About this Course

QRadar SIEM provides deep visibility into network, user, and application activity. It provides collection, normalization, correlation, and secure storage of events, flows, assets, topologies, and vulnerabilities. Suspected attacks and policy breaches are highlighted as offenses. In this course, you learn how to navigate QRadar SIEM to detect anomalies and unusual behavior. Using the skills taught in this course, you can identify and investigate threats and attacks. Hands-on exercises reinforce the skills learned.

Audience Profile

This basic course is for:

• Security Analysts
• Network Administrators
• System Administrators

At Course Completion

Students will be able to:

• Navigating the QRadar SIEM user interface
• Analyzing network activity
• Analyzing log activity
• Discovering servers
• Determining and assessing vulnerabilities
• Investigating offenses
• Creating rules
• Tuning offenses
• Reporting

Prerequisites

You should have the following skills:

• TCP/IP networking
• Familiarity with logfiles and events
• IT security fundamentals

Course Outline

1. Unit 1: Introduction

2. Unit 2: Network Security

3. Unit 3: Dashboard

4. Unit 4: Log Activity

5. Unit 5: Network Activity

6. Unit 6: Advanced Filtering

7. Unit 7: Asset and Vulnerability Assessment

8. Unit 8: Offenses

9. Unit 9: Offense Investigation

10. Unit 10: Rules

11. Unit 11: Tuning

12. Unit 12: Reporting

13. Unit 13: Customer Support