0

Explore Products

Best Sellers

New Releases

Books

Videos

Audiobooks

Free Learning

Building a Next-Gen SOC with IBM QRadar

You're reading from Building a Next-Gen SOC with IBM QRadar Accelerate your security operations and detect cyber threats effectively

Product type Paperback

Published in Jun 2023

Publisher Packt

ISBN-13 9781801076029

Length 198 pages

Edition 1st Edition

Tools

IBM QRadar

Concepts

Cybersecurity

Author (1):

Ashish Kothekar

View More author details

Table of Contents (18) Chapters

Preface

1. Part 1: Understanding Different QRadar Components and Architecture

2. Chapter 1: QRadar Components FREE CHAPTER

3. Chapter 2: How QRadar Components Fit Together

4. Chapter 3: Managing QRadar Deployments

5. Part 2: QRadar Features and Deployment

6. Chapter 4: Integrating Logs and Flows in QRadar

7. Chapter 5: Leaving No Data Behind

8. Chapter 6: QRadar Searches

9. Chapter 7: QRadar Rules and Offenses

10. Part 3: Understanding QRadar Apps, Extensions, and Their Deployment

11. Chapter 8: The Insider Threat – Detection and Mitigation

12. Chapter 9: Integrating AI into Threat Management

13. Chapter 10: Re-Designing User Experience

14. Chapter 11: WinCollect – the Agent for Windows

15. Chapter 12: Troubleshooting QRadar

16. Index

Why subscribe?

17. Other Books You May Enjoy

Summary

In this chapter, we have discussed the crux of QRadar management, which is running searches and maintaining QRadar in such a way that the searches are efficient. We have also discussed various ways in which we can tune the searches. The majority of the issues faced by customers are linked to searches. If you went through this chapter thoroughly, you should now understand the fundamentals of searches, such as the services involved, filters used, indexing, and so on. This should immensely help SOC admins to design searches and SOC analysts to run them.

The concept of SIEM revolves around gathering relevant security information, analyzing the data, and generating alerts for the SOC team. The security alerts in QRadar are called offenses because the alerts are generated when the rules laid down by the QRadar admin are offended. We will discuss the various aspects of rules and offenses in the next chapter.

The rest of the chapter is locked

Register for a free Packt account to unlock a world of extra content!

A free Packt account unlocks extra newsletters, articles, discounted offers, and much more. Start advancing your knowledge today.

Unlock this book and the full library FREE for 7 days

Get unlimited access to 7000+ expert-authored eBooks and videos courses covering every tech area you can think of

Start free trial

Renews at $19.99/month. Cancel anytime

Authors (2)

Ashish Kothekar

Ashish Kothekar

Ashish has a total experience of more than 15 years working for IBM on various different platforms. He is currently working as tech evangelist for IBM Security products. He has been instrumental in developing more than 10 IBM certification exams including IBM products like QRadar, Cloud Pak for Security, IBM SiteProtector, IBM XGS, etc. He has worked with multiple customers on deploying and then upgrading IBM security products. He has contributed regularly by writing blogs and giving talks on security products. He has published many redpapers on the integration of security products with IBM Storage solutions like IBM Spectrum scale. These redpapers are now full-fledged solutions that are being sold. He has also cleared two Mandarin language exams and is HSK2 qualified.

See other products by Ashish Kothekar

Ashish M Kothekar

Ashish M Kothekar

Ashish has a total experience of more than 15 years working for IBM on various different platforms. He is currently working as tech evangelist for IBM Security products. He has been instrumental in developing more than 10 IBM certification exams including IBM products like QRadar, Cloud Pak for Security, IBM SiteProtector, IBM XGS, etc. He has worked with multiple customers on deploying and then upgrading IBM security products. He has contributed regularly by writing blogs and giving talks on security products. He has published many redpapers on the integration of security products with IBM Storage solutions like IBM Spectrum scale. These redpapers are now full-fledged solutions that are being sold. He has also cleared two Mandarin language exams and is HSK2 qualified.

See other products by Ashish M Kothekar

Personalised recommendations for you

Based on your interests and search pattern

The Aspiring CIO and CISO

The Aspiring CIO and CISO

This book helps entry, mid-level, and senior managers master soft skills, craft a compelling brand, and strategically plan their career in C-suite roles with the help of expert insights needed for success in digital leadership and executive roles.

Jun 2024 8h 32m

The Aspiring CIO and CISO

The Aspiring CIO and CISO

This book helps entry, mid-level, and senior managers master soft skills, craft a compelling brand, and strategically plan their career in C-suite roles with the help of expert insights needed for success in digital leadership and executive roles.

Jun 2024 8h 32m

The Aspiring CIO and CISO

The Aspiring CIO and CISO

This book helps entry, mid-level, and senior managers master soft skills, craft a compelling brand, and strategically plan their career in C-suite roles with the help of expert insights needed for success in digital leadership and executive roles.

Jun 2024 8h 32m

The Aspiring CIO and CISO

The Aspiring CIO and CISO

This book helps entry, mid-level, and senior managers master soft skills, craft a compelling brand, and strategically plan their career in C-suite roles with the help of expert insights needed for success in digital leadership and executive roles.

Jun 2024 8h 32m

The Aspiring CIO and CISO

The Aspiring CIO and CISO

This book helps entry, mid-level, and senior managers master soft skills, craft a compelling brand, and strategically plan their career in C-suite roles with the help of expert insights needed for success in digital leadership and executive roles.

Jun 2024 8h 32m

The Aspiring CIO and CISO

The Aspiring CIO and CISO

This book helps entry, mid-level, and senior managers master soft skills, craft a compelling brand, and strategically plan their career in C-suite roles with the help of expert insights needed for success in digital leadership and executive roles.

Jun 2024 8h 32m

The Aspiring CIO and CISO

The Aspiring CIO and CISO

This book helps entry, mid-level, and senior managers master soft skills, craft a compelling brand, and strategically plan their career in C-suite roles with the help of expert insights needed for success in digital leadership and executive roles.

Jun 2024 8h 32m

Malware Development for Ethical Hackers

Malware Development for Ethical Hackers

This book will help you understand malware development by delving into the intricate mechanisms of malware development, injection attacks, and advanced evasion strategies with over 80 real-life examples.

Jun 2024 13h 0m

Malware Development for Ethical Hackers

Malware Development for Ethical Hackers

This book will help you understand malware development by delving into the intricate mechanisms of malware development, injection attacks, and advanced evasion strategies with over 80 real-life examples.

Jun 2024 13h 0m

Malware Development for Ethical Hackers

Malware Development for Ethical Hackers

This book will help you understand malware development by delving into the intricate mechanisms of malware development, injection attacks, and advanced evasion strategies with over 80 real-life examples.

Jun 2024 13h 0m

Malware Development for Ethical Hackers

Malware Development for Ethical Hackers

This book will help you understand malware development by delving into the intricate mechanisms of malware development, injection attacks, and advanced evasion strategies with over 80 real-life examples.

Jun 2024 13h 0m

Malware Development for Ethical Hackers

Malware Development for Ethical Hackers

This book will help you understand malware development by delving into the intricate mechanisms of malware development, injection attacks, and advanced evasion strategies with over 80 real-life examples.

Jun 2024 13h 0m