Course info
Sep 26, 2019
3h 34m

IBM Security QRadar is a leader in SIEM solutions according to the 2016 Gartner Magic Quadrant. In this course, Incident Detection and Investigation with QRadar, you will explore QRadar’s main features from an SOC analyst perspective. First, you will explore what SIEM is and how QRadar provides more functions than a regular SIEM. Next, you will walk through all relevant functionality provided by the tool and some extra functions, such as Risk Manager and Vulnerability Manager. Finally, with the SIEM basics covered, you will dive into incident investigation using QRadar, where you will learn about events, flows, and offenses. When you’ve completed this course, you’ll understand how to investigate the most common cyber threats using QRadar. This course covers the objectives of the "IBM QRadar SIEM V7.3.2 Fundamental Analysis" exam (Exam C1000-018) which is required to achieve the "IBM Certified Associate Analyst - IBM QRadar SIEM V7.3.2" certification.

About the author
About the author

Ricardo is a Cybersecurity Consultant based in Toronto (Canada). He has 10+ years of IT experience, 6 of them in the IT Security field. His main interests are: SIEM solutions (IBM QRadar), Enterprise Security Risk, Penetration Testing, Security processes/procedures and Network Security.

More from the author
Persistence with Impacket
Sep 15, 2021
Planning and Scoping for CompTIA Pentest+
1h 46m
Jul 7, 2021
More courses by Ricardo Reimao
Section Introduction Transcripts
Section Introduction Transcripts

Course Overview
Hi everyone, my name is Ricardo, and welcome to the Instant Detection and Investigation with QRadar. I'm a cyber security consultant with years of experience in the IBM QRadar and incident investigation, and I'll be showing you pretty much everything you need to know for your role as a SOC analyst in a QRadar environment. In my opinion, the interesting thing about this course is that it will cover not only the technology itself, but also this same knowledge that a SOC analyst should have on an incident investigation. For example, in the case of a ransomeware outbreak, would you know which logs you should look to identify the origin of the infection? Or, would you know which devices could provide you with information for the investigation? That's the difference between knowing only the QRadar tool, and knowing the tool plus the investigation knowledge. We start this course by giving an overview of the QRadar and discussing the basic concepts related to the tool, such as data collection and the QRadar architecture. Then, we cover the incident investigation process, and how to investigate incidents in QRadar, and then we close the course by discussing reports and dashboards. This course contains a lot of demos, and you should be able to see each concept being applied in the real life scenarios; and by the end of this course, you'll be able to understand the incident investigation process, understand the QRadar architecture and inner workings, perform event and flow searches, investigate offenses, customize reports and, as mentioned before, you'll be able to understand the main security traps and how they can be investigated. Also, if you're planning to take the IBM QRadar fundamental analysis certification, you're in the right place. The content of this course is based on the certification requirements. So, I hope you join me in this journey to learn about the Incident Detection and Investigation with QRadar, here, at Pluralsight.