In this course you learn how to integrate QRadar EDR and SIEM by creating an API application in QRadar EDR and by adding a new log source in QRadar SIEM to add endpoint detection and alerts to QRadar SIEM. Integrating QRadar EDR and SIEM amplifies the power of QRadar XDR (extended detection and response) by leveraging AI and automation opportunities. Having advanced and automated response capabilities enables analysts to focus on the fight in front of them.
This course applies to version 3.12 of the on-premises IBM Security QRadar EDR offering.
Virtual Learning
This interactive training can be taken from any location, your office or home and is delivered by a trainer. This training does not have any delegates in the class with the instructor, since all delegates are virtually connected. Virtual delegates do not travel to this course, Global Knowledge will send you all the information needed before the start of the course and you can test the logins.
Unit 1: Integrating with QRadar SIEM
Unit 2: QRadar EDR - integrating with QRadar SIEM - Lab
In this course you learn to do these activities:
This course is tailored to IT security analysts in a Security Operations Center (SOC) environment who are tasked with endpoint protection and threat hunting, as well as QRadar EDR administrators, incident responders, and managed service security providers (MSSP).
