IBM QRadar Incident Detection and Response

Paths

IBM QRadar Incident Detection and Response

Author: Ricardo Reimao

The role of Security Operations Center (SOC) Analyst requires more than simply mastering a SIEM technology. To be a highly skilled professional you must understand the most... Read more

What you will learn:

The requisite knowledge for a Security Operations Center (SOC) Analyst in an IBM QRadar environment, including:

  • How the IBM QRadar SIEM works and how it can be used in the incident process and lifecycle
  • How to investigate the most prevalent security incident types
  • How to leverage IBM QRadar security reports and real-time security dashboards
  • Proactive incident investigation with IBM QRadar apps
  • How to monitor user behavior with the IBM QRadar UBA app
  • How to manage vulnerabilities with IBM QRadar
  • How to investigate vulnerability-related incidents with IBM QRadar
  • How to manage IBM QRadar system health

Pre-requisites

  • Understanding of fundamental networking concepts
  • Basic understanding of the most prevalent security incident types

Intermediate

In this course you will learn more advanced incident investigation techniques and how you can leverage the IBM QRadar apps.

Incident Detection and Investigation with QRadar Apps

by Ricardo Reimao

Mar 8, 2019 / 1h 54m

1h 54m

Start Course
Description

One of the major features introduced in QRadar is the ability to install apps, which expands the SIEM features and helps on incident investigation. In this course, Incident Detection and Investigation with QRadar Apps, you will learn about the most interesting QRadar apps for a SOC analyst. First, you will learn how to create interactive dashboards with the Pulse app. Next, you will discover about the use of artificial intelligence for incident investigation using the QRadar Advisor with Watson app. Finally, you will explore how to detect internal threats using the User Behaviour Analytics (UBA) app. You also will explore other interesting apps that will help you to monitor QRadar system health. The course is filled with demos showing the QRadar apps being used in several incident investigations, such as malware outbreaks, rouge employees, internal threats, and compromised accounts. When you're finished with this course, you will have the skills and knowledge of the main QRadar apps needed to improve your incident investigation game.

Table of contents
  1. Course Overview
  2. The QRadar App Framework
  3. Creating Interactive Dashboards
  4. Becoming a QRadar Guru with the Assistant App
  5. Incident Investigation with Artificial Intelligence
  6. Detecting Internal Threats with User Behavior Analytics (UBA)
  7. Monitoring the QRadar Activities
  8. Managing System Health

Advanced

In this course you will learn how to deploy a proper vulnerability management program using IBM QRadar Vulnerability Management (QVM).

Vulnerability Management with QRadar

by Ricardo Reimao

May 23, 2019 / 1h 33m

1h 33m

Start Course
Description

One of the main advantages of using QRadar is its variety of features in one single solution. In this course, Vulnerability Management with QRadar, you'll learn how to use the tool to detect vulnerabilities in your environment and correlate them with other information in your SIEM, such as events and flows. First, you'll learn how to identify the scope of a scan and how to work with the stakeholders to properly schedule a scan. Next, you'll be shown how to configure the scans on the tool and how to run them. Then, you'll explore the process of creating a vulnerability remediation plan, in which you'll prioritize the vulnerabilities according to your company needs. Finally, you'll discover how to investigate critical vulnerabilities and how to identify signs of exploitation. When you're finished with this course, you'll have the skills and knowledge of QVM needed to implement and run a vulnerability management program in your IBM QRadar environment.

Table of contents
  1. Course Overview
  2. Planning and Identifying Targets
  3. Configuring and Running Scans
  4. Analyzing the Results and Reporting
  5. Remediating Vulnerabilities
  6. Vulnerabilities Investigation
Offer Code *
Email * First name * Last name *
Company
Title
Phone
Country *

* Required field

Opt in for the latest promotions and events. You may unsubscribe at any time. Privacy Policy

By providing my phone number to Pluralsight and toggling this feature on, I agree and acknowledge that Pluralsight may use that number to contact me for marketing purposes, including using autodialed or pre-recorded calls and text messages. I understand that consent is not required as a condition of purchase from Pluralsight.

By activating this benefit, you agree to abide by Pluralsight's terms of use and privacy policy.

I agree, activate benefit