Modern IBM QRadar 7.5 SIEM Administration

Understand modern best practices that will make you a better SIEM administrator

Created by : Rated :4 945 views

Last Updated: 2023-10-11 07:10:36 English Course Type: Self Learning

QRadar Administration

Hello everyone!

My name is Daniel Koifman, a recognized IBM Subject Matter Expert for QRadar, CASP+ Certified.

In this course, I will be showing you all of the most important subjects you need to know in order to be a skilled QRadar administrator, in addition to various real-world scenarios and best practices.

The course is divided into the following 15 sections:

Introduction & Installation
QRadar overview
Rules
Working with Reference Data
QRadar Administration - System Configuration
QRadar Administration - Performance Optimization
QRadar Administration - Data Source Configuration
QRadar Administration - Accuracy Tuning
QRadar Administration - User Management
QRadar Administration - Reporting, Searching & Offense Management
QRadar Administration - Tenants and Domains
QRadar Administration - Troubleshooting
Working with the QRadar Console
Working with the API
Practical Use Cases for New/Existing Deployments

Each section was carefully designed based on all of my experience working as a Senior Threat Detection engineer for fortune-500 and for MSSPs. This is the ONLY course with a detailed, in-depth practical use cases section, which will show you common problems that administrators are facing throughout the world. I developed this section based on my endless hours of trial & error and independent research, so I hope all of you can learn very useful things in the course, regardless of skill level!

Recommended basic knowledge of Computers, Networking, and Cyber Security.

SOC Analysts who work with QRadar
Detection Engineers
SIEM Engineers
QRadar Administrators

Section 1 : Introduction & Installation 8 Lectures 00:33:22
Lecture 1 :
A quick word from me to you Preview
Lecture 2 :
Introduction & About the instructor
Lecture 3 :
Introduction to SIEM
Lecture 4 :
Introduction to QRadar
Lecture 5 :
Installing QRadar
Lecture 6 :
Ingesting events from a Windows machine
Lecture 7 :
Ingesting events from PfSense Firewall
Lecture 8 :
Please read this BEFORE installing QRadar!
Section 2 : QRadar overview 3 Lectures 00:21:56
Lecture 1 :
User Interface
Lecture 2 :
Log Activity basic searching
Lecture 3 :
QRadar Services
Section 3 : Rules 10 Lectures 01:22:14
Lecture 1 :
Requirements for upcoming application installations
Lecture 2 :
Use Case Manager, Rules and Building Blocks
Lecture 3 :
Using AQL inside rules
Lecture 4 :
Troubleshooting rules
Lecture 5 :
Optimizing rules
Lecture 6 :
Identifying expensive rules
Lecture 7 :
Practical Example #2 - Firewall rules
Lecture 8 :
Practical Example #3 - Translating Threat Reports to Rules
Lecture 9 :
Practical Example #1 - SIGMA Rules Pt. 1
Lecture 10 :
Practical Example #1 - SIGMA Rules Pt. 2
Section 4 : Working with Reference Data 4 Lectures 00:24:35
Lecture 1 :
Different Types of Reference Data
Lecture 2 :
Using Reference Data with the default user interface
Lecture 3 :
Integrating Reference Data and Rules
Lecture 4 :
Advice on dealing with massive amounts of Reference Data
Section 5 : QRadar Administration - System Configuration 6 Lectures 00:25:48
Lecture 1 :
Managed hosts
Lecture 2 :
Network heirarchy
Lecture 3 :
Automatic updates
Lecture 4 :
Event retention
Lecture 5 :
Backup and recovery
Lecture 6 :
Custom offense Email templates
Section 6 : QRadar Administration - Performance Optimization 3 Lectures 00:18:24
Lecture 1 :
Index management
Lecture 2 :
Configuring resource restrictions
Lecture 3 :
Routing Rules
Section 7 : QRadar Administration - Data Source Configuration 8 Lectures 00:39:53
Lecture 1 :
XPath queries
Lecture 2 :
Log source management
Lecture 3 :
Event coalescing
Lecture 4 :
Log source groups
Lecture 5 :
Exporting event data
Lecture 6 :
Custom log source types (DSM) / Event Mappings
Lecture 7 :
Custom AQL Properties
Lecture 8 :
Custom event properties
Section 8 : QRadar Administration - Accuracy Tuning 3 Lectures 00:12:16
Lecture 1 :
Configuring MaxMind GeoIP
Lecture 2 :
Verifying GeoIP Changes
Lecture 3 :
Configuring X-Force Integration
Section 9 : QRadar Administration - User Management 4 Lectures 00:13:18
Lecture 1 :
Managing users
Lecture 2 :
User roles
Lecture 3 :
Security profiles
Lecture 4 :
Managing user authentication & authorization
Section 10 : QRadar Administration - Reporting, Searching & Offense Management 4 Lectures 00:26:15
Lecture 1 :
Managing reports
Lecture 2 :
Utilizing different search types
Lecture 3 :
Managing offenses
Lecture 4 :
Sharing content among users
Section 11 : QRadar Administration - Tenants and Domains 4 Lectures 00:18:00
Lecture 1 :
Differentiating between network hierarchy and domain definition
Lecture 2 :
Managing domains and tenants
Lecture 3 :
Monitoring license usage
Lecture 4 :
Assigning users to tenants
Section 12 : QRadar Administration - Troubleshooting 4 Lectures 00:16:08
Lecture 1 :
Responding to and dealing with system notifications
Lecture 2 :
Troubleshooting common issues
Lecture 3 :
Troubleshooting applications
Lecture 4 :
Troubleshoot service performance
Section 13 : Working with the QRadar Console 9 Lectures 00:21:43
Lecture 1 :
Connecting to the Console
Lecture 2 :
QRadar filesystem
Lecture 3 :
Running AQL inside the Console
Lecture 4 :
Troubleshooting services
Lecture 5 :
Troubleshooting events rate and connectivity
Lecture 6 :
Performing a manual deploy
Lecture 7 :
Reverting SSL certificate to locally signed
Lecture 8 :
Deleting a rule directly from the Console
Lecture 9 :
Useful Console commands list
Section 14 : Working with the API 2 Lectures 00:12:47
Lecture 1 :
QRadar API basics
Lecture 2 :
Example - Python script with QRadar API
Section 15 : Practical Use Cases for New/Existing Deployments 13 Lectures 00:24:16
Lecture 1 :
Alerting on non-reporting log sources
Lecture 2 :
Alerting on non-reporting domains
Lecture 3 :
Alerting on disabled custom properties
Lecture 4 :
Alerting on disk usage exceeded warning/maximum threshold
Lecture 5 :
Alerting on events dropped
Lecture 6 :
DSM "Failed to load data" error
Lecture 7 :
Creating useful dashboards with Pulse
Lecture 8 :
Working with Threat Intelligence
Lecture 9 :
Working with QRadar Deployment Intelligence
Lecture 10 :
Mandatory steps after upgrading Console CPU
Lecture 11 :
Logs are being truncated / split
Lecture 12 :
Section notes
Lecture 13 :
Notes about updating applications
Section 16 : Course End - Congratulations! 1 Lectures 00:01:43
Lecture 1 :
End Notes

