We may earn an affiliate commission when you visit our partners.
Daniel Koifman
Hello everyone.
My name is Daniel Koifman, a recognized IBM Subject Matter Expert for QRadar, CASP+ Certified.
Read more
Hello everyone.
My name is Daniel Koifman, a recognized IBM Subject Matter Expert for QRadar, CASP+ Certified.
Read more
Hello everyone.
My name is Daniel Koifman, a recognized IBM Subject Matter Expert for QRadar, CASP+ Certified.
In this course, I will be showing you all of the most important subjects you need to know in order to be a skilled QRadar administrator, in addition to various real-world scenarios and best practices.
The course is divided into the following 15 sections:
Introduction & Installation
QRadar overview
Rules
Working with Reference Data
QRadar Administration - System Configuration
QRadar Administration - Performance Optimization
QRadar Administration - Data Source Configuration
QRadar Administration - Accuracy Tuning
QRadar Administration - User Management
QRadar Administration - Reporting, Searching & Offense Management
QRadar Administration - Tenants and Domains
QRadar Administration - Troubleshooting
Working with the QRadar Console
Working with the API
Practical Use Cases for New/Existing Deployments
Each section was carefully designed based on all of my experience working as a Senior Threat Detection engineer for fortune-500 and for MSSPs. This is the ONLY course with a detailed, in-depth practical use cases section, which will show you common problems that administrators are facing throughout the world. I developed this section based on my endless hours of trial & error and independent research, so I hope all of you can learn very useful things in the course, regardless of skill level.
Register for this course and see more details by visiting:
OpenCourser.com/course/m91yd8/modern
14 deals to help you save
We found 14 deals and offers that may be relevant to this course.
Save money when you learn.
All coupon codes, vouchers, and discounts are applied automatically unless otherwise noted.
Use code at checkout.
Valid until December 3
Cyber Monday
Develop career-changing skills with these steeply discounted courses.
Up to
85%
off
BFCMSALE24
Use code at checkout.
Only 16 hours left!
Black Friday
Develop career-changing skills with these steeply discounted courses.
Up to
85%
off
BFCMSALE24
Use code at checkout.
Valid until December 1
For new customers
Save when you purchase top courses. For new customers only.
Special Offer
UDEAFNULP2024
Valid for a limited time only
Future-proof your career
Access O'Reilly books, live events, courses, and more. Save with an annual subscription.
Take
15%
off
What's inside
Learning objectives
- Administer ibm's qradar siem
- Create rules and detections based on different telemetry sources
- Troubleshoot various technical issues
- Understand qradar core services and functions
- Administer ibm's qradar siem
- Create rules and detections based on different telemetry sources
- Troubleshoot various technical issues
- Understand qradar core services and functions
Syllabus
Introduction to SIEM, QRadar, and the installation & log ingestion process.
A quick word from me to you
Introduction & About the instructor
Read more
Syllabus
Introduction to SIEM, QRadar, and the installation & log ingestion process.
A quick word from me to you
Introduction & About the instructor
Read more
Quick note about external resources - Important!
Introduction to SIEM
Introduction to QRadar
Please read this BEFORE installing QRadar!
