وب سایت تخصصی شرکت فرین
دسته بندی دوره ها

Modern IBM QRadar 7.5 SIEM Administration

سرفصل های دوره

Understand modern best practices that will make you a better SIEM administrator


1. Introduction And Installation
  • 1. A quick word from me to you
  • 2. Introduction And About the instructor
  • 3. Quick note about external resources - Important!.html
  • 4. Introduction to SIEM
  • 5.1 QRadar Architecture - Deep Dive.pdf
  • 5.2 QRadar Architecture - General.pdf
  • 5. Introduction to QRadar
  • 6.1 ISO Download Link.html
  • 6. Installing QRadar
  • 7.1 Wincollect Download Link.html
  • 7.2 Wincollect IBM documentation.html
  • 7. Ingesting events from a Windows machine
  • 8.1 Sending PfSense Logs to QRadar.html
  • 8. Ingesting events from PfSense firewall

  • 2. QRadar overview
  • 1. User Interface
  • 2. Log Activity basic searching
  • 3.1 QRadar Core Services.html
  • 3. QRadar Services

  • 3. Rules
  • 1. Requirements for upcoming application installations
  • 2.1 Everything you need to know about QRadar Rules.html
  • 2.2 Investigating QRadar rules and building blocks.html
  • 2.3 QRadar building blocks.html
  • 2.4 Use Case Manager.html
  • 2. Use Case Manager, Rules and Building Blocks
  • 3. Using AQL inside rules
  • 4.1 Troubleshooting rules.html
  • 4. Troubleshooting rules
  • 5.1 Optimizing Rules.html
  • 5. Optimizing rules
  • 6.1 Troubleshooting Custom Rule performance.html
  • 6. Identifying expensive rules
  • 7.1 SIGMA Rules Github.html
  • 7. Practical Example #1 - SIGMA rules
  • 8. Practical Example #2 - Firewall rules

  • 4. Working with Reference Data
  • 1.1 Creating reference data collections by using the command line.html
  • 1.2 Reference data query examples.html
  • 1.3 Types of reference data collections.html
  • 1. Different types of Reference Data
  • 2. Using Reference Data with the default user interface
  • 3. Integrating Reference Data and Rules
  • 4. Advice on dealing with massive amounts of Reference Data

  • 5. QRadar Administration - System Configuration
  • 1.1 Managed hosts.html
  • 1. Managed hosts
  • 2.1 Defining your network hierarchy.html
  • 2. Network hierarchy
  • 3.1 Automatic updates.html
  • 3.2 Configuring automatic update settings.html
  • 3.3 Important auto update server changes for administrators.html
  • 3. Automatic updates
  • 4.1 About event retention buckets.html
  • 4. Event retention
  • 5.1 Backup QRadar configurations and data.html
  • 5. Backup and recovery
  • 6.1 Configuring event and flow custom email notifications.html
  • 6. Custom offense Email templates

  • 6. QRadar Administration - Performance Optimization
  • 1.1 Configuring the retention period for payload indexes.html
  • 1.2 Enabling indexes.html
  • 1.3 Enabling payload indexing to optimize search times.html
  • 1. Index management
  • 2.1 Resource restrictions in distributed environments.html
  • 2.2 Restrictions to prevent resource-intensive searches.html
  • 2. Configuring resource restrictions
  • 3.1 Configuring routing rules to forward data.html
  • 3.2 Routing options for rules.html
  • 3. Routing Rules

  • 7. QRadar Administration - Data Source Configuration
  • 1.1 How to use Microsoft Event Viewer to create an XPath Query.html
  • 1.2 XPath Query Troubleshooting.html
  • 1. XPath queries
  • 2.1 Adding a log source to receive events.html
  • 2.2 Protocol configuration options.html
  • 2.3 Testing log sources.html
  • 2. Log source management
  • 3.1 How does coalescing work in QRadar.html
  • 3. Event coalescing
  • 4.1 Log source groups.html
  • 4. Log source groups
  • 5.1 Exporting events.html
  • 5. Exporting event data
  • 6.1 DSM Editor overview.html
  • 6. Custom log source types (DSM) Event Mappings
  • 7.1 QRadar AQL Custom Properties.html
  • 7. Custom AQL Properties
  • 8.1 Creating a custom property.html
  • 8.2 Custom event and flow properties.html
  • 8.3 Defining custom properties by using custom property expressions.html
  • 8.4 Modifying or deleting a custom property.html
  • 8. Custom event properties

  • 8. QRadar Administration - Accuracy Tuning
  • 1.1 Configuring a MaxMind account for geographic data updates.html
  • 1. Configuring MaxMind GeoIP
  • 2.1 Configuring a MaxMind account for geographic data updates.html
  • 2. Verifying GeoIP Changes
  • 3.1 Enabling the X-Force Threat Intelligence feed.html
  • 3.2 IBM X-Force Exchange plug-in for QRadar.html
  • 3.3 IBM X-Force integration.html
  • 3. Configuring X-Force Integration

