Learn Security Incidents and Event Management with QRadar (Foundation) Course

Download Course Contents

Security Incidents and Event Management with QRadar (Foundation) Course Overview

The Security Incidents and Event Management with QRadar (Foundation) course provides a fundamental introduction to the IBM QRadar Security Intelligence Platform, the company’s premier security logging and analytics tool. The course examines the key components of QRadar including Log Activity and Network Activity. The overall structure of the system and the integration process with third-party solutions are also covered.
The course begins with an overview of the system components and architecture, while delving further into the overall data and log activity. Concepts such as log formats and sources, along with management and retention policies are discussed in detail. Other topics include the QRadar SOC, rules, event correlation and analytics, as well as reports and dashboards. At the end of the course, students will be able to use the platform to search, investigate and analyze security-related incidents.

This is a Rare Course and it can be take up to 3 weeks to arrange the training.


The 1-on-1 Advantage

Get 1-on-1 session with our expert trainers at a date & time of your convenience.

Flexible Dates

Start your session at a date of your choice-weekend & evening slots included, and reschedule if necessary.

4-Hour Sessions

Training never been so convenient- attend training sessions 4-hour long for easy learning.

Destination Training

Attend trainings at some of the most loved cities such as Dubai, London, Delhi(India), Goa, Singapore, New York and Sydney.

You will learn:

Module 1: Introduction to IBM Security QRadar SIEM
  • Purposes of QRadar SIEM
  • QRadar SIEM and the IBM Security Framework
  • Identifying suspected attacks and policy breaches
  • Providing context
  • Key QRadar SIEM capabilities
  • QRadar SIEM Console
  • Normalizing log messages to events
  • Event collection and processing
  • Flow collection and processing
  • Reporting
  • Asset profiles
  • Active scanners
  • QRadar Vulnerability Manager scanner
  • Gathering asset information
  • Navigating the Dashboard tab
  • Dashboard overview
  • Default dashboard
  • QRadar SIEM tabs
  • Other menu options
  • Context-sensitive help
  • Dashboard refresh
  • Dashboard variety
  • Creating a custom dashboard
  • Managing dashboard items
  • Introduction to offenses
  • Creating and rating offenses
  • Instructor demonstration of offense parameters
  • Selecting an offense to investigate
  • Offense Summary window
  • Offense parameters
  • Top 5 Source IPs
  • Top 5 Destination IPs
  • Top 5 Log Sources
  • Top 5 Users
  • Top 5 Categories
  • Last 10 Events
  • Last 10 Flows
  • Annotations
  • Offense Summary toolbar
  • Lesson 4 Acting on an offense
  • Offense actions
  • Offense status and flags
  • Navigating to the events
  • List of events
  • Event details: Base information
  • Event details: Reviewing the raw event
  • Event details: Additional details
  • Returning to the list of events
  • Filtering events
  • Applying a Quick Filter to the payload
  • Using another filter option
  • Grouping events
  • Grouping events by low-level category
  • Removing grouping criteria
  • Viewing a range of events
  • Monitoring the scanning host
  • Saving search criteria
  • Event list using the saved search
  • About Quick Searches
  • Using alternative methods to create and edit searches
  • Finding and loading a saved search
  • Search actions
  • Adding a saved search as a dashboard item
  • Saving a search as a dashboard item
  • Enabling time-series data
  • Selecting the time range
  • Displaying 24 hours in a dashboard item
  • Modifying items in the chart type table
  • About asset profiles
  • Creating asset profiles
  • Navigating from an offense to an asset
  • Assets tab
  • Asset summary
  • Vulnerabilities
  • About flows
  • Network Activity tab
  • Grouping flows
  • Finding an offense
  • Offense parameters
  • Top 5 Source and Destination IPs
  • Top 5 Log Sources
  • Top 5 Categories
  • Last 10 Events
  • Last 10 Flows
  • Annotations
  • Base information
  • Source and destination information
  • Layer 7 payload
  • Additional information
  • Creating a false positive flow or event
  • Tuning a false positive flow or event
  • About rules and building blocks
  • About rules
  • About building blocks and functions
  • Navigating to rules
  • Finding the rules that fired for an event or flow
  • Finding the rules that triggered an offense
  • Rule Wizard demonstration
  • Rule Wizard
  • Rule actions
  • Rule response
  • Reporting introduction
  • Reporting demonstration
  • Reports tab
  • Finding a report
  • Running a report
  • Selecting the generated report
  • Viewing a report
  • Reporting demonstration
  • Creating a new report template
  • Choosing a schedule
  • Choosing a layout
  • Defining report contents
  • Configuring the upper chart
  • Configuring the lower chart
  • Verifying the layout preview
  • Choosing a format
  • Distributing the report
  • Adding a description and assigning the group
  • Verifying the report summary
  • Viewing the generated report
  • Best practices when creating reports
  • Filtering demonstration
  • Flows to external destinations
  • Remote to Remote flows
  • Scanning activity
  • Applications not running on the correct port
  • Data loss
  • Flows to suspect Internet addresses
  • Filtering on custom rules and building blocks
  • Grouping by custom rules
  • Charts on Log and Network Activity tabs: Grouping
  • Charts on Log and Network Activity tabs: Time range
  • Capturing time-series data
  • Viewing time series charts: Zooming to focus
Live Online Training (Duration : 16 Hours) 1350 + If you accept merging of other students. Per Participant & excluding VAT/GST
We Offer :
  • 1-on-1 Public - Select your own start date. Other students can be merged.
  • 1-on-1 Private - Select your own start date. You will be the only student in the class.