How do i access the course after purchase?
It's simple. When you sign up, you'll immediately have unlimited viewing of thousands of expert courses, paths to guide your learning, tools to measure your skills and hands-on resources like exercise files. There’s no limit on what you can learn and you can cancel at any time.
Are these video based online self-learning courses?
Yes. All of the courses comes with online video based lectures created by certified instructors. Instructors have crafted these courses with a blend of high quality interactive videos, lectures, quizzes & real world projects to give you an indepth knowledge about the topic.
Can i play & pause the course as per my convenience?
Yes absolutely & thats one of the advantage of self-paced courses. You can anytime pause or resume the course & come back & forth from one lecture to another lecture, play the videos mulitple times & so on.
How do i contact the instructor for any doubts or questions?
Most of these courses have general questions & answers already covered within the course lectures. However, if you need any further help from the instructor, you can use the inbuilt Chat with Instructor option to send a message to an instructor & they will reply you within 24 hours. You can ask as many questions as you want.
Do i need a pc to access the course or can i do it on mobile & tablet as well?
Brilliant question? Isn't it? You can access the courses on any device like PC, Mobile, Tablet & even on a smart tv. For mobile & a tablet you can download the Learnfly android or an iOS app. If mobile app is not available in your country, you can access the course directly by visting our website, its fully mobile friendly.
Do i get any certificate for the courses?
Yes. Once you complete any course on our platform along with provided assessments by the instructor, you will be eligble to get certificate of course completion.
For how long can i access my course on the platform?
You require an active subscription to access courses on our platform. If your subscription is active, you can access any course on our platform with no restrictions.
Is there any free trial?
Currently, we do not offer any free trial.
Can i cancel anytime?
Yes, you can cancel your subscription at any time. Your subscription will auto-renew until you cancel, but why would you want to?

Daniel Koifman,

945 Course Views

1 Courses

Verified IBM QRadar Subject Matter Expert with experience working at a fortune-500 bank as a Senior Threat Detection Engineer. I am skilled in various areas of cybersecurity, defensive and offensive security, threat hunting/detection engineering, SIEM/SOC (QRadar, Splunk, Sentinel), SIGMA/YARA Rules and Python. Won 3rd place @ Splunk Boss of the SOC V8 EMEA Israel event. Comptia CASP+ certified.