Incident Investigation with IBM Security QRadar

Focused View

Ricardo Reimao

1:44:45

52 View

Exercise Files

ibm-security-qradar-incident-investigation.zip

Module 1 - Course Overview

1. Course Overview.mp4

01:19

Module 2 - The Incident Response Process

1. The Incident Responder Role.mp4

05:12

2. The Incident Response Process.mp4

05:19

3. Incident Notes and Timeline.mp4

03:57

4. Working with SOAR Platforms.mp4

03:07

Module 3 - Incident 1 - The Compromised AWS Cloud

1. Understanding the Incident.mp4

01:37

2. Initial Case Review.mp4

08:48

3. Determining the Attack Scope.mp4

04:59

4. Investigation.mp4

14:09

5. Searching for Indicators of Compromise (IoCs).mp4

02:07

6. Reviewing the Investigation.mp4

04:29

7. Containment, Eradication, and Recovery.mp4

04:16

8. Post-incident Analysis.mp4

04:44

Module 4 - Incident 2 - The Botnet

1. Understanding the Incident.mp4

02:20

2. Initial Case Review.mp4

07:36

3. Network Indicators of Compromise.mp4

02:24

4. QRadar Network Insights (QNI).mp4

02:26

5. Investigation.mp4

09:09

6. Searching for Indicators of Compromise.mp4

02:56

7. Review of the Investigation.mp4

04:42

8. Containment, Eradication, Recovery, and Post-incident.mp4

04:22

9. Course Closure.mp4

04:47

Description

The incident response team is responsible for investigating offenses, determining the impact of incidents, and creating eradication/remediation plans. This course will teach you how to respond to cyber incidents using the IBM Security QRadar SIEM.

What You'll Learn?

The IBM Security QRadar is a complete SIEM solution that helps you to detect threats and investigate incidents. In this course, Incident Investigation with IBM Security QRadar, you’ll learn how to respond to cybersecurity incidents using the QRadar SIEM solution. First, you’ll explore the overall incident response process and the QRadar investigation best practices. Next, you’ll discover through our demos how to find indicators of compromise and investigate the main incident types using the SIEM. Finally, you’ll learn how to define a proper containment, eradication, and recovery plan. When you’re finished with this course, you’ll have the skills and knowledge of QRadar needed to respond to cyber incidents.

More details

User Reviews

Rating

average 0

Total votes0

Focused display

Cyber Security

Ricardo Reimao

Instructor's Courses

Ricardo is a Cybersecurity Consultant based in Toronto (Canada). He has 14+ years of IT experience, 10 of them in the IT Security field. His main interests are: SIEM solutions (IBM QRadar), Enterprise Security Risk, Penetration Testing, Security processes/procedures and Network Security.

Pluralsight

View courses Pluralsight

Pluralsight, LLC is an American privately held online education company that offers a variety of video training courses for software developers, IT administrators, and creative professionals through its website. Founded in 2004 by Aaron Skonnard, Keith Brown, Fritz Onion, and Bill Williams, the company has its headquarters in Farmington, Utah. As of July 2018, it uses more than 1,400 subject-matter experts as authors, and offers more than 7,000 courses in its catalog. Since first moving its courses online in 2007, the company has expanded, developing a full enterprise platform, and adding skills assessment modules.