Module 1 – Introduction

• IBM QRadar SIEM architecture and general concepts
• Collection of external logs and network traces
• Integration with the various existing operating systems, applications and security products
• System logs and useful problem-solving tools
• Event simulation

Module 2 – Networks and assets

• Definition of internal networks and external services
• Domains, segmentation and multi-tenancy
• Asset detection and self-configuration

Module 3 – Investigation of offenses

• Rules and building-blocks
• Advanced searches and filters
• Management of event-based offenses and network traces
• Using ‘reference sets’ & ‘reference maps’
• Controlling anomalies and behavioral changes
• AQL (Ariel Query Language)
• Connecting with X-Force and using plugins

Module 4 – Case studies

Address from an eminently practical approach all or some of the following scenarios:

• Preventing fraud and user account theft
• Detecting connections to a malicious external control system
• Identifying port scans followed by login attempts
• Detection of the use of inactive accounts after a long period of time
• Alert to risk actions by a user
• Protecting and tracking access to sensitive data
• Integration with physical access control systems
• Detection of infection by ‘malware’ type Wannacry
• Detection of anomalies, changes in thresholds and behavior of systems and users

Module 5 – QRadar and safety regulations

• Report management
• Using QRadar to comply with ISO/IEC 27001:201
• Access for non-technical users

Module 6 – Doubt Resolution & Open Lab