IBM Security QRadar Advanced Topics

COURSE OUTLINE:

Description

In this course, you will learn how to minimize the time gap between when a suspicious activity occurs and when you detect it with the use of IBM Security QRadar. Attacks and policy violations leave their footprints in log events and network flows of your IT systems. To connect the dots, QRadar�s security information and event management (SIEM) correlates these scattered events and flows into offenses that alert you to suspicious activities. Using the skills taught in this course, you will be able to configure processing of uncommon events, work with reference data, and develop custom rules.

Audience

  • Security administrators
  • Security technical architects
  • Offense managers
  • Professional services using QRadar SIEM
  • QRadar SIEM administrators

Prerequisites

  • Have completed the IBM Security QRadar SIEM Foundations course
  • Knowledgeable of:
    • IT infrastructure
    • IT security fundamentals
    • Linux
    • Microsoft Windows
    • TCP/IP networking
    • Log files and events

Learning Objectives

  • Create custom log sources to utilize events from uncommon sources
  • Create, maintain, and use reference data collections
  • Develop and optimize custom rules to detect indicators of an attack or policy violation

1. Creating Custom Log Sources
2. Leveraging Reference Data Collections
3. Developing Custom Rules