What you will learn:
The requisite knowledge for a Security Operations Center (SOC) Analyst in an IBM QRadar environment, including:
- How the IBM QRadar SIEM works and how it can be used in the incident process and lifecycle
- How to investigate the most prevalent security incident types
- How to leverage IBM QRadar security reports and real-time security dashboards
- Proactive incident investigation with IBM QRadar apps
- How to monitor user behavior with the IBM QRadar UBA app
- How to manage vulnerabilities with IBM QRadar
- How to investigate vulnerability-related incidents with IBM QRadar
- How to manage IBM QRadar system health
- Understanding of fundamental networking concepts
- Basic understanding of the most prevalent security incident types
In this course you will learn more advanced incident investigation techniques and how you can leverage the IBM QRadar apps.
One of the major features introduced in QRadar is the ability to install apps, which expands the SIEM features and helps on incident investigation. In this course, Incident Detection and Investigation with QRadar Apps, you will learn about the most interesting QRadar apps for a SOC analyst. First, you will learn how to create interactive dashboards with the Pulse app. Next, you will discover about the use of artificial intelligence for incident investigation using the QRadar Advisor with Watson app. Finally, you will explore how to detect internal threats using the User Behaviour Analytics (UBA) app. You also will explore other interesting apps that will help you to monitor QRadar system health. The course is filled with demos showing the QRadar apps being used in several incident investigations, such as malware outbreaks, rouge employees, internal threats, and compromised accounts. When you're finished with this course, you will have the skills and knowledge of the main QRadar apps needed to improve your incident investigation game.
Table of contents
- Course Overview
- The QRadar App Framework
- Creating Interactive Dashboards
- Becoming a QRadar Guru with the Assistant App
- Incident Investigation with Artificial Intelligence
- Detecting Internal Threats with User Behavior Analytics (UBA)
- Monitoring the QRadar Activities
- Managing System Health
In this course you will learn how to deploy a proper vulnerability management program using IBM QRadar Vulnerability Management (QVM).
One of the main advantages of using QRadar is its variety of features in one single solution. In this course, Vulnerability Management with QRadar, you'll learn how to use the tool to detect vulnerabilities in your environment and correlate them with other information in your SIEM, such as events and flows. First, you'll learn how to identify the scope of a scan and how to work with the stakeholders to properly schedule a scan. Next, you'll be shown how to configure the scans on the tool and how to run them. Then, you'll explore the process of creating a vulnerability remediation plan, in which you'll prioritize the vulnerabilities according to your company needs. Finally, you'll discover how to investigate critical vulnerabilities and how to identify signs of exploitation. When you're finished with this course, you'll have the skills and knowledge of QVM needed to implement and run a vulnerability management program in your IBM QRadar environment.
Table of contents
- Course Overview
- Planning and Identifying Targets
- Configuring and Running Scans
- Analyzing the Results and Reporting
- Remediating Vulnerabilities
- Vulnerabilities Investigation