  • 9. QRadar Administration - User Management
  • 1.1 User accounts.html
  • 1. Managing users
  • 2.1 User roles.html
  • 2. User roles
  • 3.1 Security profiles.html
  • 3. Security profiles
  • 4.1 User authentication.html
  • 4. Managing user authentication And authorization

  • 10. QRadar Administration - Reporting, Searching And Offense Management
  • 1.1 Report management.html
  • 1. Managing reports
  • 2.1 AQL Query structure.html
  • 2.2 AQL search string examples.html
  • 2.3 Ariel Query Language.html
  • 2.4 Converting a saved search to an AQL string.html
  • 2.5 Querying with dynamic search.html
  • 2.6 Sample AQL queries.html
  • 2. Utilizing different search types
  • 3.1 How QRadar Offense Renaming works.html
  • 3.2 Offense management.html
  • 3. Managing offenses
  • 4.1 Sharing Dashboard Items.html
  • 4.2 Sharing report groups.html
  • 4. Sharing content among users

  • 11. QRadar Administration - Tenants and Domains
  • 1.1 Guidelines for defining your network hierarchy.html
  • 1.2 Network hierarchy updates in a multitenant deployment.html
  • 1. Differentiating between network hierarchy and domain definition
  • 2.1 Domain segmentation.html
  • 2.2 Domains and log sources in multitenant environments.html
  • 2.3 QRadar Multi-tenancy, Domains and Log Source Groups.html
  • 2. Managing domains and tenants
  • 3.1 Monitoring license usage in multitenant deployments.html
  • 3. Monitoring license usage
  • 4.1 Security profiles.html
  • 4.2 User roles.html
  • 4. Assigning users to tenants

  • 12. QRadar Administration - Troubleshooting
  • 1.1 QRadar system notifications.html
  • 1. Responding to and dealing with system notifications
  • 2. Troubleshooting common issues.html
  • 3.1 How to use Recon to troubleshoot QRadar applications.html
  • 3. Troubleshooting applications
  • 4.1 Using ThreadTop to determine QRadar process load.html
  • 4. Troubleshoot service performance

  • 13. Working with the QRadar Console
  • 1. Connecting to the Console
  • 2. QRadar filesystem.html
  • 3. Running AQL inside the Console
  • 4.1 Core services and the impact of restarting services.html
  • 4. Troubleshooting services
  • 5. Troubleshooting events rate and connectivity
  • 6.1 Full Deployment Failed.html
  • 6. Performing a manual deploy
  • 7.1 Reverting to certificates that are generated by the QRadar local CA.html
  • 7. Reverting SSL certificate to locally signed
  • 8. Deleting a rule directly from the console
  • 9. Useful Console commands list.html

  • 14. Working with the API
  • 1.1 Python utility functions for QRadar.html
  • 1.2 QRadar API endpoint documentation and supported versions.html
  • 1. QRadar API basics
  • 2.1 QRadar API Example.html
  • 2. Example - Python script with QRadar API

  • 15. Practical Use Cases for NewExisting Deployments
  • 1. Alerting on non-reporting log sources
  • 2. Alerting on non-reporting domains
  • 3. Alerting on disabled custom properties
  • 4. Alerting on disk usage exceeded warningmaximum threshold
  • 5. Alerting on events dropped
  • 6. DSM Failed to load data error
  • 7.1 monitor eps and log sources (1).zip
  • 7. Creating useful dashboards with Pulse
  • 8.1 App Link.html
  • 8. Working with Threat Intelligence
  • 9.1 App Link.html
  • 9. Working with QRadar Deployment Intelligence
  • 10. Mandatory steps after upgrading Console CPU
  • 11.1 Truncated Logs.html
  • 11. Logs are being truncated split
  • 12. Section Notes.html
  • 13. Notes about updating applications.html

  • 16. Course End - Congratulations!
  • 1. End Notes
  • 139,000 تومان
    بیش از یک محصول به صورت دانلودی میخواهید؟ محصول را به سبد خرید اضافه کنید.
    خرید دانلودی فوری

    در این روش نیاز به افزودن محصول به سبد خرید و تکمیل اطلاعات نیست و شما پس از وارد کردن ایمیل خود و طی کردن مراحل پرداخت لینک های دریافت محصولات را در ایمیل خود دریافت خواهید کرد.

    ایمیل شما:
    تولید کننده:
    مدرس:
    شناسه: 14161
    حجم: 3575 مگابایت
    مدت زمان: 476 دقیقه
    تاریخ انتشار: ۲۹ خرداد ۱۴۰۲
    دیگر آموزش های این مدرس
    طراحی سایت و خدمات سئو

    139,000 تومان
    افزودن به سبد خرید