Art of the Possible with QRadar - Part 1: Getting the Most Out of QRadar

When:  Aug 7, 2020 from 11:00 AM to 12:00 PM (ET)

Calling all security analysts: Ever wonder if you’re getting the most from your SIEM? Well, wonder no more as our very own in-house SIEM expert Jose Bravo shows you what’s possible in this new three-part webinar series called “The Art of the Possible.”

 

No PowerPoint slides. NONE. Everything that is shared will be live demos and occasional whiteboard explanations, when required. There will be plenty of time for you to ask questions directly to make sure you’re getting the most out of this session.

 

Part 1 (60 minutes) will focus on the following:

 

  • How on-prem logs are auto discovered, and how cloud logs are easily tested.
  • Out-of-the-box log parsers for almost everything out there, when there is not the DSM Editor.
  • The most valuable thing in QRadar: its rules as seen from the Use Case Manager App.
  • What QRadar does with all those logs: Offenses let us see some of them.
  • Advisor: your time saver. Offense example.
  • Logs combined with flows and payload inspection leave no room for attack Offense examples.
  • Why it makes sense to feed QRadar with vulnerability data.
  • Monitoring internal users: UBA plain vanilla.
  • Getting to know your internal users: UBA with Machine Learning.
  • How to manually search for additional data: Filters, GUI, Quick Filter and AQL.
  • Q&A session using my live system