This training aims to deepen learning advanced security incident analysis with IBM QRadarSIEM, addressing a variety of complex topics to optimize and get the most out of this platform.
During the course we will analyze different use cases based on real-world scenarios using anomaly detection rules using different correlation methodologies for persistent threat detection (APTs),suspicious behaviors and violations of the organization’s security policies. On the other hand, you will learn how to integrate new devices and solutions into QRadar: third-party software, sensors, IoT devices and industrial cybersecurity (OT) tools.
The advanced-level course is aimed at cybersecurity analysts with at least three years of experience in SIEM solutions, whether QRadar, Archsight, or Splunk and a minimum of one year of EXPERIENCE at IBM QRadar performing SOC analyst tasks level 2 or higher. We recommend that students who do not meet these requirements pre-take our operations and administrationcourses.
- Implementing practices in operations with IBM QRadar SIEM
- Managing data structures such as Reference Maps, Sets & Tables for complex threat detection
- Integrating devices, applications and sensors into IBM QRadar SIEM from scratch
- Detection of potential threats based on user behavior
- Configuring automated responses and scripting integration with third-party APIs
- Analysis of patterns and anomalies in the network
- Multi-tenant environments. Adapting rules for multi-client deployments.
- Platform Expansion: Incident Forensics, Network Insights, Vulnerability Manager, Watson Advisor
- 1h of consultancy at no additional cost
- Preparation of official certifications (at no extra cost)
Course length and delivery options
This course is taught over three days from 8:30am to 4pm in both EMEA and America It can be taught in person once the health conditions allow it or online through our virtual classroom.
Need help with QRadar? Do you want to try it?
Our added value
Our courses are deeply oriented to the role to play. It is not the same the needs of mastering a technology for a team of developers, as it is for the people in charge of deploying and managing the infrastructure.
That’s why, beyond commands and tasks, we focus on solving the problems that arise in the day-to-day of each team. We provide our students with the knowledge, competencies and skills required for each project. In addition, our documentation is based on the latest version of each product.
Do you have doubts?
Request a meeting with our instructor without obligation. We will introduce you to the course, show you the materials and the laboratories.