We may earn an affiliate commission when you visit our partners.
Course image
Daniel Koifman

Hello everyone.

My name is Daniel Koifman, a recognized IBM Subject Matter Expert for QRadar, CASP+ Certified.

Read more

Hello everyone.

My name is Daniel Koifman, a recognized IBM Subject Matter Expert for QRadar, CASP+ Certified.

In this course, I will be showing you all of the most important subjects you need to know in order to be a skilled QRadar administrator, in addition to various real-world scenarios and best practices.

The course is divided into the following 15 sections:

  1. Introduction &  Installation

  2. QRadar overview

  3. Rules

  4. Working with Reference Data

  5. QRadar Administration - System Configuration

  6. QRadar Administration - Performance Optimization

  7. QRadar Administration - Data Source Configuration

  8. QRadar Administration - Accuracy Tuning

  9. QRadar Administration - User Management

  10. QRadar Administration - Reporting, Searching & Offense Management

  11. QRadar Administration - Tenants and Domains

  12. QRadar Administration - Troubleshooting

  13. Working with the QRadar Console

  14. Working with the API

  15. Practical Use Cases for New/Existing Deployments

Each section was carefully designed based on all of my experience working as a Senior Threat Detection engineer for fortune-500 and for MSSPs. This is the ONLY course with a detailed, in-depth practical use cases section, which will show you common problems that administrators are facing throughout the world. I developed this section based on my endless hours of trial & error and independent research, so I hope all of you can learn very useful things in the course, regardless of skill level.

Enroll now

What's inside

Learning objectives

  • Administer ibm's qradar siem
  • Create rules and detections based on different telemetry sources
  • Troubleshoot various technical issues
  • Understand qradar core services and functions

Syllabus

Introduction to SIEM, QRadar, and the installation & log ingestion process.
A quick word from me to you
Introduction & About the instructor
Read more
Quick note about external resources - Important!
Introduction to SIEM
Introduction to QRadar
Please read this BEFORE installing QRadar!
Installing QRadar
Ingesting events from a Windows machine
Ingesting events from PfSense firewall
Navigate the user interface, perform basic searching, and understand QRadar core services
User Interface
Log Activity basic searching
QRadar Services
Understand QRadar rules, creating rules, troubleshooting and optimizing rules, create practical detections
Requirements for upcoming application installations
Use Case Manager, Rules and Building Blocks
Using AQL inside rules
Troubleshooting rules
Optimizing rules
Identifying expensive rules
Practical Example #1 - SIGMA rules
Practical Example #2 - Firewall rules
Practical Example #3 - Translating Threat Reports to Rules
Learn about the different types of reference data, reference data and rules integrations, using reference data from the default UI and the external application
Different types of Reference Data
Using Reference Data with the default user interface
Integrating Reference Data and Rules
Advice on dealing with massive amounts of Reference Data
Perform License Management, understanding managed hosts, custom email templates, network hierarchy, event retention, automatic updates, backup and recovery, installing and configuring applications
Managed hosts
Network hierarchy
Automatic updates
Event retention
Backup and recovery
Custom offense Email templates
Understand index management, search management, resource restrictions, routing rules
Index management
Configuring resource restrictions
Routing Rules
Understanding XPath queries, Log source management, event coalescing, log source groups, exporting event data, DSMs, custom event properties
XPath queries
Log source management
Event coalescing
Log source groups
Exporting event data
Custom log source types (DSM) / Event Mappings
Custom AQL Properties
Custom event properties
Configure geo-IP and X-Force integration
Configuring MaxMind GeoIP
Verifying GeoIP Changes
Configuring X-Force Integration
Performing user management
Managing users
User roles
Security profiles
Managing user authentication & authorization
Manage reports, utilizing different search types, managing offenses, sharing content among users
Managing reports
Utilizing different search types
Managing offenses
Sharing content among users
Understand and manage domains and tenants
Differentiating between network hierarchy and domain definition
Managing domains and tenants
Monitoring license usage
Assigning users to tenants
Troubleshoot various types of technical issues within the deployment and within applications, perform health checks
Responding to and dealing with system notifications
Troubleshooting common issues
Troubleshooting applications
Troubleshoot service performance
Understand the interactions between the the UI and the console, QRadar file system, troubleshooting services, solving common technical issues
Connecting to the Console
QRadar filesystem
Running AQL inside the Console
Troubleshooting services
Troubleshooting events rate and connectivity
Performing a manual deploy
Reverting SSL certificate to locally signed
Deleting a rule directly from the console
Useful Console commands list
Understanding and working with QRadar API
QRadar API basics
Example - Python script with QRadar API
Learn from various real-world QRadar administration scenarios
Alerting on non-reporting log sources
Alerting on non-reporting domains
Alerting on disabled custom properties
Alerting on disk usage exceeded warning/maximum threshold
Alerting on events dropped
DSM "Failed to load data" error
Creating useful dashboards with Pulse
Working with Threat Intelligence
Working with QRadar Deployment Intelligence
Mandatory steps after upgrading Console CPU
Logs are being truncated / split
Section Notes
Notes about updating applications

