This plan includes
- Limited free courses access
- Play & Pause Course Videos
- Video Recorded Lectures
- Learn on Mobile/PC/Tablet
- Quizzes and Real Projects
- Lifetime Course Certificate
- Email & Chat Support
What you'll learn?
- QRadar Administration
Course Overview
Hello everyone!
My name is Daniel Koifman, a recognized IBM Subject Matter Expert for QRadar, CASP+ Certified.
In this course, I will be showing you all of the most important subjects you need to know in order to be a skilled QRadar administrator, in addition to various real-world scenarios and best practices.
The course is divided into the following 15 sections:
-
Introduction & Installation
-
QRadar overview
-
Rules
-
Working with Reference Data
-
QRadar Administration - System Configuration
-
QRadar Administration - Performance Optimization
-
QRadar Administration - Data Source Configuration
-
QRadar Administration - Accuracy Tuning
-
QRadar Administration - User Management
-
QRadar Administration - Reporting, Searching & Offense Management
-
QRadar Administration - Tenants and Domains
-
QRadar Administration - Troubleshooting
-
Working with the QRadar Console
-
Working with the API
-
Practical Use Cases for New/Existing Deployments
Each section was carefully designed based on all of my experience working as a Senior Threat Detection engineer for fortune-500 and for MSSPs. This is the ONLY course with a detailed, in-depth practical use cases section, which will show you common problems that administrators are facing throughout the world. I developed this section based on my endless hours of trial & error and independent research, so I hope all of you can learn very useful things in the course, regardless of skill level!
Pre-requisites
- Recommended basic knowledge of Computers, Networking, and Cyber Security.
Target Audience
- SOC Analysts who work with QRadar
- Detection Engineers
- SIEM Engineers
- QRadar Administrators
Curriculum 86 Lectures 06:32:38
-
Section 1 : Introduction & Installation
- Lecture 2 :
- Introduction & About the instructor
- Lecture 3 :
- Introduction to SIEM
- Lecture 4 :
- Introduction to QRadar
- Lecture 5 :
- Installing QRadar
- Lecture 6 :
- Ingesting events from a Windows machine
- Lecture 7 :
- Ingesting events from PfSense Firewall
- Lecture 8 :
- Please read this BEFORE installing QRadar!
-
Section 2 : QRadar overview
- Lecture 1 :
- User Interface
- Lecture 2 :
- Log Activity basic searching
- Lecture 3 :
- QRadar Services
-
Section 3 : Rules
- Lecture 1 :
- Requirements for upcoming application installations
- Lecture 2 :
- Use Case Manager, Rules and Building Blocks
- Lecture 3 :
- Using AQL inside rules
- Lecture 4 :
- Troubleshooting rules
- Lecture 5 :
- Optimizing rules
- Lecture 6 :
- Identifying expensive rules
- Lecture 7 :
- Practical Example #2 - Firewall rules
- Lecture 8 :
- Practical Example #3 - Translating Threat Reports to Rules
- Lecture 9 :
- Practical Example #1 - SIGMA Rules Pt. 1
- Lecture 10 :
- Practical Example #1 - SIGMA Rules Pt. 2
-
Section 4 : Working with Reference Data
- Lecture 1 :
- Different Types of Reference Data
- Lecture 2 :
- Using Reference Data with the default user interface
- Lecture 3 :
- Integrating Reference Data and Rules
- Lecture 4 :
- Advice on dealing with massive amounts of Reference Data
-
Section 5 : QRadar Administration - System Configuration
- Lecture 1 :
- Managed hosts
- Lecture 2 :
- Network heirarchy
- Lecture 3 :
- Automatic updates
- Lecture 4 :
- Event retention
- Lecture 5 :
- Backup and recovery
- Lecture 6 :
- Custom offense Email templates
-
Section 6 : QRadar Administration - Performance Optimization
- Lecture 1 :
- Index management
- Lecture 2 :
- Configuring resource restrictions
- Lecture 3 :
- Routing Rules
-
Section 7 : QRadar Administration - Data Source Configuration
- Lecture 1 :
- XPath queries
- Lecture 2 :
- Log source management
- Lecture 3 :
- Event coalescing
- Lecture 4 :
- Log source groups
- Lecture 5 :
- Exporting event data
- Lecture 6 :
- Custom log source types (DSM) / Event Mappings
- Lecture 7 :
- Custom AQL Properties
- Lecture 8 :
- Custom event properties
-
Section 8 : QRadar Administration - Accuracy Tuning
- Lecture 1 :
- Configuring MaxMind GeoIP
- Lecture 2 :
- Verifying GeoIP Changes
- Lecture 3 :
- Configuring X-Force Integration
-
Section 9 : QRadar Administration - User Management
- Lecture 1 :
- Managing users
- Lecture 2 :
- User roles
- Lecture 3 :
- Security profiles
- Lecture 4 :
- Managing user authentication & authorization
-
Section 10 : QRadar Administration - Reporting, Searching & Offense Management