Installing QRadar
Ingesting events from a Windows machine
Ingesting events from PfSense firewall
Navigate the user interface, perform basic searching, and understand QRadar core services
User Interface
Log Activity basic searching
QRadar Services
Understand QRadar rules, creating rules, troubleshooting and optimizing rules, create practical detections
Requirements for upcoming application installations
Use Case Manager, Rules and Building Blocks
Using AQL inside rules
Troubleshooting rules
Optimizing rules
Identifying expensive rules
Practical Example #1 - SIGMA rules
Practical Example #2 - Firewall rules
Practical Example #3 - Translating Threat Reports to Rules
Learn about the different types of reference data, reference data and rules integrations, using reference data from the default UI and the external application
Different types of Reference Data
Using Reference Data with the default user interface
Integrating Reference Data and Rules
Advice on dealing with massive amounts of Reference Data
Perform License Management, understanding managed hosts, custom email templates, network hierarchy, event retention, automatic updates, backup and recovery, installing and configuring applications
Managed hosts
Network hierarchy
Automatic updates
Event retention
Backup and recovery
Custom offense Email templates
Understand index management, search management, resource restrictions, routing rules
Index management
Configuring resource restrictions
Routing Rules
Understanding XPath queries, Log source management, event coalescing, log source groups, exporting event data, DSMs, custom event properties
XPath queries
Log source management
Event coalescing
Log source groups
Exporting event data
Custom log source types (DSM) / Event Mappings
Custom AQL Properties
Custom event properties
Configure geo-IP and X-Force integration
Configuring MaxMind GeoIP
Verifying GeoIP Changes
Configuring X-Force Integration
Performing user management
Managing users
User roles
Security profiles
Managing user authentication & authorization
Manage reports, utilizing different search types, managing offenses, sharing content among users
Managing reports
Utilizing different search types
Managing offenses
Sharing content among users
Understand and manage domains and tenants
Differentiating between network hierarchy and domain definition
Managing domains and tenants
Monitoring license usage
Assigning users to tenants
Troubleshoot various types of technical issues within the deployment and within applications, perform health checks
Responding to and dealing with system notifications
Troubleshooting common issues
Troubleshooting applications
Troubleshoot service performance
Understand the interactions between the the UI and the console, QRadar file system, troubleshooting services, solving common technical issues
Connecting to the Console
QRadar filesystem
Running AQL inside the Console
Troubleshooting services
Troubleshooting events rate and connectivity
Performing a manual deploy
Reverting SSL certificate to locally signed
Deleting a rule directly from the console
Useful Console commands list
Understanding and working with QRadar API
QRadar API basics
Example - Python script with QRadar API
Learn from various real-world QRadar administration scenarios
Alerting on non-reporting log sources
Alerting on non-reporting domains
Alerting on disabled custom properties
Alerting on disk usage exceeded warning/maximum threshold
Alerting on events dropped
DSM "Failed to load data" error
Creating useful dashboards with Pulse
Working with Threat Intelligence
Working with QRadar Deployment Intelligence
Mandatory steps after upgrading Console CPU
Logs are being truncated / split
Section Notes
Notes about updating applications
Good to know
Good to know
Know what's good ,
what to watch for , and
possible dealbreakers
Focuses on IBM's QRadar SIEM, a widely used security information and event management (SIEM) solution in the industry
Taught by Daniel Koifman, a recognized IBM Subject Matter Expert for QRadar and CASP+ Certified, ensuring the credibility and expertise of the instruction
Provides a comprehensive overview of QRadar, encompassing key concepts, administration, and real-world use cases
Emphasizes practical applications through detailed, in-depth use cases, addressing common challenges faced by administrators
Covers a wide range of QRadar administration topics, including system configuration, performance optimization, and troubleshooting
Includes sections on working with the QRadar Console and API, providing learners with hands-on experience with QRadar's technical aspects
Save this course
Save Modern IBM QRadar 7.5 SIEM Administration to your list so you can find it easily later:
Save
Save
Activities
Be better prepared
before
your course. Deepen your understanding
during
and
after
it. Supplement your coursework and achieve mastery of the topics covered
in Modern IBM QRadar 7.5 SIEM Administration with these
activities:
Review QRadar documentation and course materials
Show steps
Familiarize with course content and QRadar documentation, establishing a strong foundation for learning.
Browse courses on
SIEM
Show steps
-
Review the course syllabus and identify key concepts
-
Read through the QRadar documentation to supplement understanding
Organize Course Materials
Show steps
Enhance organization and retention by compiling and reviewing course materials to improve understanding and recall.
Show steps
-
Gather and organize lecture notes, handouts, and assignments
-
Review and summarize key concepts from each module
-
Create a study guide or cheat sheet for quick reference
Review Data Analysis Techniques
Show steps
Strengthen fundamental data analysis skills to enhance understanding and interpretation of QRadar data.
