Open Source/Security Incidents and Event Management with QRadar (Foundation)

Overview Schedule & Fees Course Benefits Student Feedback FAQ Course Modules

Security Incidents and Event Management with QRadar (Foundation) Course Overview

QRadar SIEM offers deep insight into network, user, and application activity. It provides collection, normalization, correlation, and secure storage of events, flows, assets, and vulnerabilities. Suspected alleged attacks and policy breaches are highlighted as offenses. In this course, one learns to traverse the user interface and investigate offenses. Participants are trained to search and analyze the information from which QRadar SIEM concludes a suspicious activity. Hands-on exercises reinforce the skills learned.

Audience: The course is meant for:

Security Analysts
Security Technical Architects
Offense Managers
Network Administrators
System Administrators

This is a Rare Course and it can be take up to 3 weeks to arrange the training.

The 1-on-1 Advantage

Methodology

Flexible Dates

• Choose Start Date
• Reschedule After Booking
• Week-end / Evening Option

4-Hour Sessions

• View video
• The course will be free if we are not able to start within 7 days of booking.
• Only applicable for courses on which this logo appears.

Your will learn:

Module 1: Introduction to IBM Security QRadar SIEM

Purposes of QRadar SIEM
QRadar SIEM and the IBM Security Framework
Identifying suspected attacks and policy breaches
Providing context
Key QRadar SIEM capabilities
QRadar SIEM Console

Module 2: How QRadar SIEM collects security data

Normalizing log messages to events
Event collection and processing
Flow collection and processing
Reporting
Asset profiles
Active scanners
QRadar Vulnerability Manager scanner
Gathering asset information

Module 3: Using the QRadar SIEM dashboard

Navigating the Dashboard tab
Dashboard overview
Default dashboard
QRadar SIEM tabs
Other menu options
Context-sensitive help
Dashboard refresh
Dashboard variety
Creating a custom dashboard
Managing dashboard items

Module 4: Investigating an offense that is triggered by events

Introduction to offenses
Creating and rating offenses
Instructor demonstration of offense parameters
Selecting an offense to investigate
Offense Summary window
Offense parameters
Top 5 Source IPs
Top 5 Destination IPs
Top 5 Log Sources
Top 5 Users
Top 5 Categories
Last 10 Events
Last 10 Flows
Annotations
Offense Summary toolbar
Lesson 4 Acting on an offense
Offense actions
Offense status and flags

Module 5: Investigating the events of an offense

Navigating to the events
List of events
Event details: Base information
Event details: Reviewing the raw event
Event details: Additional details
Returning to the list of events
Filtering events
Applying a Quick Filter to the payload
Using another filter option
Grouping events
Grouping events by low-level category
Removing grouping criteria
Viewing a range of events
Monitoring the scanning host
Saving search criteria
Event list using the saved search
About Quick Searches
Using alternative methods to create and edit searches
Finding and loading a saved search
Search actions
Adding a saved search as a dashboard item
Saving a search as a dashboard item
Enabling time-series data
Selecting the time range
Displaying 24 hours in a dashboard item
Modifying items in the chart type table

Module 6: Using asset profiles to investigate offenses

About asset profiles
Creating asset profiles
Navigating from an offense to an asset
Assets tab
Asset summary
Vulnerabilities

Module 7: Investigating an offense that is triggered by flows

About flows
Network Activity tab
Grouping flows
Finding an offense
Offense parameters
Top 5 Source and Destination IPs
Top 5 Log Sources
Top 5 Categories
Last 10 Events
Last 10 Flows
Annotations
Base information
Source and destination information
Layer 7 payload
Additional information
Creating a false positive flow or event
Tuning a false positive flow or event

Module 8: Using rules and building blocks

About rules and building blocks
About rules
About building blocks and functions
Navigating to rules
Finding the rules that fired for an event or flow
Finding the rules that triggered an offense
Rule Wizard demonstration
Rule Wizard
Rule actions
Rule response

Module 9: Creating QRadar SIEM reports

Reporting introduction
Reporting demonstration
Reports tab
Finding a report
Running a report
Selecting the generated report
Viewing a report
Reporting demonstration
Creating a new report template
Choosing a schedule
Choosing a layout
Defining report contents
Configuring the upper chart
Configuring the lower chart
Verifying the layout preview
Choosing a format
Distributing the report
Adding a description and assigning the group
Verifying the report summary
Viewing the generated report
Best practices when creating reports

Module 10: Performing advanced filtering

Filtering demonstration
Flows to external destinations
Remote to Remote flows
Scanning activity
Applications not running on the correct port
Data loss
Flows to suspect Internet addresses
Filtering on custom rules and building blocks
Grouping by custom rules
Charts on Log and Network Activity tabs: Grouping
Charts on Log and Network Activity tabs: Time range
Capturing time-series data
Viewing time series charts: Zooming to focus

Live Online Training (Duration : 16 Hours) Fee On Request

Group Training Date On Request	1-on-1 Training 4 Hours 8 Hours Week Days Weekend Start Time : At any time 12 AM 12 PM Training Schedule: 1-On-1 Training is Guaranteed to Run (GTR)

Classroom Training is available. Enquire for the fee Click

Comfort Track

If you think 16 hours is too fast, we can offer Comfort Track for 32 hours

Customers who buy this course also buy

Business Writing Skills Certification Training

Cyber Security Awareness

Terraform Certification Training Course

Terraform with Azure Certification Training Course

Kubernetes Administration Using Docker Training Certification Course

PCAP: Certified Associate in Python Programming certification Course

Project Management Fundamentals Training

React JS Certification and Training Course

Terraform with AWS

User Acceptance Certified Tester Certification Course

Course Prerequisites

Basic Netwrok and Server administration Knowledge.

Upon Completion of this Course, you will accomplish following:-

Describe how QRadar SIEM collects data to detect suspicious activities
Navigate and customize the QRadar SIEM dashboard
Investigate suspected attacks and policy breaches
Search, filter, group, and analyze security data
Investigate the vulnerabilities and services of assets
Locate custom rules and inspect actions and responses of rules
Use QRadar SIEM to create reports
Use charts and apply advanced filters to examine specific activities in your environment

Give an edge to your career with Cyber Security certification training courses. Students can join the classes for Security Incidents and Event Management with QRadar (Foundation) Training & Certification Course at Koenig Campus located at New Delhi, Bengaluru, Shimla, Goa, Dehradun, Dubai & Instructor-Led Online.

Trending Technologies

Cloud Computing

Security

Fundamentals

Digital Transformation

Cyber Security

Information Security

DevOps

Business Analysis

End-User

Artificial Intelligence (AI)

Request More Information

Add Name and Email Address of participant (If different from you)

Request a call back?

FAQ's

The Fee includes:

Courseware
Remote Labs

Yes, Koenig Solutions is a Open Source Learning Partner

We offer below courses: Certified Ethical Hacker V11 -CEH-v11 - CompTIA Cybersecurity Analyst (CySA+) - CompTIA-SY0-601-Security+ - Certified Application Security Engineer .NET - Certified Threat Intelligence Analyst (CTIA) - EC-Council Certified Incident Handler (ECIH V2) - Certified Penetration Testing Professional - CPENT - Oracle Database Security: Preventive Controls Ed 1 - EC-Council Disaster Recovery Professional v3 -