4 Hours
8 Hours
Week Days

Start Time : At any time

12 AM
12 PM

1-On-1 Training is Guaranteed to Run (GTR)
Group Training
Date On Request
Course Prerequisites

This course is designed for anyone working with accurate and secure data. There are no prerequisites for this course, however, some prior knowledge and experience of incident response, event management, network and system security concepts, and security compliance is beneficial. Additionally, a basic understanding of IBM QRadar and some basic Linux/Unix command-line experience also help.

Target Audience

The target audience for Security Incidents and Event Management with QRadar (Foundation) training is security professionals, IT staff, and system administrators with basic knowledge of networking and security concepts
The training is suitable for individuals managing security operations and monitoring security incidents
It also provides an introduction to log management, analytics, and risk management
Persons with a technical background including system architects, system engineers, security architects, compliance managers, security analysts, and technical support staff can also benefit from this training
The course will also be beneficial for individuals looking for the IBM Certified Associate - Security QRadar Practice Exam

Learning Objectives of Security Incidents and Event Management with QRadar (Foundation)

The Security Incidents and Event Management with QRadar (Foundation) Training will provide learners with the ability to identify, prioritize and respond to security threats on their networks. Participants will learn how to use QRadar to monitor activity, identify threats and respond to cyber-attacks. They will gain awareness of the functions, features and components of QRadar to operate an SIEM solution. This course will also teach them to design and develop queries, rule creation and modify QRadar preferences. Participants will also master the usage of custom reporting, visualizations and dashboards for analyzing events. By the end of this course, learners will be able to achieve compliance and perform forensic analysis.
Student Name Feedback
Jonathan Wagner
United States
A1. He has been very calm and friendly!


Yes, course requiring practical include hands-on labs.
Yes, you can pay from the course page and flexi page.
To receive an acknowledgment of your online payment, you should have a valid email address. At the point when you enter your name, Visa, and other data, you have the option of entering your email address. Would it be a good idea for you to decide to enter your email address, confirmation of your payment will be emailed to you.
You will receive the letter of course attendance post training completion via learning enhancement tool after registration.
1-on-1 Public - Select your start date. Other students can be merged.
1-on-1 Private - Select your start date. You will be the only student in the class.
Yes, we do offer corporate training More details
Yes, we do.
Yes, we also offer weekend classes.
Yes, Koenig follows a BYOL(Bring Your Own Laptop) policy.
You can buy online from the page by clicking on "Buy Now". You can view alternate payment method on payment options page.
After you submit your payment, you will land on the payment confirmation screen.It contains your payment confirmation message. You will likewise get a confirmation email after your transaction is submitted.
You can pay through debit/credit card or bank wire transfer.
Yes you can request your customer experience manager for the same.
We do accept all major credit cards from Visa, Mastercard, American Express, and Discover.
Credit card transactions normally take 48 hours to settle. Approval is given right away; however,it takes 48 hours for the money to be moved.
Yes, we do accept partial payments, you may use one payment method for part of the transaction and another payment method for other parts of the transaction.
Yes, if we have an office in your city.
Yes, the site is secure by utilizing Secure Sockets Layer (SSL) Technology. SSL technology enables the encryption of sensitive information during online transactions. We use the highest assurance SSL/TLS certificate, which ensures that no unauthorized person can get to your sensitive payment data over the web.
We use the best standards in Internet security. Any data retained is not shared with third parties.
You can request a refund if you do not wish to enroll in the course.
Yes you can.
Yes, we do. For details go to flexi
It is recommended but not mandatory. Being acquainted with the basic course material will enable you and the trainer to move at a desired pace during classes.You can access courseware for most vendors.
Yes, this is our official email address which we use if a recipient is not able to receive emails from our @koenig-solutions.com email address.
Buy-Now. Pay-Later option is available using credit card in USA and India only.

Prices & Payments

Yes of course.
Yes, We are

Travel and Visa

Yes we do after your registration for course.

Food and Beverages



Says our CEO-
“It is an interesting story and dates back half a century. My father started a manufacturing business in India in the 1960's for import substitute electromechanical components such as microswitches. German and Japanese goods were held in high esteem so he named his company Essen Deinki (Essen is a well known industrial town in Germany and Deinki is Japanese for electric company). His products were very good quality and the fact that they sounded German and Japanese also helped. He did quite well. In 1970s he branched out into electronic products and again looked for a German name. This time he chose Koenig, and Koenig Electronics was born. In 1990s after graduating from college I was looking for a name for my company and Koenig Solutions sounded just right. Initially we had marketed under the brand of Digital Equipment Corporation but DEC went out of business and we switched to the Koenig name. Koenig is difficult to pronounce and marketeers said it is not a good choice for a B2C brand. But it has proven lucky for us.” – Says Rohit Aggarwal (Founder and CEO - Koenig Solutions)
All our trainers are fluent in English . Majority of our customers are from outside India and our trainers speak in a neutral accent which is easily understandable by students from all nationalities. Our money back guarantee also stands for accent of the trainer.
Medical services in India are at par with the world and are a fraction of costs in Europe and USA. A number of our students have scheduled cosmetic, dental and ocular procedures during their stay in India. We can provide advice about this, on request.
Yes, if you send 4 participants, we can offer an exclusive training for them which can be started from Any Date™ suitable for you.