Modern IBM QRadar 7.5 SIEM Administration

Focused View

Daniel Koifman

7:55:47

141 View

1. Introduction And Installation

1. A quick word from me to you.mp4

01:43

2. Introduction And About the instructor.mp4

01:52

3. Quick note about external resources - Important!.html

4. Introduction to SIEM.mp4

07:57

5.1 QRadar Architecture - Deep Dive.pdf

5.2 QRadar Architecture - General.pdf

5. Introduction to QRadar.mp4

06:35

6.1 ISO Download Link.html

6. Installing QRadar.mp4

07:04

7.1 Wincollect Download Link.html

7.2 Wincollect IBM documentation.html

7. Ingesting events from a Windows machine.mp4

06:16

8.1 Sending PfSense Logs to QRadar.html

8. Ingesting events from PfSense firewall.mp4

02:44

2. QRadar overview

1. User Interface.mp4

04:50

2. Log Activity basic searching.mp4

06:47

3.1 QRadar Core Services.html

3. QRadar Services.mp4

10:22

3. Rules

1. Requirements for upcoming application installations.mp4

01:57

2.1 Everything you need to know about QRadar Rules.html

2.2 Investigating QRadar rules and building blocks.html

2.3 QRadar building blocks.html

2.4 Use Case Manager.html

2. Use Case Manager, Rules and Building Blocks.mp4

28:52

3. Using AQL inside rules.mp4

09:33

4.1 Troubleshooting rules.html

4. Troubleshooting rules.mp4

05:41

5.1 Optimizing Rules.html

5. Optimizing rules.mp4

06:55

6.1 Troubleshooting Custom Rule performance.html

6. Identifying expensive rules.mp4

08:47

7.1 SIGMA Rules Github.html

7. Practical Example #1 - SIGMA rules.mp4

31:15

8. Practical Example #2 - Firewall rules.mp4

07:55

4. Working with Reference Data

1.1 Creating reference data collections by using the command line.html

1.2 Reference data query examples.html

1.3 Types of reference data collections.html

1. Different types of Reference Data.mp4

09:52

2. Using Reference Data with the default user interface.mp4

03:20

3. Integrating Reference Data and Rules.mp4

11:27

4. Advice on dealing with massive amounts of Reference Data.mp4

03:16

5. QRadar Administration - System Configuration

1.1 Managed hosts.html

1. Managed hosts.mp4

05:02

2.1 Defining your network hierarchy.html

2. Network hierarchy.mp4

07:32

3.1 Automatic updates.html

3.2 Configuring automatic update settings.html

3.3 Important auto update server changes for administrators.html

3. Automatic updates.mp4

04:08

4.1 About event retention buckets.html

4. Event retention.mp4

05:28

5.1 Backup QRadar configurations and data.html

5. Backup and recovery.mp4

03:07

6.1 Configuring event and flow custom email notifications.html

6. Custom offense Email templates.mp4

05:59

6. QRadar Administration - Performance Optimization

1.1 Configuring the retention period for payload indexes.html

1.2 Enabling indexes.html

1.3 Enabling payload indexing to optimize search times.html

1. Index management.mp4

04:04

2.1 Resource restrictions in distributed environments.html

2.2 Restrictions to prevent resource-intensive searches.html

2. Configuring resource restrictions.mp4

08:01

3.1 Configuring routing rules to forward data.html

3.2 Routing options for rules.html

3. Routing Rules.mp4

06:19

7. QRadar Administration - Data Source Configuration

1.1 How to use Microsoft Event Viewer to create an XPath Query.html

1.2 XPath Query Troubleshooting.html

1. XPath queries.mp4

07:33

2.1 Adding a log source to receive events.html

2.2 Protocol configuration options.html

2.3 Testing log sources.html

2. Log source management.mp4

06:12

3.1 How does coalescing work in QRadar.html

3. Event coalescing.mp4

03:39

4.1 Log source groups.html

4. Log source groups.mp4

04:32

5.1 Exporting events.html

5. Exporting event data.mp4

04:40

6.1 DSM Editor overview.html

6. Custom log source types (DSM) Event Mappings.mp4

13:17

7.1 QRadar AQL Custom Properties.html

7. Custom AQL Properties.mp4

05:46

8.1 Creating a custom property.html

8.2 Custom event and flow properties.html

8.3 Defining custom properties by using custom property expressions.html

8.4 Modifying or deleting a custom property.html

8. Custom event properties.mp4

08:47

8. QRadar Administration - Accuracy Tuning

1.1 Configuring a MaxMind account for geographic data updates.html

1. Configuring MaxMind GeoIP.mp4

05:44

2.1 Configuring a MaxMind account for geographic data updates.html

2. Verifying GeoIP Changes.mp4

01:26

3.1 Enabling the X-Force Threat Intelligence feed.html

3.2 IBM X-Force Exchange plug-in for QRadar.html

3.3 IBM X-Force integration.html

3. Configuring X-Force Integration.mp4

05:06

9. QRadar Administration - User Management

1.1 User accounts.html

1. Managing users.mp4

02:25

2.1 User roles.html

2. User roles.mp4

01:51

3.1 Security profiles.html

3. Security profiles.mp4

05:32

4.1 User authentication.html

4. Managing user authentication And authorization.mp4

03:30

10. QRadar Administration - Reporting, Searching And Offense Management

1.1 Report management.html

1. Managing reports.mp4

11:00

2.1 AQL Query structure.html

2.2 AQL search string examples.html

2.3 Ariel Query Language.html

2.4 Converting a saved search to an AQL string.html

2.5 Querying with dynamic search.html

2.6 Sample AQL queries.html

2. Utilizing different search types.mp4

05:43

3.1 How QRadar Offense Renaming works.html

3.2 Offense management.html

3. Managing offenses.mp4

06:54

4.1 Sharing Dashboard Items.html

4.2 Sharing report groups.html

4. Sharing content among users.mp4

02:38

11. QRadar Administration - Tenants and Domains

1.1 Guidelines for defining your network hierarchy.html

