Cybersecurity analyst training with IBM QRadar SIEM

Module 1 – Introduction

• IBM QRadar SIEM architecture and general concepts
• Collection of external logs and network traces
• Integration with various existing operating systems, applications and security products
• System logs and helpful troubleshooting tools
• Event simulation

Module 2 – Networks and assets

• Definition of internal networks and external services
• Domains, segmentation and multi-tenancy
• Asset detection and auto-configuration

Module 3 – Attack Investigation

• Rulers and building blocks
• Advanced searches and filters
• Event-based offense management and network traces
• Use of ‘reference sets’ and ‘reference maps’.
• Controlling anomalies and behavioral changes
• AQL (Ariel Query Language)
• Connecting with X-Force and using plugins

Module 4 – Case Studies Approach all or some of the following scenarios from an eminently practical approach:

• Fraud and user account theft prevention
• Detecting connections to a malicious external control system
• Identification of port scans followed by login attempts
• Detection of inactive account usage after a long period of time
• Alert to risk actions by a user
• Protection and monitoring of access to sensitive data
• Integration with physical access control systems
• Detection of Wannacry-type malware infections
• Detection of anomalies, changes in thresholds and system and user behavior

Module 5 – QRadar and safety regulations

• Report management
• Using QRadar to comply with ISO/IEC 27001:201
• Access for non-technical users

Module 6 – Doubt resolution and open lab