Please join our Proof of Technology event for IBM Customers,Business Partners and IBMers with a need to become more familiar with QRadar SOAR (Resilient). During this workshop, you can learn best practices and trends about Security Incident Response using QRadar, you will be able to network with your industry peers and participate in different hands-on LAB Exercises. 

This 5 half-day workshop will be delivered in English

Agenda

Half-day 1 & 2: UI - Rules - Customization - email Collection

• Introduction to the IR problem
• Marketing and product placement
• Architecture overview and installation options
• Resilient Platform Overview (Demo)
• Lab 1: Prepare the environment
• Lab 2: Incident Creation & Editing
• Lab 3: Working with the Privacy Module and Breach
• Lab 4: Reports & Dashboards
• Lab 5: Field & Tab Customization
• Lab 6: Incident Types, Phases, and Tasks
• Lab 7: Scripts
• Lab 8: Rules
• Lab 9: Additional script and rule 
• Lab 10: Inbound Email

Half-day 3 & 4 Playbooks - Integration Server - App Host

• Review last labs & Feedback
• Lab 11: Playbooks(New Playbook Design)
• Lab 12: Install the Integration Server 
• Lab 13: Install app from App Exchange
• Lab 14: Creating your own function
• Lab 15: Installing QRadar SOAR Circuits as a Service
• Lab 16: install the apphost package
• Lab 17: install your first app
• Lab 18: Install fn_utilities app
• Lab 19: Create new Custom Palybook that uses our Shell Command Function
• Lab 20: Install nmap in AppHost and remote control to VM
• Lab 21: Install the Components File for App Host

Half-day 5: Link your QRadar to SOAR (QRadar Labs are provided to BPs and IBMers only)

• Review last labs & Feedback
• Lab 22: Reserve a QRadar for demo on TechZone, or use your own QRadar Lab (NOT PROD)
• Lab 23: Configure your QRadar to send Alerts to SOAR
• Lab 24: Configure your SOAR to Query QRadar with 2 apps 
• Lab 25: Create offense and see them in SOAR

Speaker:

Federico Spiti

Senior Security Technical Leader, IBM Technology, EMEA