IBM Security QRadar SIEM Administration (BQ150G)
IBM Security QRadar SIEM enables you to minimize the time gap between when suspicious activity occurs and when you detect it. There are a variety of administrative tools you can use to manage a QRadar SIEM deployment. This course covers system configuration, data source configuration, and remote networks and services configuration.
Level: COURSES.L_LEVEL_0
Total Hours: 24 小時
Number of Lessons: 3
開課日期: Oct 03, 2017
Day of the week: Thu
NTD 2,400

Course Introduction

Course Overview

IBM Security QRadar SIEM enables you to minimize the time gap between when suspicious activity occurs and when you detect it. There are a variety of administrative tools you can use to manage a QRadar SIEM deployment. This course covers system configuration, data source configuration, and remote networks and services configuration.

Who Should Attend

  • This course is designed for QRadar SIEM administrators and professional services personnel managing QRadar SIEM deployments.

Course Certifications

This course is part of the following Certifications:

Prerequisites

Course Objectives

Learning objectives

  • Install and manage automatic updates to QRadar SIEM assets

  • Configure QRadar backup and restore policies

  • Leverage QRadar administration tools to aggregate, review, and interpret metrics

  • Use network hierarchy objects to manage QRadar SIEM objects and groups

  • Manage QRadar hosts and licenses and deploy assets

  • Monitor the health of assets in a QRadar deployment

  • Configure system settings and asset profiles

  • Configure reasons that QRadar administrators use to close offenses

  • Create and manage reference sets

  • Configure user accounts including user profiles and authorizations

  • Manage QRadar log sources

  • Store event and flow data

  • Manage QRadar flow sources

  • Manage groups that monitor Internet networks and services

Course Content

  • Unit 1: Auto Update

  • Unit 2: Backup and Recovery

  • Unit 3: Index and Aggregated Data Management

  • Unit 4: Network Hierarchy

  • Unit 5: System Management

  • Unit 6: License Management

  • Unit 7: Deployment Actions

  • Unit 8: High Availability management

  • Unit 9: System Health and Master Console

  • Unit 10: System Settings and Asset Profiler Configuration

  • Unit 11: Custom Offense Close Reasons

  • Unit 12: Reference Set Management

  • Unit 13: Authorized Services

  • Unit 14: Users, User Roles, and Security Profiles

  • Unit 15: Log Sources

  • Unit 16: Log Source Extensions

  • Unit 17: Log Source parsing Ordering

  • Unit 18: Event and Flow Retention

  • Unit 19: Flow Sources

  • Unit 20: Flow Sources Aliases

  • Unit 21: Remote Networks and Services