IBM XDR (ReaQta) Training
(TD-IBMXDR)
This Tech Data exclusive training focuses on basic knowledge and management of XDR (ReaQta). The training includes presentation from the trainer as well as excercises in lab environment for better experience in practice.
Prerequisites:
- IT infrastructure
- IT security fundamentals
- Windows
- TCP/IP networking
Agenda:
- What is EDR/XDR, usage, basic working principles of AI/ML, functionality
- Architecture of On-Prem/Cloud, HW requirements
- Introduction to GUI
- Multi-tenancy, endpoint management, agent deployment
- Admin options, role management, notifications
- Events, alerts and behavioral tree
- Manual and automatic events/alerts processing
- Different malwares with detailed behavioral trees
- IOC insights
- Real-time incident response
- Process suspension/termination
- Network isolation/de-isolation
- Endpoint remediation
- Malicious code/registry entry removal
- Encrypted original file recovery
- Logs searching and threat hunting
- Logs search filters and parameters
- Suspicious PowerShell scripts
- Unusual app/user behavior
- MITRE framework and forensic analysis
- MITRE for IOC analysis
- Generate complete endpoint forensic packages
- Basic rules and policies + triage
- Create, modify, enable/disable rules/policies
- Validate by triage
- Reports and dashboards
- Advanced Lua + YARA tools
- Custom Lua rule/policy scripts
- Utilize OSS YARA repositories
- Advanced HunQ CLI investigation
- CLI searching excersices
- IBM SIEM + SOAR integration, API