Satisnet Ltd, Basepoint Innovation Centre, 110 Butterfield Great Marlings, Luton, Bedfordshire, LU2 8DL enquiry@satisnet.co.uk
+44 (0) 1582 434320

IBM QRadar Training

Available Courses


IBM QRadar CyberKombat Training Course

How can you be a pilot if you don't try to fly - How can you be a SOC Analyst if you never handle offenses?
At last a real IBM QRadar SIEM training course!

Powered by CyberKombat, a brand new experience designed to replicate serious cyber attacks on an organisation, giving real life SOC teams the opportunity to test their abilities and gain a wealth of new skills in the process.

Training Course Overview

  • 1 day, delivered via the web using the CyberKombat Cloud
  • QRadar training content covering the functionality of QRadar with lab exercises
  • Attack based lab exercises delivered by CyberKombat

Attendee Requirements

No previous SIEM or security knowledge is required.

Morning Session

QRadar Fundamentals

  • Data and Log Sources
  • Rules and Building Blocks
  • Reference Sets
  • Offenses
    • Offenses Tab
    • Investigation Events
    • Filtering Events
    • Grouping Events
    • Investigating Flows
  • Dashboards and Reports
  • Reference Data
  • Deployment and Tuning

Afternoon Session

Portal login to CyberKombat environment, giving access to a Software Defined Network of red ‘attack’ and blue ‘defence’ machines. These offer a security stack that includes QRadar (SIEM), Carbon Black (Endpoint forensics), Palo Alto Networks (Layer 7 firewall and advanced threat detection), and SOCAutomation (Automation and incident response platform).

Attacks launched in the following categories:

  • SQL Injection
  • AD Attack
  • XSS Attack
  • Botnet
  • Port Scan

Documentation and Feedback Learning

During the labs the attendees are constantly monitored and prompted if they require assistance, or Nano-Learning is used to provide succinct refresher learning as required. All attacks and defences are documented for reference and future re-use.

Course Pricing

US

$500

UK

£400

Europe

€460

Request Training

IBM QRadar Cyber Defence and SOC Simulation Training

The Basic Idea

In the unique training concept, typical IT attacks are simulated in “real” corporate networks.

It is the goal of the IBM QRadar Cyber Defence and SOC Simulation Training to create a deep understanding of how attacks on corporate networks work, using Gartner leading SIEM IBM QRadar:

  • Understand the underlying technical principles of common attacks
  • Learn how to “think like an attacker” in regard to corporate network security
  • Understand the limits of common security products, such as antivirus solutions
  • Prioritise hardening measures correctly

Target Audience

The IBM QRadar Cyber Defence and SOC Simulation Training is suitable for the following groups:

  • System and Network Administrators
  • Operations Engineers
  • IT Security Manager and non-technical IT Security Consultants who want to broaden their technical understanding
  • IT Forensic staff and Security Operations Centre (SOC) staff who are just starting out in the field

Prerequisites

SIEM knowledge or hacking experience is not required. However, an affinity for the subject IT security should exist. The required fundamentals are explained in detail at the beginning of each exercise.

Agenda

QRadar SIEM provides deep visibility into network, user, and application activity. It provides collection, normalisation, correlation, and secure storage of events, flows, assets, topologies, and vulnerabilities. Suspected attacks and policy breaches are highlighted as offenses.

In this knowledge transfer, you learn how to navigate QRadar SIEM to detect anomalies and unusual behaviour. Using the skills taught in this course, you can identify and investigate threats and attacks, with hands-on exercises to reinforce the skills learned.

You will also learn how to create Universal DSM and create event, flow and anomaly rules. You will analyse the offenses created by rules and if necessary fine-tune them. Using the skills taught in this course, you can identify and investigate threats and attacks.

This basic course is for:

  • Security Analysts
  • Network Administrators
  • System Administrators

Day One - Introduction and basic attacks, bespoke ransomware demo

1. Introduction

  • Overall infrastructure introduction
  • Advanced tool introduction
    • Exploit net API
    • Exploit vsftPd

Lunch break

2. Reconnaissance

  • High noise scans
  • Low noise scans
  • Limitations of security tools (Optional but has worth if placed correctly)

3. Ransomware: Crypto Trojans on Share

Day Two - Man in the middle attacks

4. Man in the Middle Attacks

  • ARP spoofing 1 - Request
  • ARP spoofing 1 - Response

Lunch break

4. Man in the Middle Attacks

  • SSL/TLS - MITM attacks

4. Man in the Middle Attacks

  • SSL strip V2

Day Three - Windows domain security + botnet use case

5. Windows Domain Security

  • Steal NTLM hashes + cracking
  • Use NTLM hash to move to get creds for next machine

Lunch break

5. Windows Domain Security

  • Use NTLM hash to move to get creds for DC

6. Botnet - Use Case

Satisnet QRadar 7.2.8 Training Course

QRadar SIEM provides deep visibility into network, user, and application activity. It provides collection, normalisation, correlation, and secure storage of events, flows, assets, topologies, and vulnerabilities. Suspected attacks and policy breaches are highlighted as offenses.

In this knowledge transfer, you learn how to navigate QRadar SIEM to detect anomalies and unusual behaviour. Using the skills taught in this course, you can identify and investigate threats and attacks, with hands-on exercises to reinforce the skills learned.

You will also learn how to create Universal DSM and create event, flow and anomaly rules. You will analyse the offenses created by rules and if necessary fine-tune them. Using the skills taught in this course, you can identify and investigate threats and attacks.

This basic course is for:

  • Security Analysts
  • Network Administrators
  • System Administrators

Day One

Course Administration

Introduction to QRadar Demo

  • Log and Flow Data
    • Data Sources
    • Log Sources
    • Log Source Extensions
    • Custom Log Sources
    • Custom Event/Flow Properties
  • Exercise 1 - 4
  • Rules and Building Blocks
    • Rules
    • Building Blocks
    • Reference Sets
  • Exercise 5 - 6
  • Search and Filter
  • Exercise 7
  • Dashboard and Reports
    • Dashboards
    • Reports
  • Exercise 8 - 9

Day Two

Admin Tab

  • Admin Tab
    • Deployment Editor
    • Deploy Changes
    • Advanced Menu
    • System Configuration
      • Auto-Update
      • Backup and Recovery
      • Network Hierarchy
      • System and License Management
      • System Settings
      • Reference Set Management
      • Centralised Credentials
      • Forwarding Destinations
      • Routing Rules
      • Extensions Management
    • User Management
      • Users
      • User Roles
      • Security Profiles
      • User Authentication
      • Authorised Services
    • Remote Networks
    • Event and Flow Retention
    • Wincollect
  • Reference Data
  • Right-Click Menu
  • Command Line Interface

Day Three

Deployment and Tuning

  • Offenses Tab
    • Investigating Events
    • Filtering Events
    • Grouping Events
    • Investigating Flows
  • Triage

Hands on CyberKombat experience

What is CyberKombat?

CyberKombat (CK) is a cloud based cybersecurity modelling, development training, testing, and certification environment.

CK mimics real world security architectures and operations centres. It then enables attack models to be played through, helping in understanding the logic behind the who, what, where, when, and why of attacks. Then provides answers and Run-Books on how to remediate. A real SOC training experience!

IBM QRadar CyberKombat Training

Request Quote