Overview

This course is designed and built on IBM Security® QRadar® 7.4.3. and QRadar 7.5.0. The lab is built on QRadar 7.5.0 update 8.

What you learn:

• Create custom log sources
• Work with reference data collections and custom rules
• Use X-Force data and Threat Intelligence app
• Use the Use Case Manager app
• Use User Behavior Analytics (UBA) and QRadar Advisor
• Discover and perform tuning
• Explore custom action scripts
• Integrate QRadar with IBM SOAR

Skills you gain:

• Threat investigation
• QRadar data searching
• QRadar X-Force integration
• QRadar incident response

Audience

This course is designed for security administrators and security analysts.

Prerequisites

Students should be knowledgeable about the following topics:

• IT infrastructure
• IT security fundamentals
• Linux
• Windows
• TCP/IP networking
• Syslog
• Foundational skills for the IBM QRadar Security Intelligence Platform (at least the skills that are taught in the IBM QRadar SIEM Foundations - BQ104 course)

Objective

• Learn how to create custom log sources
• Discover how to work with reference data collections and custom rules
• Use X-Force data and Threat Intelligence app
• Use the Use Case Manager app
• Learn how to use UBA and QRadar Advisor
• Discover Tuning
• Explore Custom action scripts
• Discuss Integration with IBM SOAR

Course Outline

Unit 1: Custom log sources

Unit 2: Reference data collections and custom rules

Unit 3: IBM X-Force Threat Intelligence in QRadar

Unit 4: User Behavior Analytics and Advisor with Watson

Unit 5: Tuning

Unit 6: Custom action scripts

Unit 7: IBM SOAR integration