Browse courses on
Data Analysis
Show steps
-
Review concepts of data collection, processing, and visualization
-
Practice using statistical and analytical tools for data interpretation
-
Identify and address common challenges in data analysis
Four other activities
Expand to see all activities and additional details
Show all seven activities
QRadar Console Hands-on Session
Show steps
Enhance practical skills by participating in hands-on peer sessions focused on navigating and troubleshooting within the QRadar console.
Show steps
-
Connect with peers and form a study group
-
Set up a test environment for QRadar
-
Work together to explore the console, perform searches, and troubleshoot issues
Configure QRadar event sources
Show steps
Develop hands-on experience in configuring event sources, ensuring efficient event ingestion and analysis.
Browse courses on
SIEM
Show steps
-
Set up a test environment with QRadar and various event sources
-
Configure event sources for different log types (e.g., syslog, Windows event logs)
-
Test event ingestion and verify successful data collection
Attend QRadar user group meetings or webinars
Show steps
Connect with other QRadar users and experts, gaining valuable insights and practical knowledge.
Browse courses on
SIEM
Show steps
-
Identify relevant QRadar user groups or webinars
-
Attend meetings or webinars to listen to presentations and engage in discussions
Create and customize QRadar rules
Show steps
Build practical skills in creating and customizing QRadar rules, enabling effective threat detection and incident response.
Show steps
-
Follow online tutorials or documentation to understand rule syntax and structure
-
Create basic rules based on predefined templates
-
Customize rules to address specific security requirements
-
Test and refine rules to optimize detection capabilities
Review QRadar documentation and course materials
Show steps
Familiarize with course content and QRadar documentation, establishing a strong foundation for learning.
Browse courses on
SIEM
Show steps
Show steps
Show steps
- Review the course syllabus and identify key concepts
- Read through the QRadar documentation to supplement understanding
Organize Course Materials
Show steps
Enhance organization and retention by compiling and reviewing course materials to improve understanding and recall.
Show steps
Show steps
Show steps
- Gather and organize lecture notes, handouts, and assignments
- Review and summarize key concepts from each module
- Create a study guide or cheat sheet for quick reference
Review Data Analysis Techniques
Show steps
Strengthen fundamental data analysis skills to enhance understanding and interpretation of QRadar data.
Browse courses on
Data Analysis
Show steps
Show steps
Show steps
- Review concepts of data collection, processing, and visualization
- Practice using statistical and analytical tools for data interpretation
- Identify and address common challenges in data analysis
Four other activities
Expand to see all activities and additional details
Show all seven activities
QRadar Console Hands-on Session
Show steps
Enhance practical skills by participating in hands-on peer sessions focused on navigating and troubleshooting within the QRadar console.
Show steps
Show steps
Show steps
- Connect with peers and form a study group
- Set up a test environment for QRadar
- Work together to explore the console, perform searches, and troubleshoot issues
Configure QRadar event sources
Show steps
Develop hands-on experience in configuring event sources, ensuring efficient event ingestion and analysis.
Browse courses on
SIEM
Show steps
Show steps
Show steps
- Set up a test environment with QRadar and various event sources
- Configure event sources for different log types (e.g., syslog, Windows event logs)
- Test event ingestion and verify successful data collection
Attend QRadar user group meetings or webinars
Show steps
Connect with other QRadar users and experts, gaining valuable insights and practical knowledge.
Browse courses on
SIEM
Show steps
Show steps
Show steps
- Identify relevant QRadar user groups or webinars
- Attend meetings or webinars to listen to presentations and engage in discussions
Create and customize QRadar rules
Show steps
Build practical skills in creating and customizing QRadar rules, enabling effective threat detection and incident response.
