Cybersecurity analyst training with IBM QRadar SIEM

El curso SQR01 es el primero de una serie cursos desarrollados a medida por nuestros expertos para permitirá formarse como analista en ciber-seguridad con IBM QRadar SIEM. La duración de esta capacitación es de 4 días.

You will have the expertise of our QRadar SIEM certified consultants, the support of official IBM materials, and a complex, dedicated lab environment that simulates a QRadar productive environment. Through different eminently practical scenarios you will be able to acquire the necessary skills to start getting the most out of this powerful tool.

Future cybersecurity analysts with IBM QRadar SIEM

Module 1 – Introduction

  • IBM QRadar SIEM architecture and general concepts
  • Collection of external logs and network traces
  • Integration with the various existing operating systems, applications and security products
  • System logs and useful problem-solving tools
  • Event simulation

Module 2 – Networks and assets

  • Definition of internal networks and external services
  • Domains, segmentation and multi-tenancy
  • Asset detection and self-configuration

Module 3 – Investigation of offenses

  • Rules and building-blocks
  • Advanced searches and filters
  • Management of event-based offenses and network traces
  • Using ‘reference sets’ & ‘reference maps’
  • Controlling anomalies and behavioral changes
  • AQL (Ariel Query Language)
  • Connecting with X-Force and using plugins

Module 4 – Case studies

Address from an eminently practical approach all or some of the following scenarios:

  • Preventing fraud and user account theft
  • Detecting connections to a malicious external control system
  • Identifying port scans followed by login attempts
  • Detection of the use of inactive accounts after a long period of time
  • Alert to risk actions by a user
  • Protecting and tracking access to sensitive data
  • Integration with physical access control systems
  • Detection of infection by ‘malware’ type Wannacry
  • Detection of anomalies, changes in thresholds and behavior of systems and users

Module 5 – QRadar and safety regulations

  • Report management
  • Using QRadar to comply with ISO/IEC 27001:201
  • Access for non-technical users

Module 6 – Doubt Resolution & Open Lab

También realizamos formación, workshops, seminarios y charlas técnicas a medida. Consúltenos sin compromiso.