COURSE OBJECTIVE:
In this course, you learn to perform the following tasks:
• Navigate the QRadar EDR Dashboard
• Describe the QRadar EDR architecture
• Install the on-premises QRadar EDR Hive and configure the initial setup
• Deploy the QRadar EDR Agent on your endpoints
• Investigate threats on endpoints
• Manage endpoints
• Understand and respond to alerts and trends
• Act upon behavioral malware and ransomware attacks
• Configure notifications and Simple Mail Transfer Protocol
• Set up forwarding alerts
• Define policies
• Handle downloaded and quarantined files from your endpoints
• Set up users, groups, and clients
• Configure Hive-Cloud Score
• Create applications
• Monitor audit logs
TARGET AUDIENCE:
Security operations center (SOC) AdministratorSOC AnalystSecurity AnalystIncident ResponderManaged Service Security Provider (MSSP)
COURSE PREREQUISITES:
Not available. Please contact.
COURSE CONTENT:
Getting started
• Dashboard overview
• Architecture
• QRadar EDR on-prem installation
• Downloading, installing, and updating the QRadar EDR Agent
Protecting your endpoints
• Investigating threats on endpoints
• Managing endpoints
• Understanding and responding to alerts and trends
• Acting upon behavioral malware and ransomware attacks
• Hunting for threats on your endpoint using a QRadar EDR lab
Administering your environment
• Configuring notifications and Simple Mail Transfer Protocol (SMTP)
• Setting up forwarding alerts
• Defining policies
• Handling downloaded and quarantined files from your endpoints
• Setting up users, groups, and clients
• Configuring Hive-Cloud Score
• Creating applications
• Monitoring audit logs
FOLLOW ON COURSES:
Not available. Please contact.