysts, security technical architects, offense managers, network administrators, and systemadministrators using QRadar SIEM.
Objectives:
After completing this course, you should be able to perform the Describe the purpose of the network hierarchyfollowing tasks:
Determine how rules test incoming data and create offensesDescribe how QRadar SIEM collects data to detect suspiciousactivities Use index and aggregated data management
Describe the QRadar SIEM component architecture and data Navigate and customize dashboards and dashboard itemsflows
Create customized reportsNavigate the user interface
Use filtersInvestigate suspected attacks and policy violations
Use AQL for advanced searchesSearch, filter, group, and analyze security data
Analyze a real world scenarioInvestigate events and flows
Investigate asset profiles
Prerequisites:
Before taking this course, make sure that you have the followingskills:
BQ103G www.globalknowledge.ae [email protected] 00 971 4 446 4987
IT infrastructureIT security fundamentalsLinuxWindowsTCP/IP networkingSyslog
Content:
line
Further Information:
For More information, or to book your course, please call us on 00 971 4 446 4987
www.globalknowledge.ae
Global Knowledge, Dubai Knowledge Village, Block 2A,First Floor, Office F68, Dubai, UAE