QRadar, our choice

[July 2019] Updated for the new QRadar 7.3.2 certifications!

Choosing among multiple SIEM solutions to offer to our customers, we were not guided by our preferences, but took into consideration all the aspects of the platform, including its compliance with security standards, its market position and customer experience. So why IBM QRadar?

  • IBM Security QRadar is a leader in Gartner’s Magic Quadrant for SIEM, which proves its high position on the SIEM market.
  • Offers comprehensive security information shown in a single web-based console.
  • Includes the most extensive set of modules (Log Management, Security Intelligence, Network Activity Monitoring, Risk management, Vulnerability Management and Network Forensics) that guarantee the 360° view from the information security perspective.
  • Provides strong out-of-the-box features that ensure faster deployment and scalability.
  • QRadar is the platform with Embedded Intelligence that allows for threat detection and offence prioritizing

This technical enablement training, delivered by our IBM certified experts, focuses on the general QRadar architecture and its components. Trough this course you’ll learn how to install, configure and successfully manage this complex and powerful platform. We’ll also show you how to to detect and react in case of  attacks, vulnerabilities and policy violations, minimizing the time gap between when suspicious activity occurs and when you detect it.

In 4 days you’ll have the training you need to pass the certifications as well as setting the basis for operating the product efficiently and safely. An optional 5th session is available for students willing to pass the exam during the following weeks.

Audience

  • Future QRadar SIEM administrators & security analysts
  • Security administrators
  • Security technical architects
  • Offense managers
  • Incident Response teams
  • QRadar customers
  • SOC Managers
  • CISO’s

Agenda

Monday

  • QRadar SIEM Architecture
  • SW Installation & Best Practices
  • Data collection
  • Dashboards
  • Events
  • Flows
  • Assets
  • Network Hierarchy

Tuesday

  • Rules and responses
  • Offenses investigation
  • Building blocks
  • Reports
  • Plugins and extensions
  • AQL (Advanced Query Language)
  • Real world use case & open lab

Wednesday

  • Updating & upgrading the system including scale-out deployments
  • Backups & restore
  • System Settings and Asset Profiler Configuration
  • Reference Set (use cases)
  • Forwarding Destinations
  • Routing Rules
  • Domain Management
  • Users, User Roles, and Security Profiles
  • Authentication options

Thursday

  • Authorized Services
  • Event and Flow Retention
  • Custom Properties
  • Log Source Groups
  • Log Source Extensions
  • Log Source Parsing Ordering
  • Creating a log source from scratch
  • VA Scanners
  • Remote Services
  • Wrap up

Friday

    (Optional session)
  • Exam simulation (3h)
  • Ready to get certified!

Requisites

  • Basic knowledge of the purpose and use of a security intelligence platform
  • Familiarity with the Linux command line interface and PuTTY
  • General IT infrastructure knowledge
  • IT security fundamentals
  • Operating System Administration: Linux or UNIX & Windows
  • TCP/IP networking
  • Log files and events
  • Network flows

Ready to get certified!

Students attending this training are eligible for any of the following professional certifications: C2150-624, QRadar Fundamental Administration C1000-026 & IBM Certified Associate Analyst C1000-018

This course is also recommended for students willing to pass C2150-614 & C1000-013 – QRadar Deployment Professional in the future.

If you are not sure about what certification is the best for you we have written this article in our blog discussing the details of each the exam. Have a read and let us know if you have any further question!

Need help?

We offer professional services and on-demand consulting & technical support world-wide. We will be pleased to help you to succeed with IBM QRadar SIEM.

Certified QRadar Analyst SIEM 7.3.2 C0003502 training
IBM certification qradar administrator 7.3.2 training