Incident Detection and Investigation with QRadar Apps

This course will teach you about the main QRadar apps and how you can improve your incident investigation with them. You learn not only the technical aspect of each app, but also the investigation step-by-step of the main incident types using apps.
Course info
Level
Intermediate
Updated
Mar 8, 2019
Duration
1h 54m
Table of contents
Description
Course info
Level
Intermediate
Updated
Mar 8, 2019
Duration
1h 54m
Description

One of the major features introduced in QRadar is the ability to install apps, which expands the SIEM features and helps on incident investigation. In this course, Incident Detection and Investigation with QRadar Apps, you will learn about the most interesting QRadar apps for a SOC analyst. First, you will learn how to create interactive dashboards with the Pulse app. Next, you will discover about the use of artificial intelligence for incident investigation using the QRadar Advisor with Watson app. Finally, you will explore how to detect internal threats using the User Behaviour Analytics (UBA) app. You also will explore other interesting apps that will help you to monitor QRadar system health. The course is filled with demos showing the QRadar apps being used in several incident investigations, such as malware outbreaks, rouge employees, internal threats, and compromised accounts. When you're finished with this course, you will have the skills and knowledge of the main QRadar apps needed to improve your incident investigation game.

About the author
About the author

Ricardo is a Cybersecurity Consultant based in Toronto (Canada). He has 10+ years of IT experience, 6 of them in the IT Security field. His main interests are: SIEM solutions (IBM QRadar), Enterprise Security Risk, Penetration Testing, Security processes/procedures and Network Security.

More from the author
Vulnerability Management with QRadar
Intermediate
1h 33m
May 23, 2019
More courses by Ricardo Reimao
Section Introduction Transcripts
Section Introduction Transcripts

Course Overview
Hello everyone. My name is Ricardo, and welcome to my course, Incident Detection and Investigation with QRadar Apps. I'm a cybersecurity consultant with years of experience in QRadar and incident investigation, and I'll be showing you the most interesting QRadar apps that'll improve your incident investigation skills. Be ready to learn about the latest QRadar apps that IBM offers, including the IBM Pulse dashboard and the User Behavior Analytics apps. In my opinion, the interesting parts of this course is that you'll learn not only how to use the apps, but also how to investigate incidents with them. For example, maybe you know how to investigate a malware outbreak, but did you know that you can use artificial intelligence to automate this investigation? Or, did you know that it can use machine learning to predict future employee behavior and prevent an incident? Well, now you know with the QRadar apps, those things are possible. Also, as this is a hands-on course, you'll be exposed to a lot of demos showing the main incident types and how the apps can help you in your investigation. By the end of this course, you'll be able to understand how the QRadar Apps Framework works, create interactive dashboards, automate part of the incident investigation with the help of artificial intelligence, investigate internal threats with the use of the User Behavior Analytics app, and monitor QRadar activities and troubleshoot performance issues. Keep in mind that this course is an intermediate course, so it is expected that you have some base knowledge in QRadar. If it's your first time with the tool, I do recommend you checking my previous course called Incident Detection and Investigation with IBM QRadar, which you can find here, at Pluralsight. Also, as this is a hands-on course, I do recommend you having a QRadar environment in which you can test the concepts with your own hands, so then you can get the most out of this course. So, I hope you join me in this journey to learn about the latest QRadar apps, here, at Pluralsight.