Overview

IBM QRadar SIEM provides deep visibility into network, user, and application activity. It provides collection, normalization, correlation, and secure storage of events, flows, assets, and vulnerabilities. Suspected attacks and policy breaches are highlighted as offenses.

This 2-days BQ203G: IBM QRadar SIEM Advanced Topics course walks you through various advanced topics about QRadar such as custom log sources, reference data collections and custom rules, X-Force data and the Threat Intelligence app, UBA and QRadar Advisor, tuning and custom action scripts.

The course also discusses integration with IBM SOAR. Hands-on exercises reinforce the skills learned.

Skills Covered

  • Create custom log sources to utilize events from uncommon sources
  • Create, maintain, and use reference data collections
  • Develop and manage custom rules to detect unusual activity in your network
  • Develop and manage custom action scripts to for automated rule response
  • Develop and manage anomoly detection rules to detect when unusual network traffic patterns occur

Who Should Attend

  • Security administrators
  • Security technical architects
  • Offense managers
  • Professional services using QRadar SIEM
  • QRadar SIEM administrators

Course Curriculum

Prerequisites

  • IT infrastructure
  • IT security fundamentals
  • Linux
  • Microsoft Windows
  • TCP/IP networking
  • Log files and events
  • Network flows

You should also have completed the IBM QRadar SIEM Foundations course.

Download Syllabus

Course Modules

Request More Information

Training Options

Intake: Available Upon Request
Duration: 2 Days
Guaranteed: TBC
Modality: VILT
Price:

RM6,780.00