IBM QRadar SIEM Certification Bootcamp.
Get certified in 4 days!

[Febrero 2024] Updated for the new QRadar 7.5.X certifications and XDR / SOAR capabilities!

When choosing between various SIEM solutions to offer our customers, we were not guided by our preferences, but took into account all aspects of the platform, including its compliance with security standards, its position in the market and the customer experience.
Why IBM QRadar?

  • IBM Security QRadar is a leader in the Gartner Magic Quadrant for SIEM, demonstrating its high position in the SIEM market.
  • It provides intelligent intelligence that enables security teams to respond in any environment by accurately detecting and prioritizing threats across the enterprise to accelerate incident analysis, escalation and remediation.
  • Provides comprehensive security information displayed in a single web-based console.
  • It includes the most comprehensive set of modules (Log Management, Security Intelligence, Network Activity Monitoring, Risk Management, Vulnerability Management and Network Forensics) that ensure a 360° view from an information security perspective.
  • It provides powerful out-of-the-box features that ensure faster deployment and scalability.
  • QRadar is the platform with integrated intelligence to detect threats and prioritize violations.

This technical training, delivered by our IBM certified experts, focuses on the overall architecture of QRadar and its components.
Through this course you will learn how to successfully install, configure and manage this complex and powerful platform.
We will also show you how to detect and react in case of attacks, vulnerabilities and policy violations, minimizing the time lag between the moment a suspicious activity occurs and the moment you detect it.

In 4 days you will have the training you need to pass the certifications, as well as lay the groundwork to operate the product effectively and safely.
There is an optional 5th session for students who wish to pass the exam during the following weeks.

Audience

  • Future QRadar SIEM Security Administrators and Analysts
  • Security administrators
  • Technical safety architects
  • Attack managers
  • Incident response teams
  • QRadar customers
  • SOC Managers
  • CISO

Agenda

Monday

  • QRadar SIEM architecture
  • SW installation and best practices
  • Data collection
  • Dashboards
  • Events
  • Flows
  • Assets
  • Network hierarchy

Tuesday

  • Rules and answers
  • Security Incident Investigation
  • Building blocks
  • Customized properties
  • Management of registration sources
  • Reports and dashboards
  • AQL (Advanced Query Language)
  • Open laboratory

Wednesday

  • QRadar applications we like and use
  • System settings and Asset Profiler configuration
  • Reference Set (use cases)
  • Forwarding destinations
  • Routing rules
  • Domain management
  • Users, user roles and security profiles
  • Authentication options

Thursday

  • Authorized Services
  • Retention of events and flows
  • Create a log source from scratch
  • Working with complex rules and use cases
  • Anomaly detection
  • VA scanners
  • Remote Services and X-Force Exchange

Friday

  • Summary and resolution of doubts
  • QRadar Admin tips, tricks and hacks!
  • Backup and restore
  • Upgrade and migrate the system, including multi-node deployments.
  • Exam simulation (optional)
  • Tips and hints for passing the exam (optional)
  • Ready to get certified!

Requirements

  • Basic knowledge of the purpose and use of a security intelligence platform.
  • Familiarity with the Linux command line interface and PuTTY
  • General knowledge of IT infrastructure
  • Fundamentals of computer security
  • Operating system administration: Linux or UNIX and Windows
  • TCP/IP networks
  • Log files and events
  • Network flows

Ready to get certified!

Students attending this training will be eligible for any of the following professional certifications: C2150-624, QRadar Fundamental Administration C1000-026 and IBM Certified Associate Analyst C1000-018 / C1000-139 / C9005200.

This course is also recommended for students wishing to pass the C2150-614 / C1000-013 / C9003100 – QRadar Deployment Professional in the future.
We also have workshops that cover both deployment and administration, as well as qradar operations and threat analysis If you’re not sure which certification is best for you, we’ve written this article on our blog about the details of each exam.
Read it and let us know if you have more questions.

Need help?

We offer professional and on-demand consulting and technical support services worldwide.
We will be happy to help you succeed with IBM QRadar SIEM.

SiXe Ingeniería
×