IBM Qradar Course Details

Module 1: Introduction to SIEM

  • Why Do We Need SIEM?
  • What is SIEM?
  • Security Information Management (SIM)
  • Security Event Management (SEM)
  • SIEM Guidelines and Architecture
  • SIEM Capabilities: Aggregation, Correlation, Reporting, Storage, Alerts, etc.
  • SIEM and Automation

Module 2: Introduction to Qradar

  • IBM QRadar SIEM Component Architecture and Data Flows
  • Using the QRadar SIEM User Interface

Module 3: Working with logs

  • Adding Sample logs to QRadar
  • Working with Offense Triggered by Events
  • Working with Offense Triggered by Flows
  • Working with Events of an Offense

Module 4: Monitoring with QRadar

  • Monitor QRadar Notifications and error messages
  • Monitor QRadar Performance with QDI
  • Review and Interpret System Monitoring Dashboards
  • Investigate Suspected Attacks and Policy Breaches
  • Search, Filter, Group, and Analyze Security Data

Module 5: Investigating with QRadar

  • Investigate the Vulnerabilities and Services of Assets
  • Investigate Events and Flows
  • Use Index Management
  • Index and Aggregated Data Management
  • AQL: Introduction to Aerial Query Language
  • Use AQL for Advanced Searches
  • Creating Alerts for Intrusions
  • Explain Error Messages and Notifications.
  • Analyze Real-World Scenarios
  • Creating Reports

Module 6: Advanced Operations with QRadar

  • Creating Custom Log Source Types
  • Leveraging Reference Data Collections
  • Developing Custom Rules
  • Deploying QRadar Apps for Advance Operations
EXAM OBJECTIVES (DOMAINS)PERCENTAGE OF EXAMINATION
System Configuration20%
Performance Optimization13%
Data Source Configuration14%
Accuracy Tuning10%
User Management6%
Reporting, Searching, and Offense Management13%
Tenants and Domains8%
Troubleshooting16%

TOTAL: 100%