QRadar SOAR: Case Management and Email Integration
(BQ410XG-SPVC)
Overview
Get hands-on experience with the IBM QRadar® SOAR interface, focusing on the case management customization and the Breach Response module. Integrate the SOAR platform with an email system for user and case management.
This course is designed and built on a QRadar SOAR stand-alone virtual machine (V50.1.54) with a complementary SOAR App Host (v1.14.1).
However, the concepts that the course covers apply to all on-premises or SaaS versions of QRadar SOAR.
Intended Audience
This course is tailored for students involved in the security incident response, offering them a comprehensive understanding of the IBM SOAR platform and its concepts. It provides hands-on access to the QRadar SOAR platform, guides you through the management and customization of incident cases, and demonstrates the integration with the email system.
Audience
- Security Operations Center (SOC) Analyst
- Security Analyst
- Incident Responder
- Managed Service Security Provider (MSSP)
Prerequisites
nullObjective
Develop hands-on experience with the SOAR console:
- Manage cases
- Respond to breaches with the Breach Response module
- Integrate the email system with SOAR platform (inbound and outbound)
Course Outline
Prerequisites
Unit 1: SOAR console lab
Unit 2: Case management customization lab
Unit 3: SOAR Breach Response hands-on lab
Unit 4: SOAR and email integration lab