IBM Security QRadar SIEM Administration and Advanced Topics

  • QRadar SIEM administrators
  • Personnel managing deployments
  • Security administrators
  • Security technical architects
  • Offense managers
  • Professional services using QRadar SIEM

Prerequisite

  • Basic knowledge of the purpose and use of a security intelligence platform
  • Familiarity with the Linux command line interface and PuTTY
  • Familiarity with custom rules
  • Familiarity with the Ariel database and its purpose in QRadar SIEM
  • IT infrastructure
  • IT security fundamentals
  • Microsoft Windows
  • TCP/IP networking
  • Log files and events
  • Network flows

Expected Duration
3 day

Description

In this course, you will learn how to minimize the time gap between when suspicious activity occurs and when you detect it. There are a variety of administrative tools you can use to manage a QRadar SIEM deployment. The next level of this course focuses on attacks and policy violations. These vulnerabilities leave their footprints in log events and network flows of your IT systems. To connect the dots, QRadar SIEM correlates these scattered events and flows into offenses that alert you to suspicious activities.

This course covers system configuration, data source configuration, and remote networks and services configuration. You will be able to configure processing of uncommon events, work with reference data, and develop custom rules using the skills taught in this course.

Objective

  1. Auto Update
  2. Backup and Recovery
  3. Index and Aggregated Data Management
  4. Network Hierarchy
  5. System Management
  6. License Management
  7. Deployment Actions
  8. High-Availability Management
  9. System Health and Master Console
  10. System Settings and Asset Profiler Configuration
  11. Custom Offense Close Reasons
  12. Store and Forward
  13. Reference Set Management
  14. Centralized Credentials
  15. Forwarding Destinations
  16. Routing Rules
  17. Domain Management
  18. Users, User Roles, and Security Profiles
  19. Authentication
  20. Authorized Services
  21. Backup and Recovery
  22. Custom Asset Properties
  23. Log Sources
  24. Log Source Groups
  25. Log Source Extensions
  26. Log Source Parsing Ordering
  27. Custom Properties
  28. Event and Flow Retention
  29. Flow Sources
  30. Flow Sources Aliases
  31. VA Scanners
  32. Remote Networks and Services

SUBSCRIPTION COST


$2,495.00

Select Course Options

 

NEED HELP OR NOT SURE?