logo
Home

QRadar EDR: Integrating with QRadar SIEM BQ530G

  • CMDBID 1001838
  • Course Code BQ530G
  • Duration 0 Days
Scroll

IBM Security Course

course overview

download outline

Select Country and City to View dates & book now

Overview

b'

In this course you learn how to integrate QRadar EDR and SIEM by creating an API application in QRadar EDR and by adding a new log source in QRadar SIEM to add endpoint detection and alerts to QRadar SIEM. Integrating QRadar EDR and SIEM amplifies the power of QRadar XDR (extended detection and response) by leveraging AI and automation opportunities. Having advanced and automated response capabilities enables analysts to focus on the fight in front of them.

This course applies to version 3.12 of the on-premises IBM Security QRadar EDR offering.

'

Audience

This course is tailored to IT security analysts in a Security Operations Center (SOC) environment who are tasked with endpoint protection and threat hunting, as well as QRadar EDR administrators, incident responders, and managed service security providers (MSSP).

Skills Gained

In this course you learn to do these activities:

  • Configure an API application in QRadar EDR
  • Install a new log source in QRadar SIEM
  • Configure the correct protocol for a log source in QRadar SIEM
  • Analyze endpoint alerts from the SIEM dashboard using data from EDR

Outline

Unit 1: Integrating with QRadar SIEM

  • Configure an API application in QRadar EDR
  • Install a new log source in QRadar SIEM
  • Configure the correct protocol for a log source in QRadar SIEM
  • Analyze endpoint alerts from the SIEM dashboard using data from EDR

Unit 2: QRadar EDR - integrating with QRadar SIEM - Lab

  • Exercise 1 - Configuring QRadar EDR and QRadar SIEM integration
  • Exercise 2 - BitTorrent is run on an endpoint
  • Exercise 3 – Malware detected (tryme.exe)

Talk to an expert

Thinking about Onsite?

If you need training for 3 or more people, you should ask us about onsite training. Putting aside the obvious location benefit, content can be customised to better meet your business objectives and more can be covered than in a public classroom. Its a cost effective option. One on one training can be delivered too, at reasonable rates.

Submit an enquiry from any page on this site and let us know you are interested in the requirements box, or simply mention it when we contact you.

All $ prices are in USD unless it’s a NZ or AU date

SPVC = Self Paced Virtual Class

LVC = Live Virtual Class

Please Note: All courses are availaible as Live Virtual Classes

Trusted by over 1/2 million students in 15 countries

Our clients have included prestigious national organisations such as Oxford University Press, multi-national private corporations such as JP Morgan and HSBC, as well as public sector institutions such as the Department of Defence and the Department of Health.