Modern IBM QRadar 7.5 SIEM Administration

سرفصل های دوره

Understand modern best practices that will make you a better SIEM administrator

1. Introduction And Installation

1. A quick word from me to you

2. Introduction And About the instructor

3. Quick note about external resources - Important!.html

4. Introduction to SIEM

5.1 QRadar Architecture - Deep Dive.pdf

5.2 QRadar Architecture - General.pdf

5. Introduction to QRadar

6.1 ISO Download Link.html

6. Installing QRadar

7.1 Wincollect Download Link.html

7.2 Wincollect IBM documentation.html

7. Ingesting events from a Windows machine

8.1 Sending PfSense Logs to QRadar.html

8. Ingesting events from PfSense firewall

2. QRadar overview

1. User Interface

2. Log Activity basic searching

3.1 QRadar Core Services.html

3. QRadar Services

3. Rules

1. Requirements for upcoming application installations

2.1 Everything you need to know about QRadar Rules.html

2.2 Investigating QRadar rules and building blocks.html

2.3 QRadar building blocks.html

2.4 Use Case Manager.html

2. Use Case Manager, Rules and Building Blocks

3. Using AQL inside rules

4.1 Troubleshooting rules.html

4. Troubleshooting rules

5.1 Optimizing Rules.html

5. Optimizing rules

6.1 Troubleshooting Custom Rule performance.html

6. Identifying expensive rules

7.1 SIGMA Rules Github.html

7. Practical Example #1 - SIGMA rules

8. Practical Example #2 - Firewall rules

4. Working with Reference Data

1.1 Creating reference data collections by using the command line.html

1.2 Reference data query examples.html

1.3 Types of reference data collections.html

1. Different types of Reference Data

2. Using Reference Data with the default user interface

3. Integrating Reference Data and Rules

4. Advice on dealing with massive amounts of Reference Data

5. QRadar Administration - System Configuration

1.1 Managed hosts.html

1. Managed hosts

2.1 Defining your network hierarchy.html

2. Network hierarchy

3.1 Automatic updates.html

3.2 Configuring automatic update settings.html

3.3 Important auto update server changes for administrators.html

3. Automatic updates

4.1 About event retention buckets.html

4. Event retention

5.1 Backup QRadar configurations and data.html

5. Backup and recovery

6.1 Configuring event and flow custom email notifications.html

6. Custom offense Email templates

6. QRadar Administration - Performance Optimization

1.1 Configuring the retention period for payload indexes.html

1.2 Enabling indexes.html

1.3 Enabling payload indexing to optimize search times.html

1. Index management

2.1 Resource restrictions in distributed environments.html

2.2 Restrictions to prevent resource-intensive searches.html

2. Configuring resource restrictions

3.1 Configuring routing rules to forward data.html

3.2 Routing options for rules.html

3. Routing Rules

7. QRadar Administration - Data Source Configuration

1.1 How to use Microsoft Event Viewer to create an XPath Query.html

1.2 XPath Query Troubleshooting.html

1. XPath queries

2.1 Adding a log source to receive events.html

2.2 Protocol configuration options.html

2.3 Testing log sources.html

2. Log source management

3.1 How does coalescing work in QRadar.html

3. Event coalescing

4.1 Log source groups.html

4. Log source groups

5.1 Exporting events.html

5. Exporting event data

6.1 DSM Editor overview.html

6. Custom log source types (DSM) Event Mappings

7.1 QRadar AQL Custom Properties.html

7. Custom AQL Properties

8.1 Creating a custom property.html

8.2 Custom event and flow properties.html

8.3 Defining custom properties by using custom property expressions.html

8.4 Modifying or deleting a custom property.html

8. Custom event properties

8. QRadar Administration - Accuracy Tuning

1.1 Configuring a MaxMind account for geographic data updates.html

1. Configuring MaxMind GeoIP

