Udemy
    •  
    •  
    •  
    •  
    •  
    •  
    •  
    •  
Turn what you know into an opportunity and reach millions around the world.
Learn More
Your cart is empty.
Keep shopping
IBM QRadar SIEM - A Step-by-Step BootCamp
Bestseller
Highest Rated
Rating: 4.7 out of 5(1,148 ratings)
10,045 students

IBM QRadar SIEM - A Step-by-Step BootCamp

Tackle cyber threats in real time by using powerful, scalable, and efficient SIEM security software. That’s IBM QRadar.
Created byHatem Metwally
Last updated 2/2026
English

What you'll learn

  • Security Information and Event Management
  • SIEM
  • IBM QRadar SIEM
  • Hands-ON
  • Use Cases

Course content

16 sections50 lectures29h 6m total length
  • Introduction12:23

    Explore the IBM QRadar SIEM bootcamp, covering IBM curator architecture, deployment options, log analysis, searches, rules, threat hunting, tuning, apps, dashboards, and custom integrations.

Requirements

  • Basic Unix/Linux Skills
  • Basic Network Security Concepts

Description

Do you want to enter the SIEM field? Do you want to learn one of the leaders SIEM technologies? 


Do you want to understand the concepts and gain the hands-on on IBM QRadar SIEM?


Then this course is designed for you. Through baby steps you will learn IBM QRadar SIEM


Important topics that you will learn about in this course include but not limited to the following:


The course is covering below topics:

- QRadar architecture

- QRadar components

- All-In-One installation

- Console GUI demystified, QRadar Services and Replay Events & Flows

- Offense, Event, Flow investigation

- Describe the use of the magnitude of an offense

- Offense management (retention, chaining, protection)

- Identify events not correctly parsed and their source

- Customized searches

- Log Integration and DSM Development

- Rules and Building Block Design

- AQL queries

- Custom properties

- WinCollect

- X-Force App Exchange, Content Packs and Pulse Installation and Troubleshooting

- QRadar Assistant App

- Install QRadar Content Packs using the QRadar Assistant App

- Reference Data Types and Management

- Analyze Building Blocks Host definition, category definition, Port definition

- Tuning building blocks and Tuning Methodology

- Use Case Manager app, MITRE threat groups and actors

- Dashboarding and Reporting

- Clean SIM Model

- Attack Simulation and Sysmon Process Profiling

- Rule Routing options, Rule Routing combination options and License Giveback

- Backup and restore

- Ingesting QRadar offenses into FortiSOAR

- Custom Integration with FortiGate Firewall to Block User's PC from Accessing the Internet

- Postman - An API Call Development Methodology


--- Below new section and lessons added on 25 October 2024 ---

New Section Name: QRadar Upgrade Planning and Procedures

New Lessons in section:

- Upgrade Planning

- Backups

- Mitigate Centos-base Apps

- QRadar Upgrade Procedures

- Wincollect Agents Dependencies and Managed Agents Auto-Update


-- Added New Section for Integration with IBM QRadar SOAR on 17th Feb 2026

Who this course is for:

  • Network Security Specialists & Administrators
  • SOC Operators & Analysts
  • Information Security Sepcialists