New Cybersecurity Analyst Certification with QRadar SIEM 7.4.3

Just came out of the first of the new IBM QRadar SIEM certifications. As always, they have started with the simplest one, the analyst. It is intended for professionals who wish to validate their knowledge of QRadar SIEM in version 7.4.3. The exam is C1000-139, entitled “IBM Security QRadar SIEM V7.4.3 – Analysis” and the certification obtained is“IBM Certified Analyst – Security QRadar SIEM V7.4.3“.

As you know (and if you don’t, we’ll tell you about it) the main novelty in version 7.4 is the change of user interface. They have been including control and monitoring panels to improve the visibility of security incidents with specific mappings to methodologies such as MITRE ATT&CK. It is a way to standardize incidents, give a bit of abstraction to the product, provide us with a higher level view of what is happening, beyond the specific rules that have been applied and the chains of events that have been generated.

As prerequisites (not part of the exam) it is necessary to be proficient:

  • SIEM concepts (what it is, what it isn’t and what it is for)
  • Master TCP/IP network theory
  • Have a good knowledge of computer security terminology.
  • Learn about the different QRadar modules and plugins such as Network Insights or Incident Forensics.

Why are we asked in the exam?

  • Analysis of security offenses and events (logs, network flows, etc.)
  • Understanding of reference data listings (sets, maps, tables, etc.)
  • Mastering the rules and building blocks
  • Know how to search in reports, create them from scratch, program them, modify them, etc.
  • Have a basic knowledge of QRadar architecture, fundamentally its components, licensing and configuration at the network level.
  • Finally, multi-domain and multi-client configurations, which seem to be becoming more and more fashionable, have a dedicated section in this review.

Do I have to recertify?

In our opinion, if you are certified on versions 7.2.X or 7.3.X there is no need to re-certify. Another thing is that your company requires it to maintain a certain level of partnership with IBM or it is a requirement for a public tender. However, if you are going to get certified, take advantage of it and do it when the new versions are released.

When will the rest of the certifications in 7.4.2 be released?

Between this quarter and next quarter, the “administrator” and “deployment professional” will be released. The differences between all of them were covered some time ago in this article. Although the versions change, the types of exams and their objectives are the same.

Can you help us with QRadar?

Of course, we offer training, professional services, support and we also sell and renew your licenses. Contact us and let’s talk.

© 2022 - SiXe Engineering | Training, consulting, professional services and turnkey projects | IBM, Lenovo, Docker, Red Hat , Tenable, HCL, MEDIGATE, Rapid7, Veeam, Sealpath & SUSE Authorized Business Partner. Company registered in INCIBE's cyber security catalog.
SiXe Ingeniería