QRadar SOAR: Case Management and Email Integration (BQ410XG-SPVC)

Overview

Get hands-on experience with the IBM QRadar® SOAR interface, focusing on the case management customization and the Breach Response module. Integrate the SOAR platform with an email system for user and case management.

This course is designed and built on a QRadar SOAR stand-alone virtual machine (V50.1.54) with a complementary SOAR App Host (v1.14.1).

However, the concepts that the course covers apply to all on-premises or SaaS versions of QRadar SOAR.

 

Intended Audience

This course is tailored for students involved in the security incident response, offering them a comprehensive understanding of the IBM SOAR platform and its concepts. It provides hands-on access to the QRadar SOAR platform, guides you through the management and customization of incident cases, and demonstrates the integration with the email system.

Audience

  • Security Operations Center (SOC) Analyst
  • Security Analyst
  • Incident Responder
  • Managed Service Security Provider (MSSP)

Prerequisites

null

Objective

Develop hands-on experience with the SOAR console:

  • Manage cases
  • Respond to breaches with the Breach Response module
  • Integrate the email system with SOAR platform (inbound and outbound) 
Pokaz szczególy

Course Outline

Prerequisites

Unit 1: SOAR console lab

Unit 2: Case management customization lab

Unit 3: SOAR Breach Response hands-on lab

Unit 4: SOAR and email integration lab