IBM Security QRadar SIEM Administration

COURSE OUTLINE:

Description

In this course, you will learn how to minimize the time between when suspicious activity occurs and when you detect it. There are a variety of administrative tools you can use to manage a QRadar SIEM deployment. This course covers system configuration, data source configuration, and remote networks, and services configuration.

Audience

QRadar SIEM administrators and professional services personnel managing QRadar SIEM deployments

Prerequisites

Basic knowledge of the purpose and use of a security intelligence platform
Familiarity with the Linux command line interface and PuTTY
Familiarity with Custom Rules engine (CRE) rules
Familiarity with the Ariel database and its purpose in QRadar SIEM
Have attended IBM Security QRadar SIEM Foundations or be able to navigate and use the QRadar SIEM Console

Learning Objectives

Install and manage automatic updates to QRadar SIEM assets
Configure QRadar backup and restore policies
QRadar administration tools to aggregate, review, and interpret metrics
Network hierarchy objects to manage QRadar SIEM objects and groups
Manage QRadar hosts and licenses and deploy assets
Monitor the health of assets in a QRadar deployment
Configure system settings and asset profiles
Configure reasons that QRadar administrators use to close offenses
Create and manage reference sets
Configure user accounts including user profiles and authorizations
Manage QRadar log sources
Store event and flow data
Manage QRadar flow sources
Manage groups that monitor Internet networks and services

Course Outline:

Auto Update
Backup and Recovery
Index and Aggregated Data Management
Network Hierarchy
System Management
License Management
Deployment Actions
High Availability management
System Health and Master Console
System Settings and Asset Profiler Configuration
Custom Offense Close Reasons
Reference Set Management
Authorized Services
Users, User Roles, and Security Profiles
Log Sources
Log Source Extensions
Log Source parsing Ordering
Event and Flow Retention
Flow Sources
Flow Sources Aliases
Remote Networks and Services

RELATED COURSES

Courses
Cyber Security

CompTIA Advanced Security Practitioner (CASP) Prep Course

You have experience in the increasingly crucial field of information security, and now you’re ready to take that experience to the next level. CompTIAï¿½ Advanced Security Practitioner (CASP) (Exam CAS-002) is the course you will need to take if your job responsibilities include securing complex enterprise environments. In this course, you will expand on your knowledge of information security to apply more advanced principles that will keep your organization safe from the many ways it can be threatened. Today’s IT climate demands individuals with demonstrable skills, and the information and activities in this course can help you develop the skill set you need to confidently perform your duties as an advanced security professional. This course is designed for IT professionals who want to acquire the technical knowledge and skills needed to conceptualize, engineer, integrate, and implement secure solutions across complex enterprise environments.

This course can also benefit you if you intend to pass the CompTIA Advanced Security Practitioner (CAS-002) certification examination. What you learn and practice in this course can be a significant part of your preparation.

Courses
Cyber Security

Security Policies and Implementation Issues

In this course, you will learn about information security policies and frameworks from the raw organizational mechanics of building, to the psychology of implementation. This course presents an effective balance between technical knowledge and soft skills, and introduces many different concepts of information security in clear, simple terms such as governance, regulator mandates, business drivers, legal considerations, and much more.

In addition to premium instructional content from Jones & Bartlett Learning’s comprehensive Information Systems Security and Assurance (ISSA) curriculum, this course provides access to hands-on paper-based labs, case scenarios, handouts, and eBooks (via CourseSmart).

Certification:

This course covers content within the following industry certification exams:

System Security Certified Practitioner (SSCP) – "Security Operations and Administration" domain
Certified Information Systems Security Professional (CISSP) – two content domains covered
Security + – "Compliance and Operational Security" domain
8570.01 – "Compliance and Operational Security" domain

Courses
Cyber Security

Dell SonicWALL Secure Mobile Access Advanced Administration

In this course, you will connect to your own iOS or Droid mobile device to access the Mobile Connect client for hands-on participation. You will learn to administer and manage the Secure Mobile Access (SMA) appliance to provide secure, anywhere access to applications and resources for employees, business partners, and other users. You will cover using the Appliance Management Console (AMC) to provide users with secure access to any application-from corporate laptops or un-managed computers-based on secure authentication and authorization policies and appropriate end point control requirements. Students will further learn advanced deployment options and troubleshooting methodologies.

Upon completion of this course, you are encouraged to take the Certified SonicWALL System Professional(CSSP) exam.

For registrations using an application key, you cannot register online; you must call to complete your registration.

Courses
Cyber Security

Securing Your Email with Cisco IronPort C-Series Part II

Who should attend Enterprise messaging managers and system administrators Email system designers and architects Network managers responsible for messaging implementation Prerequisites Attendees should possess the following background knowledge and skills: Experience configuring Cisco IronPort email security appliances through participation in the IronPort Configuration Workshop or equivalent working experience. Solid knowledge of TCP/IP fundamentals, including IP…