Opleiding: QRadar EDR: Integrating with QRadar SIEM - SPVC [BQ530XG]
OVERVIEW
Gain knowledge on how to integrate IBM Security® QRadar® EDR and SIEM by creating an API application in QRadar EDR and by adding a new log source in QRadar SIEM to add endpoint detection and alerts to QRadar SIEM. Having advanced and automated response capabilities enables analysts to focus on the fight in front of them.
This course applies to version 3.12 of the on-premises QRadar EDR offering.
OBJECTIVES
- Configure an API application in QRadar EDR
- Install a new log source in QRadar SIEM
- Install the correct protocol for a log source in QRadar SIEM
- Analyze endpoint alerts from the SIEM dashboard using data from EDR
CONTENT
Unit 1: Integrating with QRadar SIEM
- Configure an API application in QRadar EDR
- Install a new log source in QRadar SIEM
- Configure the correct protocol for a log source in QRadar SIEM
- Analyze endpoint alerts from the SIEM dashboard using data from EDR
Unit 2: QRadar EDR - integrating with QRadar SIEM - Lab
- Exercise 1 - Configuring QRadar EDR and QRadar SIEM integration
- Exercise 2 - BitTorrent is run on an endpoint
- Exercise 3 - Malware detected (tryme.exe)
€420
ex. BTW
Aangeboden door
Global Knowledge Network Netherlands B.V.
Onderwerp
SIEM
Niveau
Looptijd
0 dag
Taal
nl
Type product
cursus
Lesvorm
E-Learning
Keurmerken aanbieder
Cedeo
CRKBO en BTW-vrijstelling
VOI
EXIN
ISO register
Microsoft Learning Partner
VMWare Partner
Oracle Education Partner
AgilePM - Agile Project Management (APMG)
ASL