Course Name |
Hours |
List Price |
Content |
IBM QRadar SIEM Advanced Topics (BQ203G) |
14.00 |
$1,650.00 |
|
Description: IBM Security QRadar enables you to minimize the time gap between when a suspicious activity occurs and when you detect it. Attacks and policy violations leave their footprints in log events and network flows of your IT systems. To connect the dots, QRadar SIEM correlates these scattered events and flows into offenses that alert you to suspicious activities. Using the skills taught in this course, you will be able to configure processing of uncommon events, work with reference data, and develop custom rules, custom actions, and custom anomoly detection rules.
The lab environment for this course uses the IBM QRadar SIEM 7.3 platform.
Skills Gained
Create custom log sources to utilize events from uncommon sources
Create, maintain, and use reference data collections
Develop and manage custom rules to detect unusual activity in your network
Develop and manage custom action scripts to for automated rule reponse
Develop and manage anomoly detection rules to detect when unusual network traffic patterns occur
# of Days:
Setting:
|
IBM QRadar SIEM Foundations (BQ103G) |
21.00 |
$2,475.00 |
|
Description:
IBM QRadar SIEM provides deep visibility into network, user, and application activity. It provides collection, normalization, correlation, and secure storage of events, flows, asset profiles, and vulnerabilities. QRadar SIEM classifies suspected attacks and policy violations as offenses.
In this 3-day instructor-led course, you learn how to perform the following tasks:
Describe how QRadar SIEM collects data to detect suspicious activities
Describe the QRadar SIEM component architecture and data flows
Navigate the user interface
Investigate suspected attacks and policy breaches
Search, filter, group, and analyze security data
Investigate the vulnerabilities and services of assets
Use network hierarchies
Locate custom rules and inspect actions and responses of rules
Analyze offenses created by QRadar SIEM
Use index management
Navigate and customize the QRadar SIEM dashboard
Use QRadar SIEM to create customized reports
Use charts and filters
Use AQL for advanced searches
Analyze a real world scenario
Extensive lab exercises are provided to allow students an insight into the routine work of an IT Security Analyst operating the IBM QRadar SIEM platform. The exercises cover the following topics:
Using the QRadar SIEM user interface
Investigating an Offense triggered by events
Investigating the events of an offense
Investigating an offense that is triggered by flows
Using rules
Using the Network Hierarchy
Index and Aggregated Data Management
Using the QRadar SIEM dashboard
Creating QRadar SIEM reports
Using AQL for advanced searches
Analyze a real-world large-scale attack
The lab environment for this course uses the IBM QRadar SIEM 7.3 platform.
Skills Gained
After completing this course, you should be able to perform the following tasks:
Describe how QRadar SIEM collects data to detect suspicious activities
Describe the QRadar SIEM component architecture and data flows
Navigate the user interface
Investigate suspected attacks and policy violations
Search, filter, group, and analyze security data
Investigate events and flows
Investigate asset profiles
Describe the purpose of the network hierarchy
Determine how rules test incoming data and create offenses
Use index and aggregated data management
Navigate and customize dashboards and dashboard items
Create customized reports
Use filters
Use AQL for advanced searches
Analyze a real world scenario
# of Days:
Setting:
|
IBM Security Access Manager for Web (TW106G) |
24.00 |
$2,475.00 |
|
Description: This course is for system administrators and business partners. IBM Security Access Manager for Web (formerly IBM Tivoli Access Manager for e-business) is a scalable and centralized user authentication, authorization, and web single sign-on solution.
# of Days:
Setting:
|
IBM Security Identity Manager Foundations |
28.00 |
$3,300.00 |
|
Description: This is an instructor-led course that introduces students to the foundational skills required to install, configure, and administer IBM Security Identity Manager,. IBM Security Identity Manager can be deployed using the following formats software stack and virtual appliance. This course applies to both formats.
The course also includes many hands-on exercises to supplement the lecture. The hands-on labs are conducted using Identity Manager v.7.0.1.10.
