A CP4S administrator performs advanced tasks related to the daily management and operation of the Cloud Pak for Security environment. In this course, you learn the key competencies of a CP4S Security Administrator.  

This course prepares you for the IBM Certified Administrator–Cloud Pak for Security V1.10 certification exam (Exam C1000-115). This course is a study guide for the test. You need additional knowledge you have obtained by working with CP4S and supporting technologies to pass the exam.

QRadar SIEM provides deep visibility into network, user, and application activity. It provides collection, normalization, correlation, and secure storage of events, flows, assets, and vulnerabilities. Suspected attacks and policy breaches are highlighted as offenses. 

This self-paced 2-day course walks you through various advanced topics about QRadar such as custom log sources, reference data collections and custom rules, X-Force data and the Threat Intelligence app, UBA and QRadar Advisor, tuning and custom action scripts. The course also discusses integration with IBM SOAR. Hands-on exercises reinforce the skills learned.

The lab environment for this course uses the IBM QRadar SIEM 7.4 platform.

IBM Security QRadar enables deep visibility into network, endpoint, user, and application activity. It provides collection, normalization, correlation, and secure storage of events, flows, assets, and vulnerabilities. Suspected attacks and policy breaches are highlighted as offenses. In this course, you learn about the solution architecture, how to navigate the user interface, and how to investigate offenses. You search and analyze the information from which QRadar concluded a suspicious activity. Hands-on exercises reinforce the skills learned.

In this 3-day instructor-led course, you learn how to perform the following tasks:

• Describe how QRadar collects data to detect suspicious activities​​​​​​​
• Describe the QRadar architecture and data flows
• Navigate the user interface
• Define log sources, protocols, and event details
• Discover how QRadar collects and analyzes network flow information
• Describe the QRadar Custom Rule Engine
• Utilize the Use Case Manager app
• Discover and manage asset information
• Learn about a variety of QRadar apps, content extensions, and the App Framework
• Analyze offenses by using the QRadar UI and the Analyst Workflow app
• Search, filter, group, and analyze security data
• Use AQL for advanced searches
• Use QRadar to create customized reports
• Explore aggregated data management
• Define sophisticated reporting using Pulse Dashboards
• Discover QRadar administrative tasks

Extensive lab exercises are provided to allow students an insight into the routine work of an IT Security Analyst operating the IBM QRadar SIEM platform. The exercises cover the following topics:

• Architecture exercises
• UI – Overview exercises
• Log Sources exercises
• Flows and QRadar Network Insights exercises
• Custom Rule Engine (CRE) exercises
• Use Case Manager app exercises
• Assets exercises
• App Framework exercises
• Working with Offenses exercises.
• Search, filtering, and AQL exercises
• Reporting and Dashboards exercises
• QRadar – Admin tasks exercises

The lab environment for this course uses the IBM QRadar SIEM 7.4 platform.

IBM Security QRadar enables deep visibility into network, endpoint, user, and application activity. It provides collection, normalization, correlation, and secure storage of events, flows, assets, and vulnerabilities. Suspected attacks and policy breaches are highlighted as offenses. In this course, you learn about the solution architecture, how to navigate the user interface, and how to investigate offenses. You search and analyze the information from which QRadar concluded a suspicious activity. Hands-on exercises reinforce the skills learned.

In this 3-day self-paced course, you learn how to perform the following tasks:

• Describe how QRadar collects data to detect suspicious activities​​​​​​​
• Describe the QRadar architecture and data flows
• Navigate the user interface
• Define log sources, protocols, and event details
• Discover how QRadar collects and analyzes network flow information
• Describe the QRadar Custom Rule Engine
• Utilize the Use Case Manager app
• Discover and manage asset information
• Learn about a variety of QRadar apps, content extensions, and the App Framework
• Analyze offenses by using the QRadar UI and the Analyst Workflow app
• Search, filter, group, and analyze security data
• Use AQL for advanced searches
• Use QRadar to create customized reports
• Explore aggregated data management
• Define sophisticated reporting using Pulse Dashboards
• Discover QRadar administrative tasks

Extensive lab exercises are provided to allow students an insight into the routine work of an IT Security Analyst operating the IBM QRadar SIEM platform. The exercises cover the following topics:

• Architecture exercises
• UI – Overview exercises
• Log Sources exercises
• Flows and QRadar Network Insights exercises
• Custom Rule Engine (CRE) exercises
• Use Case Manager app exercises
• Assets exercises
• App Framework exercises
• Working with Offenses exercises.
• Search, filtering, and AQL exercises
• Reporting and Dashboards exercises
• QRadar – Admin tasks exercises

The lab environment for this course uses the IBM QRadar SIEM 7.4 platform.

A QRadar Deployment specialist plans and installs QRadar SIEM and performs the initial configuration that allows an organization to begin using it. In this course, students will learn the various activities and responsibilities of a QRadar Deployment Professional. The course outline follows the same structure as the IBM Certified Deployment Professional - Security QRadar SIEM V7.4.3 (C1000-140) exam and helps the student prepare for the exam.