Description
Course info
Level
Intermediate
Updated
May 29, 2018
Duration
3h 10m
Description

IBM Security QRadar is a leader in SIEM solutions according to the 2016 Magic Quadrant. In this course, SIEM Administration with QRadar, you will explore QRadar’s main features from a SIEM administrator perspective. First, you will learn the QRadar components and architecture. Next, you will explore administrative items in the QRadar tool, from user management to rule creation. Finally, you'll dive into troubleshooting techniques, which will help you in your daily SIEM admin challenges. When you're finished with this course, you will have the skills and knowledge to administer a QRadar environment. This course covers the objectives of the IBM Security QRadar SIEM V7.2.8 Fundamental Administration exam (Exam C2150-624) which is required to achieve both the IBM Certified Associate Administrator - Security QRadar SIEM V7.2.8 certification and the IBM Certified SOC Analyst - Security QRadar SIEM V7.2.8 certification.

About the author
About the author

"Ricardo is a Cybersecurity Consultant based in Toronto (Canada). He has 10+ years of IT experience, 6 of them in the IT Security field. His main interests are: SIEM solutions (IBM QRadar), Enterprise Security Risk, Penetration Testing, Security processes/procedures and Network Security.

More from the author
Planning, Deploying, and Maintaining QRadar
Intermediate
2h 50m
20 Sep 2018
Section Introduction Transcripts
Section Introduction Transcripts

Course Overview
Hi everyone. My name is Ricardo, and welcome to my course, SIEM Administration with QRadar. I'm a cybersecurity consultant with years of experience in IBM QRadar, and I'll be showing you everything you need to know for your role as a SIEM administrator. So, if you're starting your role as a SOC administrator or if you're looking to expand your knowledge in the IBM QRadar SIEM solution, this course is for you. In this course, we are going to cover the IBM QRadar SIEM from an admin perspective. So, we start talking about the architecture and the basic concepts of QRadar so you can have a holistic view of the two and then see all the inner workings of the SIEM solution. Then we cover how to plan, install, and upgrade your QRadar. Since you'll be responsible for the environment, it's very important for you as a SOC admin to know how to keep your environment up to date. Next, we go to one of the most important parts of this course in which you'll learn how to perform the main daily tasks of a SIEM admin, including managing the users and the user profiles, configuring on all sources, managing reference sets, and much more. Then you also learn how to tune and optimize QRadar, which includes the creation of rules, creation of custom reports, creation of custom properties, and much more. And in the last part of this course, you'll learn some techniques for troubleshooting in QRadar. In my opinion, this ability to quickly identify and solve problems is what differentiates a person that knows QRadar from a real QRadar specialist. So, by the end of this course you'll be fluent in QRadar from an admin perspective. But before beginning this course, you should have a basic understanding of QRadar. Keep in mind that this is an intermediate course on the SIEM solution and it is a continuation of my previous course called Incident Detection and Investigation with QRadar. So, I do recommend you checking it out so you can have a better understanding of this course. Also, if you're planning on taking the IBM QRadar Fundamental Administration Certification, you're in the right place. This course covers the certification outline and gives you a good base for the test. So, I hope you join me on this journey to learn about the IBM QRadar, with my SIEM Administration with QRadar course, here at Pluralsight.

Planning, Sizing, and Estimations
Welcome back to our QRadar Administration course. In this module, you'll be learning about planning, sizing, and estimations. But you may be wondering, why do I, as an administrator, have to know about sizing, planning, and estimations? Isn't this a job for an engineer? So, think about this scenario. You're responsible for administering the SOC, then you start to notice a lot of errors due to lack of memory. As a SOC admin, you need to understand which components are running out of resources, and you also need to be able to suggest and plan expansion of the environment based on the things you see on your daily job. So let's take a look at what I'll be covering in this module. We'll start by talking about sizing and estimations, where we first introduce some key terminology that is used in QRadar, and then move to the estimations itself. We'll also talk about compliance requirements and the QRadar appliances. Then, we move to the planning and designing phase where we discuss what is high availability and disaster recovery. We'll also cover licensing and backups. And in the last section of this module, you'll learn how to do a basic QRadar installation in both appliance and virtual machines. This section also includes a demo where we will do a step by step of a QRadar installation. If you're interested in the details of installation and planning, you should check our upcoming QRadar Engineer course, but for now in this module, you'll learn everything you need to know of planning and sizing from a SOC admin perspective.

Troubleshooting
Welcome to our last module of our SIEM Administration Course. I hope you are enjoying the journey so far. In this module, we'll be talking about troubleshooting. This module is all about knowing how to quickly solve issues. In a perfect world, our systems would work perfectly and nothing would break. But we all know this is utopia. What differentiates a real QRadar professional from the rest is the ability to quickly identify the causes of a problem and fix the system in a timely manner. Having the knowledge of this module can make days of system down to only a few minutes if you know where to look for the information. So, let's see what we'll be learning in this module. We'll start by discussing some basic troubleshooting, such as performance troubleshooting and log collection troubleshooting. And believe me, 90% of the issues will be related to those 2 topics, so pay extra attention to it. We'll also cover in this section the IBM support channels in case you need to contact the vendor for more specialized support. Then in the following section, we'll discuss more complex troubleshooting in which you need to search and analyze the QRadar logs and error messages. In that section, we cover the main error message on the dashboard, the QRadar logs, and some useful Linux commands that will help you to quickly find things on the logs. Also, you see a demo showing you how to monitor the QRadar logs. And as this is the last module of the course, in the last section, we have a course closure in which we discuss some certification tips in case you are taking the IBM certification and what's next for you in terms of your career as a SIEM specialist.