Résumé du cours
IBM Security QRadar SIEM enables you to minimize the time gap between when suspicious activity occurs and when you detect it. There are a variety of administrative tools you can use to manage a QRadar SIEM deployment. This course covers system configuration, data source configuration, and remote networks and services configuration.
Moyens d'évaluation :
- Quiz pré-formation de vérification des connaissances (si applicable)
- Évaluations formatives pendant la formation, à travers les travaux pratiques réalisés sur les labs à l’issue de chaque module, QCM, mises en situation…
- Complétion par chaque participant d’un questionnaire et/ou questionnaire de positionnement en amont et à l’issue de la formation pour validation de l’acquisition des compétences
A qui s'adresse cette formation
This course is designed for QRadar SIEM administrators and professional services personnel managing QRadar SIEM deployments.
Pré-requis
Before taking this course, make sure that you have the following skills:
- Basic knowledge of the purpose and use of a security intelligence platform
- Familiarity with the Linux command line interface and PuTTY
- Familiarity with custom rules
- Familiarity with the Ariel database and its purpose in QRadar SIEM
- Students should attend BQ102G, IBM Security QRadar Foundations or be able to navigate and use the QRadar SIEM Console
Contenu
Unit 1: Auto Update Unit 2: Backup and Recovery Unit 3: Index and Aggregated Data Management Unit 4: Network Hierarchy Unit 5: System Management Unit 6: License Management Unit 7: Deployment Actions Unit 8: High Availability management Unit 9: System Health and Master Console Unit 10: System Settings and Asset Profiler Configuration Unit 11: Custom Offense Close Reasons Unit 12: Store and Forward Unit 13: Reference Set Management Unit 14: Centralized Credentials Unit 15: Forwarding Destinations Unit 16: Routing Rules Unit 17: Domain Management Unit 18: Users, User Roles, and Security Profiles Unit 19: Authentication Unit 20: Authorized Services Unit 21: Backup and Recovery Unit 22: Custom Asset Properties Unit 23: Log Sources Unit 24: Log Soruce Groups Unit 25: Log Source Extensions Unit 26: Log Source Parsing Ordering Unit 27: Custom Properties Unit 28: Event and Flow Retention Unit 29: Flow Sources Unit 30: Flow Sources Aliases Unit 31: VA Scanners Unit 32: Remote Networks and Services
Moyens Pédagogiques :