# of Days:
Setting:
|
IBM Spectrum Scale Advanced Administration for Linux (H006G) |
21.00 |
$2,695.00 |
|
Description: This course is intended for IT professionals tasked with administering a Spectrum Scale system. It includes information on installing, configuring and monitoring a Spectrum Scale cluster.
This course replaces AN82G from Power brand.
Skills Gained
Migrate a GPFS 3.5 cluster to IBM Spectrum Scale 4.2
Migrate an IBM Spectrum Scale 4.1 cluster to 4.2
Describe and set up GUI interface
Execute performance collection infrastructure
Describe the IBM Spectrum Scale multi-cluster functionality, how to remote mount file systems, and the security configuration in a multi-cluster environment
Describe, install, and configure Clustered Network File System (cNFS)
Define, deploy, debug, and log Cluster Export Service (CES)
Describe multi-protocol support
Describe the Server Message Block (SMB) Protocol family and clients; solve and monitor SMB recovery scenarios; troubleshoot SMB
Manage Ganesha default configuration change/list
Manage exports in CES Network File System (NFS) and debug CES NFS
Describe home and cache features
List the various Active File Management (AFM) modes; create and manage an AFM relationship
Define and introduce asynchronous disaster recovery (DR)
List the recovery point objectives (RPOs) and failover options
Describe the Spectrum Scale Disaster Recovery Architecture
Describe the Linear Tape File System (LTFS) Enterprise Edition (EE) Introduction
Describe the GPFS policy driven storage management
Describe the HSM archival solution with LTFS EE
Define how to create a file placement optimization (FPO) pool
Describe using Spectrum Scale with Hadoop
Identity the scenarios in which GPFS-FPO is applicable
Define Share Nothing Architecture
Describe the design and architecture of the Call Home feature and describe its functionality
List the usage/advanced usage of the Call Home feature
Describe GPFS Performance parameters and GPFS tuning considerations
Monitor a GPFS cluster
Describe flash cache capabilities
Move metadata to flash cache
# of Days:
Setting:
|
IBM: Implementing RACF Security for CICS/ESA and CICS/TS (ES84G) |
36.00 |
$3,500.00 |
|
Description: This course teaches you how to implement security for your CICS systems using RACF as the external security manager. The lecture material will first explain the implementation tasks for a single-region CICS system and then extend the scope to MRO- or ISC-connected multiregion CICS systems. In the classroom you will learn both the CICS and RACF definitions necessary to establish effective security controls for CICS.
You will learn how to:
Protect CICS system resources so that CICS itself has access but other users, such as TSO users or batch jobs, are denied access.
Define CICS terminal users to RACF and restrict the CICS regions to which these users will be allowed to sign on.
Control access to individual CICS transactions.
Control access to CICS application resources accessed by these transactions.
Control execution of CICS system programmer interface (SPI) commands used within transactions.
Control access to installation-defined resources used to support application-specific security requirements.
Control access to CICS transactions and resources when two or more CICS address spaces are connected to enable use of the CICS transaction routing and function-shipping mechanisms.
You will learn about the wide variety of mechanisms that can be used to initiate transactions within CICS and the techniques for imposing security controls on each of these mechanisms. These mechanisms include the connections to CICS using Advanced Program-to-Program Communication (APPC) either from CICS client or server products on other platforms or from other products that support APPC. You will also explore the security interface between CICS, RACF, and DB2 and learn how RACF can be used to secure CICSplex System Manager, one of the elements provided with CICS Transaction Server for z/OS.
You will have many opportunities to apply what you have learned in the classroom with hands-on lab exercises in which you actually set up the definitions in both CICS and RACF. The hands-on lab begins with exercises where you will familiarize yourself with the CICS and RACF lab environment. In the lab exercises you start with a CICS address space that has no security. First, you will protect your CICS region resources. In subsequent lab exercises, you will set up user sign-on security, protect transactions, and set up resource-level security and SPI command security. In the last lab exercise, you establish security between a terminal-owning region (TOR) and an MRO-connected application-owning region (AOR).
# of Days:
Setting:
|