Show steps
Show steps
Show steps
- Follow online tutorials or documentation to understand rule syntax and structure
- Create basic rules based on predefined templates
- Customize rules to address specific security requirements
- Test and refine rules to optimize detection capabilities
Career center
Learners who complete Modern IBM QRadar 7.5 SIEM Administration will develop knowledge and skills
that may be useful to these careers:
Cybersecurity Analyst
Cybersecurity Analyst
Cybersecurity Analysts investigate and respond to cybersecurity incidents. This course can help you prepare for this role by providing you with a deep understanding of QRadar SIEM, one of the leading security information and event management (SIEM) tools used by organizations to detect and respond to security threats.
Chief Information Security Officer (CISO)
Chief Information Security Officer (CISO)
CISOs are responsible for the overall security of an organization's information systems. This course can help you prepare for this role by providing you with a deep understanding of QRadar SIEM, one of the leading security information and event management (SIEM) tools used by organizations to detect and respond to security threats.
Information Security Analyst
Information Security Analyst
Information Security Analysts are responsible for protecting an organization's computer networks and systems from unauthorized access, use, disclosure, disruption, modification, or destruction. This course can help you prepare for this role by providing you with a deep understanding of QRadar SIEM, one of the leading security information and event management (SIEM) tools used by organizations to detect and respond to security threats.
Incident Responder
Incident Responder
Incident Responders are responsible for investigating and responding to security incidents. This course can help you prepare for this role by providing you with a deep understanding of QRadar SIEM, one of the leading security information and event management (SIEM) tools used by organizations to detect and respond to security threats.
Security Analyst
Security Analyst
Security Analysts identify, assess, and mitigate security risks to an organization's computer networks and systems. This course can help you prepare for this role by providing you with a deep understanding of QRadar SIEM, one of the leading security information and event management (SIEM) tools used by organizations to detect and respond to security threats.
IT Security Manager
IT Security Manager
IT Security Managers are responsible for developing and implementing security policies and procedures for an organization. This course can help you prepare for this role by providing you with a deep understanding of QRadar SIEM, a tool that can be used to monitor and manage security events across an organization.
Security Consultant
Security Consultant
Security Consultants help organizations to improve their security posture. This course can help you prepare for this role by providing you with a deep understanding of QRadar SIEM, one of the leading security information and event management (SIEM) tools used by organizations to detect and respond to security threats.
Vulnerability Analyst
Vulnerability Analyst
Vulnerability Analysts identify and assess security vulnerabilities in computer systems and networks. This course may be helpful for this role by providing you with a deep understanding of QRadar SIEM, a tool that can be used to monitor and manage security events.
Security Engineer
Security Engineer
Security Engineers design, implement, and maintain security systems and networks. This course may be helpful for this role by providing you with a deep understanding of QRadar SIEM, a tool that can be used to monitor and manage security events.
Penetration Tester
Penetration Tester
Penetration Testers assess the security of computer systems and networks by simulating attacks. This course may be helpful for this role by providing you with a deep understanding of QRadar SIEM, a tool that can be used to monitor and manage security events.
Security Architect
Security Architect
Security Architects design and implement security systems and networks. This course may be helpful for this role by providing you with a deep understanding of QRadar SIEM, a tool that can be used to monitor and manage security events.
Forensic Analyst
Forensic Analyst
Forensic Analysts investigate security incidents and collect evidence. This course may be helpful for this role by providing you with a deep understanding of QRadar SIEM, a tool that can be used to collect and analyze security data.
Network Administrator
Network Administrator
Network Administrators are responsible for the day-to-day operation and maintenance of computer networks. This course may be helpful for this role by providing you with a deep understanding of QRadar SIEM, a tool that can be used to monitor and manage security events on a network.
Systems Administrator
Systems Administrator
Systems Administrators are responsible for the day-to-day operation and maintenance of computer systems and networks. This course may be helpful for this role by providing you with a deep understanding of QRadar SIEM, a tool that can be used to monitor and manage security events.
