IBM Security QRadar SIEM Administration
COURSE OUTLINE:
In this course, you will learn how to minimize the time between when suspicious activity occurs and when you detect it. There are a variety of administrative tools you can use to manage a QRadar SIEM deployment. This course covers system configuration, data source configuration, and remote networks, and services configuration.
- Basic knowledge of the purpose and use of a security intelligence platform
- Familiarity with the Linux command line interface and PuTTY
- Familiarity with Custom Rules engine (CRE) rules
- Familiarity with the Ariel database and its purpose in QRadar SIEM
- Have attended IBM Security QRadar SIEM Foundations or be able to navigate and use the QRadar SIEM Console
- Install and manage automatic updates to QRadar SIEM assets
- Configure QRadar backup and restore policies
- QRadar administration tools to aggregate, review, and interpret metrics
- Network hierarchy objects to manage QRadar SIEM objects and groups
- Manage QRadar hosts and licenses and deploy assets
- Monitor the health of assets in a QRadar deployment
- Configure system settings and asset profiles
- Configure reasons that QRadar administrators use to close offenses
- Create and manage reference sets
- Configure user accounts including user profiles and authorizations
- Manage QRadar log sources
- Store event and flow data
- Manage QRadar flow sources
- Manage groups that monitor Internet networks and services
- Auto Update
- Backup and Recovery
- Index and Aggregated Data Management
- Network Hierarchy
- System Management
- License Management
- Deployment Actions
- High Availability management
- System Health and Master Console
- System Settings and Asset Profiler Configuration
- Custom Offense Close Reasons
- Reference Set Management
- Authorized Services
- Users, User Roles, and Security Profiles
- Log Sources
- Log Source Extensions
- Log Source parsing Ordering
- Event and Flow Retention
- Flow Sources
- Flow Sources Aliases
- Remote Networks and Services