1.2 Network hierarchy updates in a multitenant deployment.html

1. Differentiating between network hierarchy and domain definition.mp4

04:47

2.1 Domain segmentation.html

2.2 Domains and log sources in multitenant environments.html

2.3 QRadar Multi-tenancy, Domains and Log Source Groups.html

2. Managing domains and tenants.mp4

07:20

3.1 Monitoring license usage in multitenant deployments.html

3. Monitoring license usage.mp4

04:28

4.1 Security profiles.html

4.2 User roles.html

4. Assigning users to tenants.mp4

01:25

12. QRadar Administration - Troubleshooting

1.1 QRadar system notifications.html

1. Responding to and dealing with system notifications.mp4

04:55

2. Troubleshooting common issues.html

3.1 How to use Recon to troubleshoot QRadar applications.html

3. Troubleshooting applications.mp4

08:26

4.1 Using ThreadTop to determine QRadar process load.html

4. Troubleshoot service performance.mp4

02:47

13. Working with the QRadar Console

1. Connecting to the Console.mp4

01:50

2. QRadar filesystem.html

3. Running AQL inside the Console.mp4

03:40

4.1 Core services and the impact of restarting services.html

4. Troubleshooting services.mp4

05:14

5. Troubleshooting events rate and connectivity.mp4

04:30

6.1 Full Deployment Failed.html

6. Performing a manual deploy.mp4

03:19

7.1 Reverting to certificates that are generated by the QRadar local CA.html

7. Reverting SSL certificate to locally signed.mp4

04:05

8. Deleting a rule directly from the console.mp4

03:35

9. Useful Console commands list.html

14. Working with the API

1.1 Python utility functions for QRadar.html

1.2 QRadar API endpoint documentation and supported versions.html

1. QRadar API basics.mp4

04:51

2.1 QRadar API Example.html

2. Example - Python script with QRadar API.mp4

07:56

15. Practical Use Cases for NewExisting Deployments

1. Alerting on non-reporting log sources.mp4

03:39

2. Alerting on non-reporting domains.mp4

05:33

3. Alerting on disabled custom properties.mp4

05:54

4. Alerting on disk usage exceeded warningmaximum threshold.mp4

02:49

5. Alerting on events dropped.mp4

02:49

6. DSM Failed to load data error.mp4

03:33

7.1 monitor eps and log sources (1).zip

7. Creating useful dashboards with Pulse.mp4

10:43

8.1 App Link.html

8. Working with Threat Intelligence.mp4

11:54

9.1 App Link.html

9. Working with QRadar Deployment Intelligence.mp4

06:23

10. Mandatory steps after upgrading Console CPU.mp4

03:31

11.1 Truncated Logs.html

11. Logs are being truncated split.mp4

03:13

12. Section Notes.html

13. Notes about updating applications.html

16. Course End - Congratulations!

1. End Notes.mp4

01:43

Description

Understand modern best practices that will make you a better SIEM administrator

What You'll Learn?

Administer IBM's QRadar SIEM
Create rules and detections based on different telemetry sources
Troubleshoot various technical issues
Understand QRadar core services and functions

Who is this for?

SOC Analysts who work with QRadar

Detection Engineers

SIEM Engineers

QRadar Administrators

What You Need to Know?

Recommended basic knowledge of Computers, Networking, and Cyber Security.

More details

Description
Hello everyone!
My name is Daniel Koifman, a recognized IBMÂ Subject MatterÂ Expert for QRadar, CASP+ Certified.
In this course, I will be showing you all of the most important subjects you need to know in order to be a skilled QRadar administrator, in addition to various real-world scenarios and best practices.
The course is divided into the following 15 sections:
Introduction &Â Â Installation
QRadar overview
Rules
Working with Reference Data
QRadar Administration - System Configuration
QRadar Administration - Performance Optimization
QRadar Administration - Data Source Configuration
QRadar Administration - Accuracy Tuning
QRadar Administration - User Management
QRadar Administration - Reporting, Searching & Offense Management
QRadar Administration - Tenants and Domains
QRadar Administration - Troubleshooting
Working with the QRadar Console
Working with the API
Practical Use Cases for New/Existing Deployments

Each section was carefully designed based on all of my experience working as a Senior Threat Detection engineer for fortune-500 and for MSSPs. This is the ONLY course with a detailed, in-depth practical use cases section, which will show you common problems that administrators are facing throughout the world. IÂ developed this section based on my endless hours of trial &Â error and independent research, so IÂ hope all of you can learn very useful things in the course, regardless of skill level!
Who this course is for:
SOC Analysts who work with QRadar
Detection Engineers
SIEM Engineers
QRadar Administrators

User Reviews

Rating

average 0

Total votes0

Focused display

BPM Business Process Management

Daniel Koifman

Instructor's Courses

Verified IBM QRadar Subject Matter Expert with experience working at a fortune-500 bank as a Senior Threat Detection Engineer.I am skilled in various areas of cybersecurity, defensive and offensive security, threat hunting/detection engineering, SIEM/SOC (QRadar, Splunk, Sentinel), SIGMA/YARA Rules and Python.Won 3rd place @ Splunk Boss of the SOC V8 EMEA Israel event.Comptia CASP+ certified.

Udemy

View courses Udemy

Students take courses primarily to improve job-related skills.Some courses generate credit toward technical certification. Udemy has made a special effort to attract corporate trainers seeking to create coursework for employees of their company.