Planning, Deploying, and Maintaining QRadar

In this course, you will learn how to plan, deploy, and maintain an IBM QRadar environment. You'll not only discover the technical installation of the tool, but also how to gather requirements, design the architecture and create a deployment plan.
Course info
Level
Intermediate
Updated
Sep 20, 2018
Duration
2h 50m
Table of contents
Description
Course info
Level
Intermediate
Updated
Sep 20, 2018
Duration
2h 50m
Description

The IBM QRadar is one of the top SIEM solutions according to the Gatner group. More and more companies are adopting this tool as their one-stop-shop for security management due to its flexibility and ease to use. In this course, Planning, Deploying, and Maintaining QRadar, you'll be learning not only the technical aspect of an IBM QRadar deployment, but also the documentation and project management aspects of the deployment. First, you'll explore how to gather client requirements. Next, you'll discover how to design the architecture. Finally, you'll learn how to create a deployment plan, which are concepts that differentiates a person that knows how to install QRadar from a real QRadar specialist. In the course scenario, we look at the company Globomantics, which hired you to deploy a new QRadar installation in their environment. When you finish this course, you will be able to perform each step of a real-world IBM QRadar deployment project.

About the author
About the author

"Ricardo is a Cybersecurity Consultant based in Toronto (Canada). He has 10+ years of IT experience, 6 of them in the IT Security field. His main interests are: SIEM solutions (IBM QRadar), Enterprise Security Risk, Penetration Testing, Security processes/procedures and Network Security.

More from the author
Vulnerability Management with QRadar
Intermediate
1h 32m
May 23, 2019
More courses by Ricardo Reimao
Section Introduction Transcripts
Section Introduction Transcripts

Course Overview
Hi everyone! My name is Ricardo, and welcome to my course, Planning, Deploying, and Maintaining QRadar. I'm a cybersecurity consultant with years' experience in IBM QRadar. And I'll be showing you everything you need to know for your role as a SIEM engineer. So, if you're planning to install a new QRadar environment, or if you're looking to expand your knowledge in the IBM QRadar solution, this course is for you. This course is not a simple tutorial of how to install QRadar. In here you'll learn how to deliver a high-quality project, meaning that you'll learn how to get a requirement from your client, how to translate the client's requirements into a deployment plan, how to size and estimate your environment, how to install and configure QRadar, and, last but very important, how to deliver a high-quality documentation. In my opinion, knowing how to understand your client's requirements, how to prepare a good deployment plan, and delivering a good documentation is what differentiates a guy that knows QRadar from a real QRadar specialist. As this is an intermediate course, before beginning your learning journey, you should have a basic understanding of QRadar, as well as a basic understanding of Linux and networking. Also, keep in mind that this course is part of a series of QRadar courses here at Pluralsight. If you're totally new to QRadar, I do recommend you checking them out. So, I hope you join me on this journey to learn about the IBM QRadar deployment with my Planning, Deploying, and Maintaining QRadar course here, at Pluralsight.

Planning the SIEM Deployment
Hey, welcome back to our QRadar Planning and Deployment course. It is nice to see you back. In this module, we'll discuss how to create a proper deployment plan for a QRadar project. In my opinion, the requirements and planning phase are the most important parts of a QRadar project. It is what differentiates a person that knows how to install QRadar from a real QRadar engineer. And for that reason, we go through the whole planning process in this module. Planning a QRadar installation means translating the gathered requirements into a deployment plan. And this phase is where we look at what a client needs and translate that into tasks for our project. So to be able to understand how to translate from requirements to a plan, we will cover in this module the QRadar architecture types and the main components of a QRadar deployment. Also, we'll cover the QRadar appliances and virtual machines, and also the main collection protocols. And with this base knowledge, then we can jump into how to create an architecture diagram and how to create a project plan for a QRadar installation.

Configuring and Tuning
Hey there. It's nice to see you back. Welcome to the last module of our QRadar deployment course. Now that we already know how to deploy, install, and set up QRadar, it is time to learn how to configure it and tune the configuration. If you watched my previous QRadar Administration course, you may be familiar with some of those tasks. However, here we go into more details of the QRadar configuration and tuning. So this module is all about customizing QRadar to fit your client needs. I've seen few QRadar projects where the engineers only saw QRadar and considered the project done. I think I don't even need to mention how unhappy the client was. Your job as an engineer is not only installing to but also configuring to suit your client needs. So in this way, the tool can bring value to the company. This module is filled with interesting demos in which you'll learn everything you need to know to configure QRadar. So let's take a moment and take a look on what will be learning in this module. First, we'll cover some basic initial configuration, which includes configuring system licenses, network topology, user roles, data retention policies, etc. Then we will go to the data source configuration, which includes configuring flow sources, log sources, and asset lists. Then as you want to deliver a high-quality project, we need to discuss about the configuration documentation, which is an extension of the deployment document. And then as this is the last module of this course, we'll have a quick recap on our course closure section.