£1,725.00

Price for this course

3 HOURS

Duration

Classroom IBM

Delivery

Available dates


Mon17Feb 20 TO Wed19Feb 20

Where

Tech Data
The Capitol Building, Oldbury
Bracknell
RG12 8FZ

Code

TR-583504
Mon17Feb 20 TO Wed19Feb 20

Where

Tech Data Online UK
Connection details will be communicated separately
Instructor Led
Online

Code

TR-583505
Mon17Feb 20 TO Wed19Feb 20

Where

Tech Data
2nd Floor, Broadwall House, 21 Broadwall Street
London
SE1 9PL

Code

TR-583506
Mon08Jun 20 TO Wed10Jun 20

Where

Tech Data Online UK
Connection details will be communicated separately
Instructor Led
Online

Code

TR-583508
Mon08Jun 20 TO Wed10Jun 20

Where

Tech Data
The Capitol Building, Oldbury
Bracknell
RG12 8FZ

Code

TR-583507
Mon08Jun 20 TO Wed10Jun 20

Where

Tech Data
2nd Floor, Broadwall House, 21 Broadwall Street
London
SE1 9PL

Code

TR-583509

Overview

IBM QRadar SIEM provides deep visibility into network, user, and application activity. It provides collection, normalization, correlation, and secure storage of events, flows, asset profiles, and vulnerabilities. QRadar SIEM classifies suspected attacks and policy violations as offenses.

In this 3-day instructor-led course, you learn how to perform the following tasks:

  • Describe how QRadar SIEM collects data to detect suspicious activities
  • Describe the QRadar SIEM component architecture and data flows
  • Navigate the user interface
  • Investigate suspected attacks and policy breaches
  • Search, filter, group, and analyze security data
  • Investigate the vulnerabilities and services of assets
  • Use network hierarchies
  • Locate custom rules and inspect actions and responses of rules
  • Analyze offenses created by QRadar SIEM
  • Use index management
  • Navigate and customize the QRadar SIEM dashboard
  • Use QRadar SIEM to create customized reports
  • Use charts and filters
  • Use AQL for advanced searches
  • Analyze a real world scenario

Extensive lab exercises are provided to allow students an insight into the routine work of an IT Security Analyst operating the IBM QRadar SIEM platform. The exercises cover the following topics:

  • Using the QRadar SIEM user interface
  • Investigating an Offense triggered by events
  • Investigating the events of an offense
  • Investigating an offense that is triggered by flows
  • Using rules
  • Using the Network Hierarchy
  • Index and Aggregated Data Management
  • Using the QRadar SIEM dashboard
  • Creating QRadar SIEM reports
  • Using AQL for advanced searches
  • Analyze a real-world large-scale attack

The lab environment for this course uses the IBM QRadar SIEM 7.3 platform.

Audience

This course is designed for security analysts, security technical architects, offense managers, network administrators, and system administrators using QRadar SIEM.

Prerequisites

Before taking this course, make sure that you have the following skills:

  • IT infrastructure
  • IT security fundamentals
  • Linux
  • Windows
  • TCP/IP networking
  • Syslog

Objective

After completing this course, you should be able to perform the following tasks:

  • Describe how QRadar SIEM collects data to detect suspicious activities
  • Describe the QRadar SIEM component architecture and data flows
  • Navigate the user interface
  • Investigate suspected attacks and policy violations
  • Search, filter, group, and analyze security data
  • Investigate events and flows
  • Investigate asset profiles
  • Describe the purpose of the network hierarchy
  • Determine how rules test incoming data and create offenses
  • Use index and aggregated data management
  • Navigate and customize dashboards and dashboard items
  • Create customized reports
  • Use filters
  • Use AQL for advanced searches
  • Analyze a real world scenario

Course Outline

  • Unit 1: Introduction to IBM QRadar
  • Unit 2: IBM QRadar SIEM component architecture and data flows
  • Unit 3: Using the QRadar SIEM User Interface
  • Unit 4: Investigating an Offense Triggered by Events
  • Unit 5: Investigating the Events of an Offense
  • Unit 6: Using Asset Profiles to Investigate Offenses
  • Unit 7: Investigating an Offense Triggered by Flows
  • Unit 8: Using Rules
  • Unit 9: Using the Network Hierarchy
  • Unit 10: Index and Aggregated Data Management
  • Unit 11: Using the QRadar SIEM Dashboard
  • Unit 12: Creating Reports
  • Unit 13: Using Filters
  • Unit 14: Using the Ariel Query Language (AQL) for Advanced Searches
  • Unit 15: Analyzing a Real-World Large-Scale Attack
  • Appendix A: A real-world scenario introduction to IBM QRadar SIEM
  • Appendix B: IBM QRadar architecture


FAQs

What do I need to bring with me to my public class?

All required learning materials and equipment are provided in the classroom.

 

 

 

 

When do public training course fees have to be paid?

For public training classes payment must be received no later than three business days prior to the first day of class in order to remain in the class and confirm your seat. Failure to provide payment by this date may result in removal from the class, and/or late cancellation fees applied. You can submit payment in the form of a Purchase Order or credit card.

 

 

 

 

On-site (private) Course Pricing:

To find out more about On-site training e-mail us at enablement@agilesolutions.co.uk or call one of our offices.

 

 

 

 

What is the cancellation policy?

Requests for cancellations or date transfers need to be received at least ten (10) business days prior to the event start date in order to receive a full refund. If a cancellation or reschedule request is received less than ten (10) business days before the start date, the penalty of 100% of the cost of the course will be applied, resulting in no amount of the fee being refunded. Refunds will not be allowed for “no-shows” in our public training or IVA courses. This cancellation policy is strictly enforced.

 

 

 

 

What happens if Agile Solutions needs to cancel or reschedule a course?

Agile Solutions reserves the right to cancel events for any reason at any time. Cancellation liability for Agile Solutions, if Agile Solutions cancels the course, is limited to the return of course payment ONLY. Agile Solutions will not reimburse registrants for any other costs including but not limited to any travel cancellation fees or penalties, including airfare and hotel costs. PLEASE NOTE: If your registration status is either “Approved”, or “Pending Payment” you have not been confirmed for the class and it is recommended that you do not make any travel arrangements until you have received a confirmation e-mail letting you know the class and registration is confirmed.

 

 

 

 

How will I know if my course has been rescheduled?

Agile Solutions reserves the right to reschedule or cancel a course due to low enrollment or if necessitated by other circumstances. Agile Solutions will contact you via e-mail or phone to inform you of the change of schedule. Once you have been notified you may reschedule or receive a full credit. Agile Solutions shall not be liable for any other costs including but not limited to any non-refundable travel arrangements if a course is rescheduled or cancelled.