IBM Qradar

Course Content

Introduction to IBM QRadar

Purposes of QRadar SIEM

00:00
QRadar SIEM and the IBM Security Framework

00:00
Identifying suspected attacks and policy breaches

00:00
Providing context

00:00
Key QRadar SIEM capabilities

00:00
QRadar SIEM Console

00:00

How QRadar SIEM collects security data

Using the QRadar SIEM dashboard

Navigating the Dashboard tab

00:00
Dashboard overview

00:00
Default dashboard

00:00
QRadar SIEM tabs

00:00
Other menu options

00:00
Context-sensitive help

00:00
Dashboard refresh

00:00
Dashboard variety

00:00
Creating a custom dashboard

00:00
Managing dashboard items

00:00

Investigating an offense that is triggered by events

Introduction to offenses

00:00
Creating and rating offenses

00:00
Instructor demonstration of offense parameters

00:00
Selecting an offense to investigate

00:00
Offense Summary window

00:00
Offense parameters

00:00
Top 5 Source IPs

00:00
Top 5 Destination IPs

00:00
Top 5 Log Sources

00:00
Top 5 Users

00:00
Top 5 Categories

00:00
Last 10 Events

00:00
Last 10 Flows

00:00
Annotations

00:00
Offense Summary toolbar

00:00
Lesson 4 Acting on an offense

00:00
Offense actions

00:00
Offense status and flags

00:00

Investigating the events of an offense

Navigating to the events

00:00
List of events

00:00
Event details: Base information

00:00
Event details: Reviewing the raw event

00:00
Event details: Additional details

00:00
Returning to the list of events

00:00
Filtering events

00:00
Applying a Quick Filter to the payload

00:00
Using another filter option

00:00
Grouping events

00:00
Grouping events by low-level category

00:00
Removing grouping criteria

00:00
Viewing a range of events

00:00
Monitoring the scanning host

00:00
Saving search criteria

00:00
Event list using the saved search

00:00
About Quick Searches

00:00
Using alternative methods to create and edit searches

00:00
Finding and loading a saved search

00:00
Search actions

00:00
Adding a saved search as a dashboard item

00:00
Saving a search as a dashboard item

00:00
Enabling time-series data

00:00
Selecting the time range

00:00
Displaying 24 hours in a dashboard item

00:00
Modifying items in the chart type table

00:00

Using asset profiles to investigate offenses

Investigating an offense that is triggered by flows

About flows

00:00
Network Activity tab

00:00
Grouping flows

00:00
Finding an offense

00:00
Offense parameters

00:00
Top 5 Source and Destination IPs

00:00
Top 5 Log Sources

00:00
Top 5 Categories

00:00
Last 10 Events

00:00
Last 10 Flows

00:00
Annotations

00:00
Base information

00:00
Source and destination information

00:00
Layer 7 payload

00:00
Additional information

00:00
Creating a false positive flow or event

00:00
Tuning a false positive flow or event

00:00

Using rules and building blocks

About rules and building blocks

00:00
About rules

00:00
About building blocks and functions

00:00
Navigating to rules

00:00
Finding the rules that fired for an event or flow

00:00
Finding the rules that triggered an offense

00:00
Rule Wizard demonstration

00:00
Rule Wizard

00:00
Rule actions

00:00
Rule response

00:00

Creating QRadar SIEM reports

Reporting introduction

00:00
Reporting demonstration

00:00
Reports tab

00:00
Finding a report

00:00
Running a report

00:00
Selecting the generated report

00:00
Viewing a report

00:00
Reporting demonstration

00:00
Creating a new report template

00:00
Choosing a schedule

00:00
Choosing a layout

00:00
Defining report contents

00:00
Configuring the upper chart

00:00
Configuring the lower chart

00:00
Verifying the layout preview

00:00
Choosing a format

00:00
Distributing the report

00:00
Adding a description and assigning the group

00:00
Verifying the report summary

00:00
Viewing the generated report

00:00
Best practices when creating reports

00:00

Performing advanced filtering

Filtering demonstration

00:00
Flows to external destinations

00:00
Remote to Remote flows

00:00
Scanning activity

00:00
Applications not running on the correct port

00:00
Data loss

00:00
Flows to suspect Internet addresses

00:00
Filtering on custom rules and building blocks

00:00
Grouping by custom rules

00:00
Charts on Log and Network Activity tabs: Grouping

00:00
Capturing time-series data

00:00
Viewing time series charts: Zooming to focus

00:00

Student Ratings & Reviews

No Review Yet

Free

SecureTrust DLP

15 Lessons 0 Enrolled

Free

Splunk ESM

12 Lessons 0 Enrolled

Free

DataDog

11 Lessons 0 Enrolled

What Will You Learn?

Course Content

Introduction to IBM QRadar

Purposes of QRadar SIEM

QRadar SIEM and the IBM Security Framework

Identifying suspected attacks and policy breaches

Providing context

Key QRadar SIEM capabilities

QRadar SIEM Console

How QRadar SIEM collects security data

Normalizing log messages to event

Event collection and processing

Flow collection and processing

Reporting

Asset profiles

Active scanners

QRadar Vulnerability Manager scanner

Gathering asset information

Using the QRadar SIEM dashboard

Navigating the Dashboard tab

Dashboard overview

Default dashboard

QRadar SIEM tabs

Other menu options

Context-sensitive help

Dashboard refresh

Dashboard variety

Creating a custom dashboard

Managing dashboard items

Investigating an offense that is triggered by events

Introduction to offenses

Creating and rating offenses

Instructor demonstration of offense parameters

Selecting an offense to investigate

Offense Summary window

Offense parameters

Top 5 Source IPs

Top 5 Destination IPs

Top 5 Log Sources

Top 5 Users

Top 5 Categories

Last 10 Events

Last 10 Flows

Annotations

Offense Summary toolbar

Lesson 4 Acting on an offense

Offense actions

Offense status and flags

Investigating the events of an offense

Navigating to the events

List of events

Event details: Base information

Event details: Reviewing the raw event

Event details: Additional details

Returning to the list of events

Filtering events

Applying a Quick Filter to the payload

Using another filter option

Grouping events

Grouping events by low-level category

Removing grouping criteria

Viewing a range of events

Monitoring the scanning host

Saving search criteria

Event list using the saved search

About Quick Searches

Using alternative methods to create and edit searches

Finding and loading a saved search

Search actions

Adding a saved search as a dashboard item

Saving a search as a dashboard item

Enabling time-series data

Selecting the time range

Displaying 24 hours in a dashboard item

Modifying items in the chart type table

Using asset profiles to investigate offenses

Using asset profiles to investigate offenses

Creating asset profiles

Navigating from an offense to an asset