Visão Geral

Curso IBM Security QRadar SIEM. BM QRadar é uma ferramenta SIEM (gerenciamento de informações e eventos de segurança) para empresas. Ele coleta dados de log de dispositivos de rede, sistemas operacionais, vulnerabilidades, ativos de host, aplicativos e comportamentos e atividades de usuários de uma organização. Em seguida, o IBM QRadar realiza a análise em tempo real dos fluxos de rede e registra dados para detectar comportamentos maliciosos para que possam ser rapidamente interrompidos, limitando ou evitando danos à empresa.

Pre-Requisitos

• Compreensão básica de redes.
• Habilidades básicas em estruturas de segurança de TI e conhecimento de TC/IP.
• Habilidades fundamentais de Expressões Regulares.

Materiais

Conteúdo Programatico

IBM QRadar SIEM - Introduction

1. Overview of IBM Qradar 
2. HA (High Availability) & Core Abilities of QRadar SIEM

QRadar SIEM - Architecture

Data Processing System

1. Event Processor
2. Flow Processor

Data Collection System

1. Event Collector
2. Flow Collector

Understanding Magistrate Component

Aerial Database concept

Data Storage

High-Level Architecture

Console Structure

Log & Network Activity

1. Real-time events & Log flow
2. False Positives Identification and Tuning 
3. Search/Explore Events, Filter Criteria

Collection Of Logs

1. Creating Log Source and Its Management
2. WinCollect
3. Syslog

QRadar SIEM Console

1. What is a Dashboard?
2. Dashboard Types
3. Customization of Dashboards

Rules, Reports, Offenses

1. Managing Offenses
2. Creating Rules & Blocks
3. Managing Reports

Risk Administration

1. Estimating Risk
2. QRadar SIEM Management

Evaluation of Assets & Vulnerability

1. Analysis & Estimation of Vulnerability
2. Realization of Assets
3. Import & Export of Assets

Backup

1. Different Backup Types

Applying Solutions

1. Scope of QRadar SIEM solution 
2. Recommendations on Default Log Activity Reports 
3. Network Hierarchy (grading) Development
4. Steps to Deploy
5. Setting Up Authentication

Custom Log Sources

1. Getting the trial logs
2. Identifiers for QRadar
3. Connecting custom QIDs to the Log Source ID
4. Start mapping the uncommon log records.
5. Using DSM Editor to build a custom Parser

Rules Creation & Tuning Up

1. Rules of IBM QRadar SIEM
2. Implementing Building Blocks
3. Creating Rules
4. Offense Research & analysis
5. Applying Time Series & Anomaly rules
6. Managing Misleading (False Positive)
7. Tuning Techniques

Reports of IBM Qradar SIEM

1. IBM Qradar Reports Creation
2. Reporting Overview
3. Filtering Layout

AQL Overview

1. AQL- Fundamentals
2. Using AQL to build new/advanced queries.
3. Analytics of User Behavior 
4. IBM Security QRadar SIEM with Watson Advisor
5. IBM X-Force Threat Intelligence & QRadar SIEM integration