IBM Security QRadar SIEM Administration

COURSE OUTLINE:

Description

In this course, you will learn how to minimize the time between when suspicious activity occurs and when you detect it. There are a variety of administrative tools you can use to manage a QRadar SIEM deployment. This course covers system configuration, data source configuration, and remote networks, and services configuration.

Audience

QRadar SIEM administrators and professional services personnel managing QRadar SIEM deployments

Prerequisites

Basic knowledge of the purpose and use of a security intelligence platform
Familiarity with the Linux command line interface and PuTTY
Familiarity with Custom Rules engine (CRE) rules
Familiarity with the Ariel database and its purpose in QRadar SIEM
Have attended IBM Security QRadar SIEM Foundations or be able to navigate and use the QRadar SIEM Console

Learning Objectives

Install and manage automatic updates to QRadar SIEM assets
Configure QRadar backup and restore policies
QRadar administration tools to aggregate, review, and interpret metrics
Network hierarchy objects to manage QRadar SIEM objects and groups
Manage QRadar hosts and licenses and deploy assets
Monitor the health of assets in a QRadar deployment
Configure system settings and asset profiles
Configure reasons that QRadar administrators use to close offenses
Create and manage reference sets
Configure user accounts including user profiles and authorizations
Manage QRadar log sources
Store event and flow data
Manage QRadar flow sources
Manage groups that monitor Internet networks and services

Course Outline:

Auto Update
Backup and Recovery
Index and Aggregated Data Management
Network Hierarchy
System Management
License Management
Deployment Actions
High Availability management
System Health and Master Console
System Settings and Asset Profiler Configuration
Custom Offense Close Reasons
Reference Set Management
Authorized Services
Users, User Roles, and Security Profiles
Log Sources
Log Source Extensions
Log Source parsing Ordering
Event and Flow Retention
Flow Sources
Flow Sources Aliases
Remote Networks and Services

RELATED COURSES

Courses
Cyber Security

IBM Security QRadar Incident Forensics Configuration and Usage

In this course, QRadar SIEM administrators learn how to integrate and configure QRadar Incident Forensics in an existing QRadar SIEM deployment. End users such as Security Analysts learn how to use the QRadar Incident Forensics tools to effectively perform network forensics.

Courses
Cyber Security

IBM Security QRadar SIEM Foundations

QRadar SIEM provides deep visibility into network, user, and application activity. It provides collection, normalization, correlation, and secure storage of events, flows, assets, and vulnerabilities. Suspected attacks and policy breaches are highlighted as offenses. In this course, you learn to navigate the user interface and how to investigate offenses. You search and analyze the information from which QRadar SIEM concluded a suspicious activity. Hands-on exercises reinforce the skills learned.

Courses
Cyber Security

Security Policies and Implementation Issues

In this course, you will learn about information security policies and frameworks from the raw organizational mechanics of building, to the psychology of implementation. This course presents an effective balance between technical knowledge and soft skills, and introduces many different concepts of information security in clear, simple terms such as governance, regulator mandates, business drivers, legal considerations, and much more.

In addition to premium instructional content from Jones & Bartlett Learning’s comprehensive Information Systems Security and Assurance (ISSA) curriculum, this course provides access to hands-on paper-based labs, case scenarios, handouts, and eBooks (via CourseSmart).

Certification:

This course covers content within the following industry certification exams:

System Security Certified Practitioner (SSCP) – "Security Operations and Administration" domain
Certified Information Systems Security Professional (CISSP) – two content domains covered
Security + – "Compliance and Operational Security" domain
8570.01 – "Compliance and Operational Security" domain

Courses
Cyber Security

Legal Issues in Information Security

This course provides a unique, in-depth look at the major US federal and state laws that regulate information security and data privacy practices. With content provided by an industry expert, this course provides a comprehensive explanation of the most pertinent regulatory laws; discussing key concepts common to information security, data privacy, and the US legal system. Using examples and exercises, this course incorporates hands-on activities to walk the learner through the entire process of creating an information security program.

In addition to premium instructional content from Jones & Bartlett Learning’s comprehensive Information Systems Security and Assurance (ISSA) curriculum, this course provides access to hands-on Paper-based Labs, Case Scenarios and Handouts, and eBook (via CourseSmart).

Certification:

This course covers content within the following industry certification exam:

Certified Information Systems Security Professional (CISSP) – "Legal, Regulations, Investigation & Compliance" domain covered