Practice Lab: Apply your knowledge of threat hunting

For SIEM, you can use IBM’s Security Information and Event Management product— IBM QRadar SIEM and Guardium.

Creating an IBM account

It is mandatory that you have an IBM account (IBMid) to access the training videos and labs mentioned below.

If you do not already have an IBMid, click here to create one for free.

Virtual lab course(s)

Lab: Investigate cybersecurity threats using QRadar Analyst Workflow

In this hands-on lab, you learn about the new QRadar Analyst Workflow application UI and how it helps security analysts to investigate offenses and search for threats. Some highlights of the new investigation workflows include:

• Critical information to help inform decision making is one click away.

• Objects such as IP addresses, Log Sources, Events, Insights, Magnitude, and more can be selected to expose a side panel that will provide additional context and details.

• Filters are available when tables of information are exposed to help users narrow down results AQL smart query builder enables an analyst to search for common objects such as IP, Hash, URL, and more without having to build a query Performance improvements in loading screens and navigating between workflows.

Click here to for an overview of the lab.

Click here to download the lab instructions.

Click here to access the virtual lab setup.