IBM Security QRadar SIEM Administration and Advanced Topics



In this course, you will learn how to minimize the time gap between when suspicious activity occurs and when you detect it. There are a variety of administrative tools you can use to manage a QRadar SIEM deployment. The next level of this course focuses on attacks and policy violations. These vulnerabilities leave their footprints in log events and network flows of your IT systems. To connect the dots, QRadar SIEM correlates these scattered events and flows into offenses that alert you to suspicious activities.

This course covers system configuration, data source configuration, and remote networks and services configuration. You will be able to configure processing of uncommon events, work with reference data, and develop custom rules using the skills taught in this course.

  • QRadar SIEM administrators
  • Personnel managing deployments
  • Security administrators
  • Security technical architects
  • Offense managers
  • Professional services using QRadar SIEM
  • Basic knowledge of the purpose and use of a security intelligence platform
  • Familiarity with the Linux command line interface and PuTTY
  • Familiarity with custom rules
  • Familiarity with the Ariel database and its purpose in QRadar SIEM
  • IT infrastructure
  • IT security fundamentals
  • Microsoft Windows
  • TCP/IP networking
  • Log files and events
  • Network flows
Learning Objectives
  • Install and manage automatic updates to QRadar SIEM assets
  • Configure QRadar backup and restore policies
  • Leverage QRadar administration tools to aggregate, review, and interpret metrics
  • Use network hierarchy objects to manage QRadar SIEM objects and groups
  • Manage QRadar hosts and licenses and deploy assets
  • Monitor the health of assets in a QRadar deployment
  • Configure system settings and asset profiles
  • Configure reasons that QRadar administrators use to close offenses
  • Create and manage reference sets
  • Create the credentials used to perform authenticated scans
  • Manage, route, and store event and flow data
  • Use domains in QRadar SIEM to act as a filter for events, flows, scanners, assets, rules, offenses, and retention policies
  • Configure user accounts including user profiles, authentication, and authorizations
  • Manage custom properties for assets, events, and flows
  • Manage QRadar log sources
  • Manage QRadar flow sources
  • Integrate Vulnerability Assessment Scanner results in QRadar SIEM
  • Manage groups that monitor Internet networks and services
  • Create custom log sources to utilize events from uncommon sources
  • Create, maintain, and use reference data collections
  • Develop and optimize custom rules to detect indicators of an attack or policy violation
  1. Auto Update
  2. Backup and Recovery
  3. Index and Aggregated Data Management
  4. Network Hierarchy
  5. System Management
  6. License Management
  7. Deployment Actions
  8. High-Availability Management
  9. System Health and Master Console
  10. System Settings and Asset Profiler Configuration
  11. Custom Offense Close Reasons
  12. Store and Forward
  13. Reference Set Management
  14. Centralized Credentials
  15. Forwarding Destinations
  16. Routing Rules
  17. Domain Management
  18. Users, User Roles, and Security Profiles
  19. Authentication
  20. Authorized Services
  21. Backup and Recovery
  22. Custom Asset Properties
  23. Log Sources
  24. Log Source Groups
  25. Log Source Extensions
  26. Log Source Parsing Ordering
  27. Custom Properties
  28. Event and Flow Retention
  29. Flow Sources
  30. Flow Sources Aliases
  31. VA Scanners
  32. Remote Networks and Services