Module 1: Introduction to SIEM
- Why Do We Need SIEM?
- What is SIEM?
- Security Information Management (SIM)
- Security Event Management (SEM)
- SIEM Guidelines and Architecture
- SIEM Capabilities: Aggregation, Correlation, Reporting, Storage, Alerts, etc.
- SIEM and Automation
Module 2: Introduction to Qradar
- IBM QRadar SIEM Component Architecture and Data Flows
- Using the QRadar SIEM User Interface
Module 3: Working with logs
- Adding Sample logs to QRadar
- Working with Offense Triggered by Events
- Working with Offense Triggered by Flows
- Working with Events of an Offense
Module 4: Monitoring with QRadar
- Monitor QRadar Notifications and error messages
- Monitor QRadar Performance with QDI
- Review and Interpret System Monitoring Dashboards
- Investigate Suspected Attacks and Policy Breaches
- Search, Filter, Group, and Analyze Security Data
Module 5: Investigating with QRadar
- Investigate the Vulnerabilities and Services of Assets
- Investigate Events and Flows
- Use Index Management
- Index and Aggregated Data Management
- AQL: Introduction to Aerial Query Language
- Use AQL for Advanced Searches
- Creating Alerts for Intrusions
- Explain Error Messages and Notifications.
- Analyze Real-World Scenarios
- Creating Reports
Module 6: Advanced Operations with QRadar
- Creating Custom Log Source Types
- Leveraging Reference Data Collections
- Developing Custom Rules
- Deploying QRadar Apps for Advance Operations
EXAM OBJECTIVES (DOMAINS) | PERCENTAGE OF EXAMINATION |
---|---|
System Configuration | 20% |
Performance Optimization | 13% |
Data Source Configuration | 14% |
Accuracy Tuning | 10% |
User Management | 6% |
Reporting, Searching, and Offense Management | 13% |
Tenants and Domains | 8% |
Troubleshooting | 16% |