IBM Security QRadar SIEM Advanced Topics

IBM Security QRadar SIEM Advanced Topics

This is an advanced course for the QRadar Analyst and Administrator and is a follow-on to BQ103G.

This course uses the IBM QRadar SIEM 7.3 platform for lab exercises.

Objetivos

The course objctives are:

Create custom log sources to utilize events from uncommon sources
Create, maintain, and use reference data collections
Develop and manage custom rules to detect unusual activity in your network
Develop and manage custom action scripts to for automated rule reponse
Develop and manage anomoly detection rules to detect when unusual network traffic patterns occur

Ciberseguridad

Disponible en formato e-learning

Disponible en formato presencial

Disponible en formato a distancia

Acceso al campus

Subvención disponible
A través de Fundae, cumpliendo requisitos.

Duración
10 horas

  • Dificultad 50% 50%
  • Nivel alcanzado 80% 80%

Dirigido a

This course is useful for Security administrators, Security technical architects, Offense managers, Professional services using QRadar SIEM, QRadar SIEM administrators.

Conocimientos requeridos

Before this course, you should be familiar with:

IT infrastructure
IT security fundamentals
Linux
Microsoft Windows
TCP/IP networking
Log files and events
Network flows
You should also have completed the IBM QRadar SIEM Foundations course.

Temario

In this course, you will see:

Module 1: Creating log source types
Module 2: Leveraging reference data collections
Module 3: Developing custom rules
Module 4: Creating Custom Action Scripts
Module 5: Developing Anomaly Detection Rules

Solicita información del curso