IBM Security QRadar SIEM Administration

Start Date	Class Duration	Session(s)	Price
Global Knowledge - Online
Jul 09, 2018	3 Days	Jul 09, 2018	$ 2,395.00	Add to Cart

COURSE OUTLINE:

Description

In this course, you will learn how to minimize the time between when suspicious activity occurs and when you detect it. There are a variety of administrative tools you can use to manage a QRadar SIEM deployment. This course covers system configuration, data source configuration, and remote networks, and services configuration.

Audience

QRadar SIEM administrators and professional services personnel managing QRadar SIEM deployments

Prerequisites

Basic knowledge of the purpose and use of a security intelligence platform
Familiarity with the Linux command line interface and PuTTY
Familiarity with Custom Rules engine (CRE) rules
Familiarity with the Ariel database and its purpose in QRadar SIEM
Have attended IBM Security QRadar SIEM Foundations or be able to navigate and use the QRadar SIEM Console

Learning Objectives

Install and manage automatic updates to QRadar SIEM assets
Configure QRadar backup and restore policies
QRadar administration tools to aggregate, review, and interpret metrics
Network hierarchy objects to manage QRadar SIEM objects and groups
Manage QRadar hosts and licenses and deploy assets
Monitor the health of assets in a QRadar deployment
Configure system settings and asset profiles
Configure reasons that QRadar administrators use to close offenses
Create and manage reference sets
Configure user accounts including user profiles and authorizations
Manage QRadar log sources
Store event and flow data
Manage QRadar flow sources
Manage groups that monitor Internet networks and services

Course Outline:

Auto Update
Backup and Recovery
Index and Aggregated Data Management
Network Hierarchy
System Management
License Management
Deployment Actions
High Availability management
System Health and Master Console
System Settings and Asset Profiler Configuration
Custom Offense Close Reasons
Reference Set Management
Authorized Services
Users, User Roles, and Security Profiles
Log Sources
Log Source Extensions
Log Source parsing Ordering
Event and Flow Retention
Flow Sources
Flow Sources Aliases
Remote Networks and Services

RELATED COURSES

Courses
Cyber Security

CISSP-ISSAP Certification Prep Course

This course is designed for those who hold their CISSP certification and would like to specialize in advanced expertise in information security architecture I for designing security solutions and providing management with risk-based guidance to meet organizational needs.

Gain the skills needed to develop a business continuity plan (BCP) and disaster recovery plan (DRP) for an organization through an understanding of identifying adverse events that could potentially threaten an organization’s ability to thrive.

This course is your one source for exam preparation that includes:

Official (ISC)² CISSP-ISSAP Training Handbook
Official (ISC)² CISSP-ISSAP Flash Cards
CISSP-ISSAP Certification Exam Voucher

Courses
Cyber Security

Security+ Certification Boot Camp

CompTIA’s Security+ is the premier vendor-neutral security certification and is included in the approved list of certifications to meet DoD Directive 8570.1 requirements. Our Security+ courseware has received the CompTIA Approved Quality Content (CAQC) symbol assuring you that all test objectives are covered in the training material.

This course provides exam preparation and includes pre-class online access to:

Security+ reading plan
Security+ review guide
Security+ certification practice exams

During class, you’ll have access to:

Security+ student manual
Additional Security+ practice exam questions
Comprehension exercises, study digest, and quick reference card

The Security+ exam administered on the last day is optional based on preparedness. You have the option to receive an exam voucher and take the exam at a later date.

Courses
Cyber Security

Implementing Cisco IOS Network Security

This five-day course focuses on the necessity of a comprehensive security policy and how it affects the posture of the network. Learners will be able to perform basic tasks to secure a small branch type office network using Cisco IOS security features available through web-based GUIs (Cisco Router and Security Device Manager [SDM]) and the command-line interface (CLI) on the Cisco routers and switches.

Courses
Cyber Security

F5 BIG-IP Application Security Manager (ASM) v11x

In this course, you will learn how to manage web-based and XML application attacks and how to use Application Security Manager to defend against these attacks.

You will cover installation, configuration, management, security policy building, traffic learning, and implementation of Application Security Manager in both stand-alone and modular configurations.