What Will You Learn?
- In this course, one learns to traverse the user interface and investigate offenses. Participants are trained to search and analyze the information from which QRadar SIEM concludes a suspicious activity.
- Hands-on exercises reinforce the skills learned.
Course Content
Introduction to IBM QRadar
-
Purposes of QRadar SIEM
00:00 -
QRadar SIEM and the IBM Security Framework
00:00 -
Identifying suspected attacks and policy breaches
00:00 -
Providing context
00:00 -
Key QRadar SIEM capabilities
00:00 -
QRadar SIEM Console
00:00
How QRadar SIEM collects security data
-
Normalizing log messages to event
00:00 -
Event collection and processing
00:00 -
Flow collection and processing
00:00 -
Reporting
00:00 -
Asset profiles
00:00 -
Active scanners
00:00 -
QRadar Vulnerability Manager scanner
00:00 -
Gathering asset information
00:00
Using the QRadar SIEM dashboard
-
Navigating the Dashboard tab
00:00 -
Dashboard overview
00:00 -
Default dashboard
00:00 -
QRadar SIEM tabs
00:00 -
Other menu options
00:00 -
Context-sensitive help
00:00 -
Dashboard refresh
00:00 -
Dashboard variety
00:00 -
Creating a custom dashboard
00:00 -
Managing dashboard items
00:00
Investigating an offense that is triggered by events
-
Introduction to offenses
00:00 -
Creating and rating offenses
00:00 -
Instructor demonstration of offense parameters
00:00 -
Selecting an offense to investigate
00:00 -
Offense Summary window
00:00 -
Offense parameters
00:00 -
Top 5 Source IPs
00:00 -
Top 5 Destination IPs
00:00 -
Top 5 Log Sources
00:00 -
Top 5 Users
00:00 -
Top 5 Categories
00:00 -
Last 10 Events
00:00 -
Last 10 Flows
00:00 -
Annotations
00:00 -
Offense Summary toolbar
00:00 -
Lesson 4 Acting on an offense
00:00 -
Offense actions
00:00 -
Offense status and flags
00:00
Investigating the events of an offense
-
Navigating to the events
00:00 -
List of events
00:00 -
Event details: Base information
00:00 -
Event details: Reviewing the raw event
00:00 -
Event details: Additional details
00:00 -
Returning to the list of events
00:00 -
Filtering events
00:00 -
Applying a Quick Filter to the payload
00:00 -
Using another filter option
00:00 -
Grouping events
00:00 -
Grouping events by low-level category
00:00 -
Removing grouping criteria
00:00 -
Viewing a range of events
00:00 -
Monitoring the scanning host
00:00 -
Saving search criteria
00:00 -
Event list using the saved search
00:00 -
About Quick Searches
00:00 -
Using alternative methods to create and edit searches
00:00 -
Finding and loading a saved search
00:00 -
Search actions
00:00 -
Adding a saved search as a dashboard item
00:00 -
Saving a search as a dashboard item
00:00 -
Enabling time-series data
00:00 -
Selecting the time range
00:00 -
Displaying 24 hours in a dashboard item
00:00 -
Modifying items in the chart type table
00:00
Using asset profiles to investigate offenses
-
Using asset profiles to investigate offenses
00:00 -
Creating asset profiles
00:00 -
Navigating from an offense to an asset
00:00 -
Assets tab
00:00 -
Asset summary
00:00 -
Vulnerabilities
00:00
Investigating an offense that is triggered by flows
-
About flows
00:00 -
Network Activity tab
00:00 -
Grouping flows
00:00 -
Finding an offense
00:00 -
Offense parameters
00:00 -
Top 5 Source and Destination IPs
00:00 -
Top 5 Log Sources
00:00 -
Top 5 Categories
00:00 -
Last 10 Events
00:00 -
Last 10 Flows
00:00 -
Annotations
00:00 -
Base information
00:00 -
Source and destination information
00:00 -
Layer 7 payload
00:00 -
Additional information
00:00 -
Creating a false positive flow or event
00:00 -
Tuning a false positive flow or event
00:00
Using rules and building blocks
-
About rules and building blocks
00:00 -
About rules
00:00 -
About building blocks and functions
00:00 -
Navigating to rules
00:00 -
Finding the rules that fired for an event or flow
00:00 -
Finding the rules that triggered an offense
00:00 -
Rule Wizard demonstration
00:00 -
Rule Wizard
00:00 -
Rule actions
00:00 -
Rule response
00:00
Creating QRadar SIEM reports
-
Reporting introduction
00:00 -
Reporting demonstration
00:00 -
Reports tab
00:00 -
Finding a report
00:00 -
Running a report
00:00 -
Selecting the generated report
00:00 -
Viewing a report
00:00 -
Reporting demonstration
00:00 -
Creating a new report template
00:00 -
Choosing a schedule
00:00 -
Choosing a layout
00:00 -
Defining report contents
00:00 -
Configuring the upper chart
00:00 -
Configuring the lower chart
00:00 -
Verifying the layout preview
00:00 -
Choosing a format
00:00 -
Distributing the report
00:00 -
Adding a description and assigning the group
00:00 -
Verifying the report summary
00:00 -
Viewing the generated report
00:00 -
Best practices when creating reports
00:00
Performing advanced filtering
-
Filtering demonstration
00:00 -
Flows to external destinations
00:00 -
Remote to Remote flows
00:00 -
Scanning activity
00:00 -
Applications not running on the correct port
00:00 -
Data loss
00:00 -
Flows to suspect Internet addresses
00:00 -
Filtering on custom rules and building blocks
00:00 -
Grouping by custom rules
00:00 -
Charts on Log and Network Activity tabs: Grouping
00:00 -
Capturing time-series data
00:00 -
Viewing time series charts: Zooming to focus
00:00
Student Ratings & Reviews
No Review Yet