QRadar UBA: Detecting Insider Threats (v7.5) (BQ610XG-SPVC)

Overview

Learn how to detect insider threats triggered by anomalous or malicious user behavior. Get ready to install, configure, and tune IBM Security® QRadar UBA and the Machine Learning app. Improve your skill to investigate user behavior with UBA and expand your threat detection capabilities across your network with the QRadar® Advisor with Watson™ app.

Audience

Security Analyst

Prerequisites

null

Objective

  • Analyze UBA concepts, such as the senseValue variable, risk scores, and the IBM Sense DSM.
  • Identify how QRadar rules are connected to UBA and how user information is imported into the app.
  • Install and configure the app, as well as the User Import tool and the the Machine Learning app.
  • Tune UBA settings to improve the application’s behavior and performance.
  • Analyze how UBA can help you detect and investigate insider threats.
  • Analyze how to use the UBA Dashboard.
  • Investigate how to detect malicious user behavior.
Show details

Course Outline

Unit 1: Architecture and Overview

Unit 2: Setup 

  • Installation
  • Configuration
  • User Import
  • Machine Learning configuration

Unit 3: Tuning

Unit 4: An overview to detecting and investigating insider threats

Unit 5: Student exercise