About This Course

In this course, QRadar SIEM administrators learn how to integrate and configure QRadar Incident Forensics in an existing QRadar SIEM deployment. End users such as Security Analysts learn how to use the QRadar Incident Forensics tools to effectively perform network forensics.

Course Audience Profile

This intermediate course is for:

• QRadar SIEM administrators
• QRadar SIEM Security Analysts

Course Pre-Requisites

You should have:

• Working experience with QRadar SIEM.
• Knowledge of how to navigate through the QRadar SIEM pages and using the mouse click options is mandatory.

At Course Completion

• Learn how to integrate and configure QRadar Incident Forensics
• Learn how to use the QRadar Incident Forensics tools

Course Outline

• Explanation of network forensics and the functions and aspects of IBM Security QRadar Incident Forensics 7.2.4
• Integration of IBM Security QRadar Incident Forensics 7.2.4 in IBM Security QRadar SIEM 7.2.4
• Administration of IBM Security QRadar Incident Forensics 7.2.4; creating cases, managing users, and configuring the Incident Forensics server.
• Using the concepts and terminology of IBM Security QRadar Incident Forensics 7.2.4
• Using IBM Security QRadar Incident Forensics 7.2.4 to analyze a network forensic case using the IBM Security QRadar Incident Forensics 7.2.4 Forensic search page and tools.