2.1 Configuring a MaxMind account for geographic data updates.html

2. Verifying GeoIP Changes

3.1 Enabling the X-Force Threat Intelligence feed.html

3.2 IBM X-Force Exchange plug-in for QRadar.html

3.3 IBM X-Force integration.html

3. Configuring X-Force Integration

9. QRadar Administration - User Management

1.1 User accounts.html

1. Managing users

2.1 User roles.html

2. User roles

3.1 Security profiles.html

3. Security profiles

4.1 User authentication.html

4. Managing user authentication And authorization

10. QRadar Administration - Reporting, Searching And Offense Management

1.1 Report management.html

1. Managing reports

2.1 AQL Query structure.html

2.2 AQL search string examples.html

2.3 Ariel Query Language.html

2.4 Converting a saved search to an AQL string.html

2.5 Querying with dynamic search.html

2.6 Sample AQL queries.html

2. Utilizing different search types

3.1 How QRadar Offense Renaming works.html

3.2 Offense management.html

3. Managing offenses

4.1 Sharing Dashboard Items.html

4.2 Sharing report groups.html

4. Sharing content among users

11. QRadar Administration - Tenants and Domains

1.1 Guidelines for defining your network hierarchy.html

1.2 Network hierarchy updates in a multitenant deployment.html

1. Differentiating between network hierarchy and domain definition

2.1 Domain segmentation.html

2.2 Domains and log sources in multitenant environments.html

2.3 QRadar Multi-tenancy, Domains and Log Source Groups.html

2. Managing domains and tenants

3.1 Monitoring license usage in multitenant deployments.html

3. Monitoring license usage

4.1 Security profiles.html

4.2 User roles.html

4. Assigning users to tenants

12. QRadar Administration - Troubleshooting

1.1 QRadar system notifications.html

1. Responding to and dealing with system notifications

2. Troubleshooting common issues.html

3.1 How to use Recon to troubleshoot QRadar applications.html

3. Troubleshooting applications

4.1 Using ThreadTop to determine QRadar process load.html

4. Troubleshoot service performance

13. Working with the QRadar Console

1. Connecting to the Console

2. QRadar filesystem.html

3. Running AQL inside the Console

4.1 Core services and the impact of restarting services.html

4. Troubleshooting services

5. Troubleshooting events rate and connectivity

6.1 Full Deployment Failed.html

6. Performing a manual deploy

7.1 Reverting to certificates that are generated by the QRadar local CA.html

7. Reverting SSL certificate to locally signed

8. Deleting a rule directly from the console

9. Useful Console commands list.html

14. Working with the API

1.1 Python utility functions for QRadar.html

1.2 QRadar API endpoint documentation and supported versions.html

1. QRadar API basics

2.1 QRadar API Example.html

2. Example - Python script with QRadar API

15. Practical Use Cases for NewExisting Deployments

1. Alerting on non-reporting log sources

2. Alerting on non-reporting domains

3. Alerting on disabled custom properties

4. Alerting on disk usage exceeded warningmaximum threshold

5. Alerting on events dropped

6. DSM Failed to load data error

7.1 monitor eps and log sources (1).zip

7. Creating useful dashboards with Pulse

8.1 App Link.html

8. Working with Threat Intelligence

9.1 App Link.html

9. Working with QRadar Deployment Intelligence

10. Mandatory steps after upgrading Console CPU

11.1 Truncated Logs.html

11. Logs are being truncated split

12. Section Notes.html

13. Notes about updating applications.html

16. Course End - Congratulations!

1. End Notes

139,000 تومان

خرید اشتراک افزودن به سبد خرید

خرید دانلودی فوری

در این روش نیاز به افزودن محصول به سبد خرید و تکمیل اطلاعات نیست و شما پس از وارد کردن ایمیل خود و طی کردن مراحل پرداخت لینک های دریافت محصولات را در ایمیل خود دریافت خواهید کرد.

تولید کننده: Udemy-Training