Compliance Auditor
Compliance Auditor
Compliance Auditors ensure that organizations are compliant with security regulations. This course may be helpful for this role by providing you with a deep understanding of QRadar SIEM, a tool that can be used to monitor and manage security events and compliance.
For more career information including salaries, visit:
OpenCourser.com/course/m91yd8/modern
Reading list
We've selected six books
that we think will supplement your
learning. Use these to
develop background knowledge, enrich your coursework, and gain a
deeper understanding of the topics covered in
Modern IBM QRadar 7.5 SIEM Administration.
This work reference guide, and can help provide additional information about some of the more technical aspects of the course.
Save
While not directly related to the technology or skills that the course teaches, this work can provide valuable insights into why SIEM systems like QRadar are necessary.
Good reference for developing the skills that the course teaches.
Provides a comprehensive guide to incident response and computer forensics. It covers everything from the basics of incident response to advanced topics such as evidence collection and analysis.
This document provides guidance on how to implement a security incident handling program. It covers everything from planning and design to deployment and operation.
This guide can be a useful, detailed reference for the skills that the course covers.
For more information about how these books relate to this course, visit:
OpenCourser.com/course/m91yd8/modern
Share
Similar courses
Here are nine courses similar to
Modern IBM QRadar 7.5 SIEM Administration.
Becoming a Healthcare Administrator
OpenCourser.com/course/1bjztt/becoming
Becoming a Healthcare Administrator
Salesforce Certified Advanced Administrator - Part 1
OpenCourser.com/course/1hps2x/salesforce
Salesforce Certified Advanced Administrator - Part 1
Learn JIRA with real-world examples (+Confluence bonus)
OpenCourser.com/course/pp82gs/learn
Learn JIRA with real-world examples (+Confluence bonus)
Configuring SUSE Linux Enterprise
OpenCourser.com/course/h54eel/configuring
Configuring SUSE Linux Enterprise
SQL Tutorial: Learn SQL with MySQL Database - Updated (2024)
OpenCourser.com/course/m0u4s9/sql
SQL Tutorial: Learn SQL with MySQL Database - Updated...
Salesforce Certified Administrator Practice Tests - 3 Pack!
OpenCourser.com/course/fni9y0/salesforce
Salesforce Certified Administrator Practice Tests - 3...
The Complete Salesforce Certified Administrator Course + AI
OpenCourser.com/course/w4ykxu/2022
The Complete Salesforce Certified Administrator Course +...
Cooking With Xin
OpenCourser.com/course/4u9hqy/cooking
Cooking With Xin
IBM Security QRadar Functions and Capabilities
OpenCourser.com/course/90dyhv/ibm
IBM Security QRadar Functions and Capabilities
Effort
8 total hours
Via
Udemy
Instructor
Daniel Koifman
Language
English
Good to know
Focuses on IBM's QRadar SIEM, a widely used security information and event management (SIEM) solution in the industry
Taught by Daniel Koifman, a recognized IBM Subject Matter Expert for QRadar and CASP+ Certified, ensuring the credibility and expertise of the instruction
Provides a comprehensive overview of QRadar, encompassing key concepts, administration, and real-world use cases
Emphasizes practical applications through detailed, in-depth use cases, addressing common challenges faced by administrators
Covers a wide range of QRadar administration topics, including system configuration, performance optimization, and troubleshooting
Includes sections on working with the QRadar Console and API, providing learners with hands-on experience with QRadar's technical aspects
Our mission
OpenCourser helps millions of learners each year. People visit us to learn workspace skills, ace their exams, and nurture their curiosity.
Our extensive catalog contains over 50,000 courses and twice as many books. Browse by search, by topic, or even by career interests. We'll match you to the right resources quickly.
Find this site helpful? Tell a friend about us.
Affiliate disclosure
We're supported by our community of learners. When you purchase or subscribe to courses and programs or purchase books, we may earn a commission from our partners.
Your purchases help us maintain our catalog and keep our servers humming without ads.
Thank you for supporting OpenCourser.
© 2016 - 2024 OpenCourser