Satisnet Ltd, Basepoint Innovation Centre, 110 Butterfield Great Marlings, Luton, Bedfordshire, LU2 8DL
+44 (0) 1582 434320

IBM QRadar Training

Available Courses

IBM QRadar CyberKombat Training Course

How can you be a pilot if you don't try to fly - How can you be a SOC Analyst if you never handle offenses?
At last a real IBM QRadar SIEM training course!

Powered by CyberKombat, a brand new experience designed to replicate serious cyber attacks on an organisation, giving real life SOC teams the opportunity to test their abilities and gain a wealth of new skills in the process.

Training Course Overview

  • 1 day, delivered via the web using the CyberKombat Cloud
  • QRadar training content covering the functionality of QRadar with lab exercises
  • Attack based lab exercises delivered by CyberKombat

Attendee Requirements

No previous SIEM or security knowledge is required.

Morning Session

QRadar Fundamentals

  • Data and Log Sources
  • Rules and Building Blocks
  • Reference Sets
  • Offenses
    • Offenses Tab
    • Investigation Events
    • Filtering Events
    • Grouping Events
    • Investigating Flows
  • Dashboards and Reports
  • Reference Data
  • Deployment and Tuning

Afternoon Session

Portal login to CyberKombat environment, giving access to a Software Defined Network of red ‘attack’ and blue ‘defence’ machines. These offer a security stack that includes QRadar (SIEM), Carbon Black (Endpoint forensics), Palo Alto Networks (Layer 7 firewall and advanced threat detection), and SOCAutomation (Automation and incident response platform).

Attacks launched in the following categories:

  • SQL Injection
  • AD Attack
  • XSS Attack
  • Botnet
  • Port Scan

Documentation and Feedback Learning

During the labs the attendees are constantly monitored and prompted if they require assistance, or Nano-Learning is used to provide succinct refresher learning as required. All attacks and defences are documented for reference and future re-use.

Course Pricing







Request Training

Satisnet QRadar 7.2.8 Training Course

QRadar SIEM provides deep visibility into network, user, and application activity. It provides collection, normalisation, correlation, and secure storage of events, flows, assets, topologies, and vulnerabilities. Suspected attacks and policy breaches are highlighted as offenses.

In this knowledge transfer, you learn how to navigate QRadar SIEM to detect anomalies and unusual behaviour. Using the skills taught in this course, you can identify and investigate threats and attacks, with hands-on exercises to reinforce the skills learned.

You will also learn how to create Universal DSM and create event, flow and anomaly rules. You will analyse the offenses created by rules and if necessary fine-tune them. Using the skills taught in this course, you can identify and investigate threats and attacks.

This basic course is for:

  • Security Analysts
  • Network Administrators
  • System Administrators

Day One

Course Administration

Introduction to QRadar Demo

  • Log and Flow Data
    • Data Sources
    • Log Sources
    • Log Source Extensions
    • Custom Log Sources
    • Custom Event/Flow Properties
  • Exercise 1 - 4
  • Rules and Building Blocks
    • Rules
    • Building Blocks
    • Reference Sets
  • Exercise 5 - 6
  • Search and Filter
  • Exercise 7
  • Dashboard and Reports
    • Dashboards
    • Reports
  • Exercise 8 - 9

Day Two

Admin Tab

  • Admin Tab
    • Deployment Editor
    • Deploy Changes
    • Advanced Menu
    • System Configuration
      • Auto-Update
      • Backup and Recovery
      • Network Hierarchy
      • System and License Management
      • System Settings
      • Reference Set Management
      • Centralised Credentials
      • Forwarding Destinations
      • Routing Rules
      • Extensions Management
    • User Management
      • Users
      • User Roles
      • Security Profiles
      • User Authentication
      • Authorised Services
    • Remote Networks
    • Event and Flow Retention
    • Wincollect
  • Reference Data
  • Right-Click Menu
  • Command Line Interface

Day Three

Deployment and Tuning

  • Offenses Tab
    • Investigating Events
    • Filtering Events
    • Grouping Events
    • Investigating Flows
  • Triage

Hands on CyberKombat experience

What is CyberKombat?

CyberKombat (CK) is a cloud based cybersecurity modelling, development training, testing, and certification environment.

CK mimics real world security architectures and operations centres. It then enables attack models to be played through, helping in understanding the logic behind the who, what, where, when, and why of attacks. Then provides answers and Run-Books on how to remediate. A real SOC training experience!

IBM QRadar CyberKombat Training

Request Quote