Open Source/Security Incidents and Event Management with QRadar (Foundation)

Download Course Contents

Security Incidents and Event Management with QRadar (Foundation) Course Overview

QRadar SIEM offers deep insight into network, user, and application activity. It provides collection, normalization, correlation, and secure storage of events, flows, assets, and vulnerabilities. Suspected alleged attacks and policy breaches are highlighted as offenses. In this course, one learns to traverse the user interface and investigate offenses. Participants are trained to search and analyze the information from which QRadar SIEM concludes a suspicious activity. Hands-on exercises reinforce the skills learned.

Audience: The course is meant for:

  • Security Analysts
  • Security Technical Architects
  • Offense Managers
  • Network Administrators
  • System Administrators

This is a Rare Course and it can be take up to 3 weeks to arrange the training.

  • 1. Do you have limited Window for training?
  • 2. Can you only spend 4-hours per day?
  • 3. Do you want to start training immediately?
  • If your answer is yes to any one of the above, you need 1-on-1- Training
The 1-on-1 Advantage
Flexible Dates
4-Hour Sessions
  • View video
  • The course will be free if we are not able to start within 7 days of booking.
  • Only applicable for courses on which this logo appears.

Your will learn:

Module 1: Introduction to IBM Security QRadar SIEM
  • Purposes of QRadar SIEM
  • QRadar SIEM and the IBM Security Framework
  • Identifying suspected attacks and policy breaches
  • Providing context
  • Key QRadar SIEM capabilities
  • QRadar SIEM Console
  • Normalizing log messages to events
  • Event collection and processing
  • Flow collection and processing
  • Reporting
  • Asset profiles
  • Active scanners
  • QRadar Vulnerability Manager scanner
  • Gathering asset information
  • Navigating the Dashboard tab
  • Dashboard overview
  • Default dashboard
  • QRadar SIEM tabs
  • Other menu options
  • Context-sensitive help
  • Dashboard refresh
  • Dashboard variety
  • Creating a custom dashboard
  • Managing dashboard items
  • Introduction to offenses
  • Creating and rating offenses
  • Instructor demonstration of offense parameters
  • Selecting an offense to investigate
  • Offense Summary window
  • Offense parameters
  • Top 5 Source IPs
  • Top 5 Destination IPs
  • Top 5 Log Sources
  • Top 5 Users
  • Top 5 Categories
  • Last 10 Events
  • Last 10 Flows
  • Annotations
  • Offense Summary toolbar
  • Lesson 4 Acting on an offense
  • Offense actions
  • Offense status and flags
  • Navigating to the events
  • List of events
  • Event details: Base information
  • Event details: Reviewing the raw event
  • Event details: Additional details
  • Returning to the list of events
  • Filtering events
  • Applying a Quick Filter to the payload
  • Using another filter option
  • Grouping events
  • Grouping events by low-level category
  • Removing grouping criteria
  • Viewing a range of events
  • Monitoring the scanning host
  • Saving search criteria
  • Event list using the saved search
  • About Quick Searches
  • Using alternative methods to create and edit searches
  • Finding and loading a saved search
  • Search actions
  • Adding a saved search as a dashboard item
  • Saving a search as a dashboard item
  • Enabling time-series data
  • Selecting the time range
  • Displaying 24 hours in a dashboard item
  • Modifying items in the chart type table
  • About asset profiles
  • Creating asset profiles
  • Navigating from an offense to an asset
  • Assets tab
  • Asset summary
  • Vulnerabilities
  • About flows
  • Network Activity tab
  • Grouping flows
  • Finding an offense
  • Offense parameters
  • Top 5 Source and Destination IPs
  • Top 5 Log Sources
  • Top 5 Categories
  • Last 10 Events
  • Last 10 Flows
  • Annotations
  • Base information
  • Source and destination information
  • Layer 7 payload
  • Additional information
  • Creating a false positive flow or event
  • Tuning a false positive flow or event
  • About rules and building blocks
  • About rules
  • About building blocks and functions
  • Navigating to rules
  • Finding the rules that fired for an event or flow
  • Finding the rules that triggered an offense
  • Rule Wizard demonstration
  • Rule Wizard
  • Rule actions
  • Rule response
  • Reporting introduction
  • Reporting demonstration
  • Reports tab
  • Finding a report
  • Running a report
  • Selecting the generated report
  • Viewing a report
  • Reporting demonstration
  • Creating a new report template
  • Choosing a schedule
  • Choosing a layout
  • Defining report contents
  • Configuring the upper chart
  • Configuring the lower chart
  • Verifying the layout preview
  • Choosing a format
  • Distributing the report
  • Adding a description and assigning the group
  • Verifying the report summary
  • Viewing the generated report
  • Best practices when creating reports
  • Filtering demonstration
  • Flows to external destinations
  • Remote to Remote flows
  • Scanning activity
  • Applications not running on the correct port
  • Data loss
  • Flows to suspect Internet addresses
  • Filtering on custom rules and building blocks
  • Grouping by custom rules
  • Charts on Log and Network Activity tabs: Grouping
  • Charts on Log and Network Activity tabs: Time range
  • Capturing time-series data
  • Viewing time series charts: Zooming to focus
Live Online Training (Duration : 16 Hours) Fee On Request
Group Training Date On Request
1-on-1 Training
4 Hours
8 Hours
Week Days

Start Time : At any time

12 AM
12 PM

1-On-1 Training is Guaranteed to Run (GTR)
Classroom Training (Available: London, Dubai, India, Sydney, Vancouver)
Duration : On Request
Fee : On Request
On Request
Classroom Training is available. Enquire for the fee Click
Comfort Track

If you think 16 hours is too fast, we can offer Comfort Track for 32 hours

Course Prerequisites

Basic Netwrok and Server administration Knowledge.

Upon Completion of this Course, you will accomplish following:-

  • Describe how QRadar SIEM collects data to detect suspicious activities
  • Navigate and customize the QRadar SIEM dashboard
  • Investigate suspected attacks and policy breaches
  • Search, filter, group, and analyze security data
  • Investigate the vulnerabilities and services of assets
  • Locate custom rules and inspect actions and responses of rules
  • Use QRadar SIEM to create reports
  • Use charts and apply advanced filters to examine specific activities in your environment

Give an edge to your career with Cyber Security certification training courses. Students can join the classes for Security Incidents and Event Management with QRadar (Foundation) Training & Certification Course at Koenig Campus located at New Delhi, Bengaluru, Shimla, Goa, Dehradun, Dubai & Instructor-Led Online.

Request More Information

Add Name and Email Address of participant (If different from you)


The Fee includes:
  • Courseware
  • Remote Labs
Yes, Koenig Solutions is a Open Source Learning Partner