Code
BQ150GRO
Duration
2 days
Tags
Online Offline

DescriptionWhat we offer

IBM Security QRadar SIEM enables you to minimize the time gap between when suspicious activity occurs and when you detect it. There are a variety of administrative tools you can use to manage a QRadar SIEM deployment. This course covers system configuration, data source configuration, and remote networks and services configuration.

ObjectivesWhat you learn

Learning objectives

  • Install and manage automatic updates to QRadar SIEM assets
  • Configure QRadar backup and restore policies
  • Leverage QRadar administration tools to aggregate, review, and interpret metrics
  • Use network hierarchy objects to manage QRadar SIEM objects and groups
  • Manage QRadar hosts and licenses and deploy assets
  • Monitor the health of assets in a QRadar deployment
  • Configure system settings and ass profiles
  • Configure reasons that QRadar administrators use to close offenses
  • Create and manage reference sets
  • Configure user accounts including user profiles and authorizations
  • Manage QRadar log sources
  • Store event and flow data
  • Manage QRadar flow sources
  • Manage groups that monitor Internet networks and services

TopicsThe best for you

Unit 1: Auto Update
Unit 2: Backup and Recovery
Unit 3: Index and Aggregated Data Management
Unit 4: Network Hierarchy
Unit 5: System Management
Unit 6: License Management
Unit 7: Deployment Actions
Unit 8: High Availability management
Unit 9: System Health and Master Console
Unit 10: System Settings and Asset Profiler Configuration
Unit 11: Custom Offense Close Reasons
Unit 12: Reference Set Management
Unit 13: Authorized Services
Unit 14: Users, User Roles, and Security Profiles
Unit 15: Log Sources
Unit 16: Log Source Extensions
Unit 17: Log Source parsing Ordering
Unit 18: Event and Flow Retention
Unit 19: Flow Sources
Unit 20: Flow Sources Aliases
Unit 21: Remote Networks and Services

PrerequisitesWhat should you know

Before taking this course, make sure that you have the following skills:

  • Basic knowledge of the purpose and use of a security intelligence platform
  • Familiarity with the Linux command line interface and PuTTY
  • Familiarity with Custom Rules engine (CRE) rules
  • Familiarity with the Ariel database and its purpose in QRadar SIEM
  • Students should attend BQ102G, IBM Security QRadar Foundations or be able to navigate and use the QRadar SIEM Console
  • Students should attend BQ132G, IBM Security QRadar SIEM Advanced Topics (optional)

AudienceWho should attend

This course is designed for QRadar SIEM administrators and professional services personnel managing QRadar SIEM deployments.