Good to know

Know what's good
, what to watch for
, and possible dealbreakers
Focuses on IBM's QRadar SIEM, a widely used security information and event management (SIEM) solution in the industry
Taught by Daniel Koifman, a recognized IBM Subject Matter Expert for QRadar and CASP+ Certified, ensuring the credibility and expertise of the instruction
Provides a comprehensive overview of QRadar, encompassing key concepts, administration, and real-world use cases
Emphasizes practical applications through detailed, in-depth use cases, addressing common challenges faced by administrators
Covers a wide range of QRadar administration topics, including system configuration, performance optimization, and troubleshooting
Includes sections on working with the QRadar Console and API, providing learners with hands-on experience with QRadar's technical aspects

Save this course

Save Modern IBM QRadar 7.5 SIEM Administration to your list so you can find it easily later:
Save

Activities

Be better prepared before your course. Deepen your understanding during and after it. Supplement your coursework and achieve mastery of the topics covered in Modern IBM QRadar 7.5 SIEM Administration with these activities:
Review QRadar documentation and course materials
Familiarize with course content and QRadar documentation, establishing a strong foundation for learning.
Browse courses on SIEM
Show steps
  • Review the course syllabus and identify key concepts
  • Read through the QRadar documentation to supplement understanding
Organize Course Materials
Enhance organization and retention by compiling and reviewing course materials to improve understanding and recall.
Show steps
  • Gather and organize lecture notes, handouts, and assignments
  • Review and summarize key concepts from each module
  • Create a study guide or cheat sheet for quick reference
Review Data Analysis Techniques
Strengthen fundamental data analysis skills to enhance understanding and interpretation of QRadar data.
Browse courses on Data Analysis
Show steps
  • Review concepts of data collection, processing, and visualization
  • Practice using statistical and analytical tools for data interpretation
  • Identify and address common challenges in data analysis
Four other activities
Expand to see all activities and additional details
Show all seven activities
QRadar Console Hands-on Session
Enhance practical skills by participating in hands-on peer sessions focused on navigating and troubleshooting within the QRadar console.
Show steps
  • Connect with peers and form a study group
  • Set up a test environment for QRadar
  • Work together to explore the console, perform searches, and troubleshoot issues
Configure QRadar event sources
Develop hands-on experience in configuring event sources, ensuring efficient event ingestion and analysis.
Browse courses on SIEM
Show steps
  • Set up a test environment with QRadar and various event sources
  • Configure event sources for different log types (e.g., syslog, Windows event logs)
  • Test event ingestion and verify successful data collection
Attend QRadar user group meetings or webinars
Connect with other QRadar users and experts, gaining valuable insights and practical knowledge.
Browse courses on SIEM
Show steps
  • Identify relevant QRadar user groups or webinars
  • Attend meetings or webinars to listen to presentations and engage in discussions
Create and customize QRadar rules
Build practical skills in creating and customizing QRadar rules, enabling effective threat detection and incident response.
Show steps
  • Follow online tutorials or documentation to understand rule syntax and structure
  • Create basic rules based on predefined templates
  • Customize rules to address specific security requirements
  • Test and refine rules to optimize detection capabilities

