Introduction to Threat Analysis with IBM QRadar SIEM

Architecture, operations and general use of the product

This is the first of IBM QRadar SIEM’s official courses, aimed at security analysts with no previous experience with the product and three days of duration. This course lays the foundation for the different certifications of the product for which we have tailor-made workshops.

QRadar SIEM provides deep visibility into the network, user, and application activity. Provides collection, normalization, correlation, and secure storage of events, flows, assets, and vulnerabilities. Alleged attacks and violations of policies stand out as incidents to be investigated. In this course, you will learn how to navigate the user interface and how to investigate these incidents. Practical exercises reinforce the skills learned.

Security analysts or SIEM tool admins with no experience in QRadar

  • Describe the purpose and capabilities of the QRadar SIEM licensed program
  • Describe how QRadar SIEM collects data and performs vulnerability assessments
  • Navigate and customize the dashboard tab
  • Investigate the information contained in an offense and respond to an offense
  • Find, filter and group events to gain critical knowledge about crime
  • Create and edit a search that monitors suspicious host events
  • Learn how asset profiles are created and updated, and how to use them as part of an offensive investigation
  • Investigate flows that contribute to an offense, create and sharpen false positives, and investigate superflows
  • Find custom rules in the QRadar SIEM console, assign actions and responses to the rule, and how to configure rules
  • Use charts and apply advanced filters to examine specific activities in your environment.
  • Unit 1: Introduction to IBM Security QRadar SIEM
  • Unit 2: How QRadar SIEM collects security data
  • Unit 3: Using the QRadar SIEM Dashboard
  • Unit 4: Investigating an offense that is triggered by events
  • Unit 5: Investigating the events of an offense
  • Unit 6: Using asset profiles to investigate offenses
  • Unit 7: Investigating an offense that is triggered by flows
  • Unit 8: Using rules and building blocks
  • Unit 9: Creating QRadar SIEM reports
  • Unit 10: Performing advanced filtering
We also conduct tailor-made training, seminars and technical talks. On this website you have more information about it.