Register here: https://www.ibm.com/training/events/msu2022
Now in its 5th year, Master Skills University is the premier event for sharpening your skills and deepening your knowledge of IBM Security solutions, through demos, lectures, and labs built and delivered by our top global cyber experts. You’ll also have opportunities to ask questions, connect with fellow power users from around the world, and engage one-to-one with the teams who develop, deploy, and support your IBM Security products every day.
This is a draft agenda. Subject to change.
Monday, September 12
Roadmap and Threat/Defense Strategies — In this session you will learn about recent innovations within QRadar, the future strategy and direction of SIEM, and the convergence of SIEM, SOAR and Threat Hunting capabilities - all with a unified user experience. We will also be covering. We will also be joined by our X-Force Head of Research to give us an overview of the current threat landscape and share hacking strategies and defense tactics.
Tuesday, September 13
QRadar Architecture & Capability Concepts — If you haven’t had any proper introductory courses, look no further. Our Security Enablement Team will provide you a QRadar Foundations Course that will allow you to understand the data ingest pipeline, processing, and introductory lab exercises of all of its key components. Learn how events and flows are processed, analyzed, and parsed. Learn how to build rules that correlate nefarious behaviors against events and flows together. Learn how to put together compelling dashboards for your manager.
Wednesday, September 14
Network Threat Detection Lab — In this session, we will deep dive into various exercises that shows how deep packet inspection allows us to establish comprehensive visiblity of various nefarious behaviors that could be happening in our
environments. Detecting subtle threat activity on our networks requires going beyond traditional means of detection. In this session you’ll learn about ways to enhance your network visibility using flows and QRadar Network Insights (QNI), and how this visibility powers the innovative machine learning analytics in the new QRadar Network Threat Analytics (NTA) app.
Compelling Use Cases and Lab Setup with Jose Bravo — Youtube star Jose Bravo will bring and walk us through his perfectly tuned QRadar environment that consists of all of the best OOTB material + Custom content he’s curated over the years to address the most compelling use cases in today’s cybersecurity threat landscape. Bring your questions and your hacker outfits to walk through real malware simulations.
Threat Hunting using QRadar SIEM (Capture the Flag Lab) — In this gamification lab, we will split the room into various teams to simulate a LIVE SOC and shows various analyst personas completing specific tasks within QRadar to hunt for
adversary that’s penetrated our systems!! We will go through the entire identification and containment of the incident and show the power of the integration with EDR + NDR + SOAR to stop the attack in its tracks before getting fined millions of dollars.
Thursday, September 15
User Behavior Analytics Jump-start Lab — In this session, you will gather the 101 of what it takes to setup a UBA environment to start to correlate user and entity context. Our UBA architect will walk through tips and tricks on the achieving a fully tuned envrionment to yield the best offenses and alerts and we will run through some UBA exercises that will cover Compliance, Role Privileges and Machine Learning scenarios that bring meaningful and proactive alerts to your analyst.
Cloud Solution Integrations and Best Practices — In this session you will learn best practices for configuring and optimizing integrations between QRadar and Azure and AWS data sources. We will also cover integration mechanics and commonly asked questions.
Data Ingestion Optimization — In this session you will be given an update and deep dive on (1) the lastest developments in our protocols including Gateway protocols, Universal CloudRest API Protocol and Protocol testing (2) the DSM editor and we’ll highlight some of the autodetection capabilities and JSON Parsers (3) lastly we’ll touch on AQL