Career center

Learners who complete Modern IBM QRadar 7.5 SIEM Administration will develop knowledge and skills that may be useful to these careers:
Cybersecurity Analyst
Cybersecurity Analysts investigate and respond to cybersecurity incidents. This course can help you prepare for this role by providing you with a deep understanding of QRadar SIEM, one of the leading security information and event management (SIEM) tools used by organizations to detect and respond to security threats.
Chief Information Security Officer (CISO)
CISOs are responsible for the overall security of an organization's information systems. This course can help you prepare for this role by providing you with a deep understanding of QRadar SIEM, one of the leading security information and event management (SIEM) tools used by organizations to detect and respond to security threats.
Information Security Analyst
Information Security Analysts are responsible for protecting an organization's computer networks and systems from unauthorized access, use, disclosure, disruption, modification, or destruction. This course can help you prepare for this role by providing you with a deep understanding of QRadar SIEM, one of the leading security information and event management (SIEM) tools used by organizations to detect and respond to security threats.
Incident Responder
Incident Responders are responsible for investigating and responding to security incidents. This course can help you prepare for this role by providing you with a deep understanding of QRadar SIEM, one of the leading security information and event management (SIEM) tools used by organizations to detect and respond to security threats.
Security Analyst
Security Analysts identify, assess, and mitigate security risks to an organization's computer networks and systems. This course can help you prepare for this role by providing you with a deep understanding of QRadar SIEM, one of the leading security information and event management (SIEM) tools used by organizations to detect and respond to security threats.
IT Security Manager
IT Security Managers are responsible for developing and implementing security policies and procedures for an organization. This course can help you prepare for this role by providing you with a deep understanding of QRadar SIEM, a tool that can be used to monitor and manage security events across an organization.
Security Consultant
Security Consultants help organizations to improve their security posture. This course can help you prepare for this role by providing you with a deep understanding of QRadar SIEM, one of the leading security information and event management (SIEM) tools used by organizations to detect and respond to security threats.
Vulnerability Analyst
Vulnerability Analysts identify and assess security vulnerabilities in computer systems and networks. This course may be helpful for this role by providing you with a deep understanding of QRadar SIEM, a tool that can be used to monitor and manage security events.
Security Engineer
Security Engineers design, implement, and maintain security systems and networks. This course may be helpful for this role by providing you with a deep understanding of QRadar SIEM, a tool that can be used to monitor and manage security events.
Penetration Tester
Penetration Testers assess the security of computer systems and networks by simulating attacks. This course may be helpful for this role by providing you with a deep understanding of QRadar SIEM, a tool that can be used to monitor and manage security events.
Security Architect
Security Architects design and implement security systems and networks. This course may be helpful for this role by providing you with a deep understanding of QRadar SIEM, a tool that can be used to monitor and manage security events.
Forensic Analyst
Forensic Analysts investigate security incidents and collect evidence. This course may be helpful for this role by providing you with a deep understanding of QRadar SIEM, a tool that can be used to collect and analyze security data.
Network Administrator
Network Administrators are responsible for the day-to-day operation and maintenance of computer networks. This course may be helpful for this role by providing you with a deep understanding of QRadar SIEM, a tool that can be used to monitor and manage security events on a network.
Systems Administrator
Systems Administrators are responsible for the day-to-day operation and maintenance of computer systems and networks. This course may be helpful for this role by providing you with a deep understanding of QRadar SIEM, a tool that can be used to monitor and manage security events.
Compliance Auditor
Compliance Auditors ensure that organizations are compliant with security regulations. This course may be helpful for this role by providing you with a deep understanding of QRadar SIEM, a tool that can be used to monitor and manage security events and compliance.

Reading list

We've selected six books that we think will supplement your learning. Use these to develop background knowledge, enrich your coursework, and gain a deeper understanding of the topics covered in Modern IBM QRadar 7.5 SIEM Administration.
While not directly related to the technology or skills that the course teaches, this work can provide valuable insights into why SIEM systems like QRadar are necessary.
Provides a comprehensive guide to incident response and computer forensics. It covers everything from the basics of incident response to advanced topics such as evidence collection and analysis.
This document provides guidance on how to implement a security incident handling program. It covers everything from planning and design to deployment and operation.

Share

Help others find this course page by sharing it with your friends and followers:

Similar courses

Here are nine courses similar to Modern IBM QRadar 7.5 SIEM Administration.
Becoming a Healthcare Administrator
Salesforce Certified Advanced Administrator - Part 1
Learn JIRA with real-world examples (+Confluence bonus)
Configuring SUSE Linux Enterprise
SQL Tutorial: Learn SQL with MySQL Database - Updated...
Salesforce Certified Administrator Practice Tests - 3...
The Complete Salesforce Certified Administrator Course +...
Cooking With Xin
IBM Security QRadar Functions and Capabilities
Our mission

OpenCourser helps millions of learners each year. People visit us to learn workspace skills, ace their exams, and nurture their curiosity.

Our extensive catalog contains over 50,000 courses and twice as many books. Browse by search, by topic, or even by career interests. We'll match you to the right resources quickly.

Find this site helpful? Tell a friend about us.

Affiliate disclosure

We're supported by our community of learners. When you purchase or subscribe to courses and programs or purchase books, we may earn a commission from our partners.

Your purchases help us maintain our catalog and keep our servers humming without ads.

Thank you for supporting OpenCourser.

© 2016 - 2024 OpenCourser