Arrow Electronics, Inc.

IBM QRadar SIEM Foundations

CODE: ZL1_BQ104

LENGTH: 3 day(s)

PRICE: €2.340,00

Description

IBM Security QRadar enables deep visibility into network, endpoint, user, and application activity. It provides collection, normalization, correlation, and secure storage of events, flows, assets, and vulnerabilities. Suspected attacks and policy breaches are highlighted as offenses. In this course, you learn about the solution architecture, how to navigate the user interface, and how to investigate offenses. You search and analyze the information from which QRadar concluded a suspicious activity. Hands-on exercises reinforce the skills learned.

 

In this 3-day instructor-led course, you learn how to perform the following tasks:

  • Describe how QRadar collects data to detect suspicious activities​​​​​​​
  • Describe the QRadar architecture and data flows
  • Navigate the user interface
  • Define log sources, protocols, and event details
  • Discover how QRadar collects and analyzes network flow information
  • Describe the QRadar Custom Rule Engine
  • Utilize the Use Case Manager app
  • Discover and manage asset information
  • Learn about a variety of QRadar apps, content extensions, and the App Framework
  • Analyze offenses by using the QRadar UI and the Analyst Workflow app
  • Search, filter, group, and analyze security data
  • Use AQL for advanced searches
  • Use QRadar to create customized reports
  • Explore aggregated data management
  • Define sophisticated reporting using Pulse Dashboards
  • Discover QRadar administrative tasks

Extensive lab exercises are provided to allow students an insight into the routine work of an IT Security Analyst operating the IBM QRadar SIEM platform. The exercises cover the following topics:

  • Architecture exercises
  • UI – Overview exercises
  • Log Sources exercises
  • Flows and QRadar Network Insights exercises
  • Custom Rule Engine (CRE) exercises
  • Use Case Manager app exercises
  • Assets exercises
  • App Framework exercises
  • Working with Offenses exercises.
  • Search, filtering, and AQL exercises
  • Reporting and Dashboards exercises
  • QRadar – Admin tasks exercises

The lab environment for this course uses the IBM QRadar SIEM 7.4 platform.

Objectives

After completing this course, you should be able to perform the following tasks:

  • Describe how QRadar collects data to detect suspicious activities
  • Describe the QRadar architecture and data flows
  • Navigate the user interface
  • Define log sources, protocols, and event details
  • Discover how QRadar collects and analyzes network flow information
  • Describe the QRadar Custom Rule Engine
  • Utilize the Use Case Manager app
  • Discover and manage asset information
  • Learn about a variety of QRadar apps, content extensions, and the App Framework
  • Analyze offenses by using the QRadar UI and the Analyst Workflow app
  • Search, filter, group, and analyze security data
  • Use AQL for advanced searches
  • Use QRadar to create customized reports
  • Explore aggregated data management
  • Define sophisticated reporting using Pulse Dashboards
  • Discover QRadar administrative tasks

Audience

This course is designed for security analysts, security technical architects, offense managers, network administrators, and system administrators using QRadar SIEM.

Prerequisites

Before taking this course, make sure that you have the following skills:

  • IT infrastructure
  • IT security fundamentals
  • Linux
  • Windows
  • TCP/IP networking
  • Syslog

Programme

  • Unit 0: IBM Security QRadar 7.4 – Fundamentals 
  • Unit 1: QRadar Architecture
  • Unit 2: QRadar UI – Overview
  • Unit 3: QRadar – Log Source
  • Unit 4: QRadar flows and QRadar Network Insights
  • Unit 5: QRadar Custom Rule Engine (CRE)
  • Unit 6: QRadar Use Case Manager app
  • Unit 7: QRadar – Assets
  • Unit 8: QRadar extensions
  • Unit 9: Working with Offenses
  • Unit 10: QRadar – Search, filtering, and AQL
  • Unit 11: QRadar – Reporting and Dashboards
  • Unit 12: QRadar – Admin Console 

Test and Certification

This is an IBM-issued and IBM-recognized badge that attests that its recipients have demonstrated their knowledge of various QRadar deployments' architecture and key concepts such as user management, domains and tenants, assets, network hierarchy, flows, events, rules, offenses, reference data, data obfuscation, and reporting.

In order to attempt and pass this test, students must have participated in either the ARROW ECS official training for IBM Security QRadar SIEM Foundations (BQ104G), or the self-paced virtual classroom for IBM Security QRadar SIEM Foundations (BQ104XG).

Note: The two hours time estimate on the front page of this course refers to the time it can take to complete the quiz.

Further Information

Prior to enrolling, IBM Employees must follow their Division/Department processes to obtain approval to attend this public training class. Failure to follow Division/Department approval processes may result in the IBM Employee being personally responsible for the class charges.

GBS practitioners that use the EViTA system for requesting external training should use that same process for this course. Go to the EViTA site to start this process: http://w3.ibm.com/services/gbs/evita/BCSVTEnrl.nsf

Once you enroll in a GTP class, you will receive a confirmation letter that should show:

  • The current GTP list price
  • The 20% discounted price is available to IBMers for GTP delivered courses only. This is the price you will be invoiced for the class.

Session Dates
Date
Location
Time Zone
Language
Type
Guaranteed
PRICE

04 Jul 2022

Virtual Classroom (GMT / UTC)

BST

English

Instructor Led Online

€ 2.340,00

05 Sep 2022

Virtual Classroom (GMT / UTC)

BST

English

Instructor Led Online

€ 2.340,00

14 Nov 2022

Virtual Classroom (GMT / UTC)

GMT

English

Instructor Led Online

€ 2.340,00

We also offer sessions in other countries