
Explore the IBM QRadar SIEM bootcamp, covering IBM curator architecture, deployment options, log analysis, searches, rules, threat hunting, tuning, apps, dashboards, and custom integrations.
Explore the IBM curator architecture, detailing data collection with event and flow collectors, data processing with event and flow processors, and powerful data search, plus deployment options and backups.
Install the all-in-one console of the IBM QRadar curator from the community edition ISO, configuring a Red Hat Linux VM, network and time settings, and admin passwords.
Demystify the console GUI, explore QRadar services and how to replay events and flows, log in, and manage dashboards, offenses, logs, assets, reports, and admin tasks.
Install the IBM QRadar community edition from the free OVA, configure a static IP and DNS, run setup, and apply the perpetual licensing patch.
Learn how the IBM curator groups multiple events into offenses, then investigate them using event and flow data, examining magnitude, severity, credibility, evidence, and chaining for prioritized responses.
Master customized searches in IBM curator to perform threat hunting across log and network activity using quick filters, payload inspection, and advanced search techniques.
Learn how to use IBM QRadar SIEM queries, from basic quick filters to advanced SQL (AQL), including indexing, payload retention, and crafting effective searches for threat hunting.
Learn to create and enable custom event properties with regular expressions to extract attributes from log payloads, such as translated source port, and enable them for rules and indexing.
Explore how rules and building blocks shape IBM QRadar SIEM design, compare rule types and tests, and follow a practical workflow from creating to testing with live logs.
Master designing IBM QRadar rules and building blocks to optimize detection, including local and global correlation, anomaly rules, silent sources, and OR-ready building blocks.
Explore DSM configuration and log integration in IBM QRadar, including RBM files, syslog and log file workflows, and building a custom DSM for FortiGate and next thing deployments.
Demonstrates ingesting offenses from the IBM curator connector into FortiSOAR, configuring data ingestion, enriching with threat intel, and automating incident response via playbooks and scheduled workflows.
Create a custom action in curator to block an IP on a FortiGate firewall using the rest api, automating incident response for a faster soc.
Learn to use Postman to craft and test FortiGate API calls for blocking IPs, including creating a collection, building a post request, and configuring authorization.
Explore Windows logs collection with IBM WinCollect, comparing managed and standalone deployments, local versus remote collection, and planning considerations for sizing, configuration, and prerequisites.
Develop hands-on WinCollect skills with deployment planning, local vs remote collection, and interactive or silent installations, including configuration console use and remote polling.
Install wincollect 10 on a 2 to 3 server, configure local collection, and enable remote polling from 5 to 10 pcs via curator with credentials.
Explore the IBM security App Exchange to extend QRadar with content packs and pulse dashboards, connect to X-Force with api keys, and troubleshoot via extension management and cli.
Explore Curator's reference data collections—reference set, MAB, map of sets, maps, and table. Learn to create, load, and import data via UI, API, CLI, and connect threat intelligence feeds.
Explore the advanced threat protection and am i affected features within the threat intelligence app, using public feeds, reference sets, and curator logs to scan events and flows.
Perform hygiene checks on curator applications to free memory, install the use case manager for tuning, and verify log source management to enable proper onboarding.
Master continuous tuning in IBM QRadar SIEM by tuning reports and refining host definitions and network hierarchy. Use server discovery and VA scanners to maintain asset profiles and reduce noise.
Learn to tune offenses with the use case manager, identify noisy rules, and adjust thresholds and building blocks to reduce false positives and improve coverage.
Configure vulnerability assessment data as a data source in curator, ingesting Nessus results to enrich asset profiles, enable vulnerability-based rules, and reduce false positives.
Perform maintenance tuning by cleaning the SIM data model to refresh asset and host definitions, remove offences, and prepare for upcoming attack simulations and Windows profiling.
Learn to simulate a Windows 10 attack and profile processes with IBM QRadar SIEM using Sysmon process profiling, building a baseline of process names and hashes to spot unknowns.
Do you want to enter the SIEM field? Do you want to learn one of the leaders SIEM technologies?
Do you want to understand the concepts and gain the hands-on on IBM QRadar SIEM?
Then this course is designed for you. Through baby steps you will learn IBM QRadar SIEM
Important topics that you will learn about in this course include but not limited to the following:
The course is covering below topics:
- QRadar architecture
- QRadar components
- All-In-One installation
- Console GUI demystified, QRadar Services and Replay Events & Flows
- Offense, Event, Flow investigation
- Describe the use of the magnitude of an offense
- Offense management (retention, chaining, protection)
- Identify events not correctly parsed and their source
- Customized searches
- Log Integration and DSM Development
- Rules and Building Block Design
- AQL queries
- Custom properties
- WinCollect
- X-Force App Exchange, Content Packs and Pulse Installation and Troubleshooting
- QRadar Assistant App
- Install QRadar Content Packs using the QRadar Assistant App
- Reference Data Types and Management
- Analyze Building Blocks Host definition, category definition, Port definition
- Tuning building blocks and Tuning Methodology
- Use Case Manager app, MITRE threat groups and actors
- Dashboarding and Reporting
- Clean SIM Model
- Attack Simulation and Sysmon Process Profiling
- Rule Routing options, Rule Routing combination options and License Giveback
- Backup and restore
- Ingesting QRadar offenses into FortiSOAR
- Custom Integration with FortiGate Firewall to Block User's PC from Accessing the Internet
- Postman - An API Call Development Methodology
--- Below new section and lessons added on 25 October 2024 ---
New Section Name: QRadar Upgrade Planning and Procedures
New Lessons in section:
- Upgrade Planning
- Backups
- Mitigate Centos-base Apps
- QRadar Upgrade Procedures
- Wincollect Agents Dependencies and Managed Agents Auto-Update
-- Added New Section for Integration with IBM QRadar SOAR on 17th Feb 2026