IBM Q Radar SIEM – A Step-by-Step Boot Camp, Tackle cyber threats in real time by using powerful, scalable, and efficient SIEM security software.
Do you want to enter the SIEM field? Do you want to learn one of the leaders SIEM technologies?
Do you want to understand the concepts and gain the hands-on on IBM Q Radar SIEM?
Then this course is designed for you. Through baby steps you will learn IBM Q Radar SIEM
Important topics that you will learn about in this course include but not limited to the following:
The course is covering below topics:
– Q Radar architecture
– Q Radar components
– All-In-One installation
– Console GUI demystified, Q Radar Services and Replay Events & Flows
– Offense, Event, Flow investigation
– Describe the use of the magnitude of an offense
– Offense management (retention, chaining, protection)
– Identify events not correctly parsed and their source
– Customized searches
– Log Integration and DSM Development
– Rules and Building Block Design
– AQL queries
– Custom properties
– Win Collect
– X-Force App Exchange, Content Packs and Pulse Installation and Troubleshooting
– Q Radar Assistant App
– Install Q Radar Content Packs using the Q Radar Assistant App
– Reference Data Types and Management
– Analyze Building Blocks Host definition, category definition, Port definition
– Tuning building blocks and Tuning Methodology
– Use Case Manager app, MITRE threat groups and actors
– Dash-boarding and Reporting
– Clean SIM Model
– Attack Simulation and Sysmon Process Profiling
– Rule Routing options, Rule Routing combination options and License Giveback
– Backup and restore
– Ingesting Q Radar offenses into FortiSOAR
– Custom Integration with FortiGate Firewall to Block User’s PC from Accessing the Internet
– Postman – An API Call Development Methodology
