IBM QRadar SIEM - A Step-by-Step BootCamp

Description

Do you want to enter the SIEM field? Do you want to learn one of the leaders SIEM technologies? 

Do you want to understand the concepts and gain the hands-on on IBM QRadar SIEM?

Then this course is designed for you. Through baby steps you will learn IBM QRadar SIEM

Important topics that you will learn about in this course include but not limited to the following:

The course is covering below topics:

- QRadar architecture

- QRadar components

- All-In-One installation

- Console GUI demystified, QRadar Services and Replay Events & Flows

- Offense, Event, Flow investigation

- Describe the use of the magnitude of an offense

- Offense management (retention, chaining, protection)

- Identify events not correctly parsed and their source

- Customized searches

- Log Integration and DSM Development

- Rules and Building Block Design

- AQL queries

- Custom properties

- WinCollect

- X-Force App Exchange, Content Packs and Pulse Installation and Troubleshooting

- QRadar Assistant App

- Install QRadar Content Packs using the QRadar Assistant App

- Reference Data Types and Management

- Analyze Building Blocks Host definition, category definition, Port definition

- Tuning building blocks and Tuning Methodology

- Use Case Manager app, MITRE threat groups and actors

- Dashboarding and Reporting

- Clean SIM Model

- Attack Simulation and Sysmon Process Profiling

- Rule Routing options, Rule Routing combination options and License Giveback

- Backup and restore

- Ingesting QRadar offenses into FortiSOAR

- Custom Integration with FortiGate Firewall to Block User's PC from Accessing the Internet

- Postman - An API Call Development Methodology

Who this course is for:

• Network Security Specialists & Administrators
• SOC Operators & Analysts
• Information Security Sepcialists