Overview
IBM QRadar SIEM provides deep visibility into network, user, and application activity. It provides collection, normalization, correlation, and secure storage of events, flows, assets, and vulnerabilities. Suspected attacks and policy breaches are highlighted as offenses.
This 2-days BQ203G: IBM QRadar SIEM Advanced Topics course walks you through various advanced topics about QRadar such as custom log sources, reference data collections and custom rules, X-Force data and the Threat Intelligence app, UBA and QRadar Advisor, tuning and custom action scripts.
The course also discusses integration with IBM SOAR. Hands-on exercises reinforce the skills learned.
Skills Covered
- Create custom log sources to utilize events from uncommon sources
- Create, maintain, and use reference data collections
- Develop and manage custom rules to detect unusual activity in your network
- Develop and manage custom action scripts to for automated rule response
- Develop and manage anomoly detection rules to detect when unusual network traffic patterns occur
Who Should Attend
- Security administrators
- Security technical architects
- Offense managers
- Professional services using QRadar SIEM
- QRadar SIEM administrators
Course Curriculum
Prerequisites
- IT infrastructure
- IT security fundamentals
- Linux
- Microsoft Windows
- TCP/IP networking
- Log files and events
- Network flows
You should also have completed the IBM QRadar SIEM Foundations course.
Course Modules
Exam & Certification
This course is not associated with any Certification.