- Lecture 1 :
- Managing reports
- Lecture 2 :
- Utilizing different search types
- Lecture 3 :
- Managing offenses
- Lecture 4 :
- Sharing content among users
-
Section 11 : QRadar Administration - Tenants and Domains
- Lecture 1 :
- Differentiating between network hierarchy and domain definition
- Lecture 2 :
- Managing domains and tenants
- Lecture 3 :
- Monitoring license usage
- Lecture 4 :
- Assigning users to tenants
-
Section 12 : QRadar Administration - Troubleshooting
- Lecture 1 :
- Responding to and dealing with system notifications
- Lecture 2 :
- Troubleshooting common issues
- Lecture 3 :
- Troubleshooting applications
- Lecture 4 :
- Troubleshoot service performance
-
Section 13 : Working with the QRadar Console
- Lecture 1 :
- Connecting to the Console
- Lecture 2 :
- QRadar filesystem
- Lecture 3 :
- Running AQL inside the Console
- Lecture 4 :
- Troubleshooting services
- Lecture 5 :
- Troubleshooting events rate and connectivity
- Lecture 6 :
- Performing a manual deploy
- Lecture 7 :
- Reverting SSL certificate to locally signed
- Lecture 8 :
- Deleting a rule directly from the Console
- Lecture 9 :
- Useful Console commands list
-
Section 14 : Working with the API
- Lecture 1 :
- QRadar API basics
- Lecture 2 :
- Example - Python script with QRadar API
-
Section 15 : Practical Use Cases for New/Existing Deployments
- Lecture 1 :
- Alerting on non-reporting log sources
- Lecture 2 :
- Alerting on non-reporting domains
- Lecture 3 :
- Alerting on disabled custom properties
- Lecture 4 :
- Alerting on disk usage exceeded warning/maximum threshold
- Lecture 5 :
- Alerting on events dropped
- Lecture 6 :
- DSM "Failed to load data" error
- Lecture 7 :
- Creating useful dashboards with Pulse
- Lecture 8 :
- Working with Threat Intelligence
- Lecture 9 :
- Working with QRadar Deployment Intelligence
- Lecture 10 :
- Mandatory steps after upgrading Console CPU
- Lecture 11 :
- Logs are being truncated / split
- Lecture 12 :
- Section notes
- Lecture 13 :
- Notes about updating applications
-
Section 16 : Course End - Congratulations!
- Lecture 1 :
- End Notes
Our learners work at
Frequently Asked Questions
-
How do i access the course after purchase?
It's simple. When you sign up, you'll immediately have unlimited viewing of thousands of expert courses, paths to guide your learning, tools to measure your skills and hands-on resources like exercise files. There’s no limit on what you can learn and you can cancel at any time. -
Are these video based online self-learning courses?
Yes. All of the courses comes with online video based lectures created by certified instructors. Instructors have crafted these courses with a blend of high quality interactive videos, lectures, quizzes & real world projects to give you an indepth knowledge about the topic. -
Can i play & pause the course as per my convenience?
Yes absolutely & thats one of the advantage of self-paced courses. You can anytime pause or resume the course & come back & forth from one lecture to another lecture, play the videos mulitple times & so on. -
How do i contact the instructor for any doubts or questions?
Most of these courses have general questions & answers already covered within the course lectures. However, if you need any further help from the instructor, you can use the inbuilt Chat with Instructor option to send a message to an instructor & they will reply you within 24 hours. You can ask as many questions as you want. -
Do i need a pc to access the course or can i do it on mobile & tablet as well?
Brilliant question? Isn't it? You can access the courses on any device like PC, Mobile, Tablet & even on a smart tv. For mobile & a tablet you can download the Learnfly android or an iOS app. If mobile app is not available in your country, you can access the course directly by visting our website, its fully mobile friendly. -
Do i get any certificate for the courses?
Yes. Once you complete any course on our platform along with provided assessments by the instructor, you will be eligble to get certificate of course completion. -
For how long can i access my course on the platform?
You require an active subscription to access courses on our platform. If your subscription is active, you can access any course on our platform with no restrictions. -
Is there any free trial?
Currently, we do not offer any free trial. -
Can i cancel anytime?
Yes, you can cancel your subscription at any time. Your subscription will auto-renew until you cancel, but why would you want to?
Instructor
924 Course Views
1 Courses