IBM Security QRadar SIEM Administration [BQ150G]

Forudsætninger

• Basic knowledge of the purpose and use of a security intelligence platform
• Familiarity with the Linux command line interface and PuTTY
• Familiarity with custom rules
• Familiarity with the Ariel database and its purpose in QRadar SIEM
• Students should attend BQ102G, IBM Security QRadar Foundations or be able to navigate and use the QRadar SIEM Console

Deltagerprofil

This course is designed for QRadar SIEM administrators and professional services personnel managing QRadar SIEM deployments.

Indhold

• Install and manage automatic updates to QRadar SIEM assets
• Configure QRadar backup and restore policies
• Leverage QRadar administration tools to aggregate, review, and interpret metrics
• Use network hierarchy objects to manage QRadar SIEM objects and groups
• Manage QRadar hosts and licenses and deploy assets
• Monitor the health of assets in a QRadar deployment
• Configure system settings and asset profiles
• Configure reasons that QRadar administrators use to close offenses
• Create and manage reference sets
• Create the credentials used to perform authenticated scans
• Manage, route, and store event and flow data
• Use domains in QRadar SIEM to act as a filter for events, flows, scanners, assets, rules, offenses, and retention policies
• Configure user accounts including user profiles, authentication, and authorizations
• Manage custom properties for assets, events, and flows
• Manage QRadar log sources
• Manage QRadar flow sources
• Integrate Vulnerability Assessment Scanner results in QRadar SIEM
• Manage groups that monitor Internet networks and services

Undervisere

Undervisningen varetages af en erfaren underviser fra Teknologisk Instituts netværk bestående af branchens dygtigste undervisere