Új IBM QRadar SIEM Advanced Topics

QRadar SIEM provides deep visibility into network, user, and application activity. It provides collection, normalization, correlation, and secure storage of events, flows, assets, and vulnerabilities. Suspected attacks and policy breaches are highlighted as offenses.

The lab environment for this course uses the IBM QRadar SIEM 7.5 platform.

This course is designed for security administrators and security analysts. Please note this is an advanced course, the second part of the QRadar SIEM trainign series.

After completion the training students will be able to:

• using custom log sources, reference data collections and custom rules
• using X-Force data and the Threat Intelligence app with UBA and QRadar Advisor
• tuning and creating custom action scripts
• describing the integration with IBM SOAR.

• Unit 1: Custom log sources
• Unit 2: Reference data collections and custom rules
• Unit 3: IBM X-Force Threat Intelligence in QRadar
• Unit 4: User Behavior Analytics and Advisor with Watson
• Unit 5: Tuning
• Unit 6: Custom action scripts
• Unit 7: IBM SOAR integration

Students should have the following topics: completing IBM QRadar SIEM Foundations - BQ104G course or having equivalent knowledge