IBM Qradar (C2150-624)
Backtrack Networks provide best IBM Qradar SIEM Training in Delhi ncr. This course deliver the SIEM tool installation, administration, network flow, Integration log source, CRE, ADE, offense management and many more. We also provide Online IBM Qradar training
Module 1:
Introduction to IBM Security QRADAR SIEM
QRADAR SIEM Purpose and FrameworkQRADAR SIEM Capabilities
QRADAR Deployment and Architecture
Collecting and Processing Logs – Dissecting Event Pipeline
Collecting and Processing Flows
QRADAR AIO Installation – Community edition on Virtual machine with CentOS
Module 2:
Using Administration tools
Deployment editor concepts in distributed environment.Applying auto updates
License Management
Configuring common administrative tasks
Module 3:
Asset Profile
Host Profiler functioningQRADAR learning assets automatically
Manually adding assets
Asset Reconciliation scenarios
Removing asset database /Updating Asset Database
Module 4:
Creating Network Hierarchy
Introduction to network hierarchyBuilding network hierarchy to avoid false positives
Understanding traffic context
QRADAR Network Hierarchy App Integration
Tuning Network Hierarchy
Module 5:
Updated Administrator Tools
Creating Reference setsIndex Management for efficient search
Managing users and authentication
Managing Data Backup and Retention
Module 6:
Integrating Network Flows
Configuring QRADAR Network interface to collect live traffic flowsDifferent ways of integrating Flows into QRADAR
Generate Type A, B and C flows [DDOS, Port Scanning] and analysing QRADAR in action
Replaying flows using TCPReplay and bash scripts
Introduction to QNI [QRADAR Network Insights] and benefits with flows
Module 7:
Integrating Log Sources
Understanding different Log Source ProtocolsUniversal DSM Concepts
Traffic Analysis/Auto Detection in action
Integrating Known Log sources in QRADAR [O365, SYSLOG, Windows etc
Creating Log Sources
Dissecting Known DSMs and configuration
Installing DSM from IBM Fix Central using YUM
Module 8:
Collecting Windows log records and integrating Sysmon
Collecting Windows logs using Win collectUnderstanding Windows Log collection agents – Win collect, Snare
Sysmon in action with live scenarios of potential attacks on windows using Kali
Module 9:
Managing Custom Log Sources
Creating custom log sources and using DSM editor to create new source typeAll about custom DSM and parsing of the logs
Log Replaying using custom built tools [Syslog Gen] and Log Run
Custom log sources using a universal DSM
Mapping unknown log records
DSM editor in action for custom parsing
QRADAR Identities [QIDs]
Mapping Log Source IDs to QIDs
Event categorization and mapping
Module 10:
Advanced Filtering and Searching
Using AQL in detail for advanced searchTips for efficient searching
Module 11:
CRE [Rules and Building Blocks in Action]
Building Blocks and usage in RulesUsing CRE to evaluate complex custom rules
Module 12:
ADE [Anomaly Detection Engine] Rules
Creating Anomaly and Threshold RulesModule 13:
Offenses management
Generate offenses from custom and built in RulesAnalyse Offense
Module 14:
Extension Management
Integrating different Applications from X-Force Exchange into QRADARIntegrating X-FORCE feeds using TAXII and builds rules
Integrating third party feeds for cognizance and reducing false positives
Integrating known custom content packs for advanced rule creation using Threat Intelligence
Module 15:
Integrating QRADAR Watson and User Behaviour Analytics [UBA]
Investigating Offenses with Watson advisorUBA in action
Module 16:
Security Use cases and Scenarios
Sample malware analysis using Flow analysisCapturing Reconnaissance attacks on DMZ servers configured in Network Hierarchy
Capturing possible Virus Outbreak
SQL injections detection and take custom action to stop data theft
Data exfiltration prevention [Using Kali Metasploit and reverse handlers]
Using Phish.me and Ransomware content packs from X-FORCE Exchange and catch malicious traffic
Create scenarios to catch malicious payload in captured flows
Module 17:
Managing False Positives and Reference maps in rules
Identifying false positives based on different scenariosTuning rules
Using reference sets and maps in rules
Module 18:
Reporting
Navigating reports tabCreating reports template
Using QRADAR APIs for advanced reporting
Module 19:
API integration
Exploring QRADAR APICreate python scripts to pull data from QRADAR
Create Macros in excel to interact with QRADAR API
Introduction to creating APPS in QRADAR using APP developer and SDK
Module 20:
Troubleshooting
Check for error log sourcesNetwork dumps at collector to check for traffic
Additional troubleshooting approach used based on scenarios