QRadar EDR: Integrating with QRadar SIEM

In this course you learn how to integrate QRadar EDR and SIEM by creating an API application in QRadar EDR and by adding a new log source in QRadar SIEM to add endpoint detection and alerts to QRadar SIEM.

Integrating QRadar EDR and SIEM amplifies the power of QRadar XDR (extended detection and response) by leveraging AI and automation opportunities.

Having advanced and automated response capabilities enables analysts to focus on the fight in front of them.

This course applies to version 3.12 of the on-premises IBM Security QRadar EDR offering.

In this course you learn to do these activities:

• Configure an API application in QRadar EDR
• Install a new log source in QRadar SIEM
• Configure the correct protocol for a log source in QRadar SIEM
• Analyze endpoint alerts from the SIEM dashboard using data from EDR

This course is tailored to IT security analysts in a Security Operations Center (SOC) environment who are tasked with endpoint protection and threat hunting, as well as QRadar EDR administrators, incident responders, and managed service security providers (MSSP).

Unit 1: Integrating with QRadar SIEM

• Configure an API application in QRadar EDR
• Install a new log source in QRadar SIEM
• Configure the correct protocol for a log source in QRadar SIEM
• Analyze endpoint alerts from the SIEM dashboard using data from EDR

Unit 2: QRadar EDR - integrating with QRadar SIEM - Lab

• Exercise 1 - Configuring QRadar EDR and QRadar SIEM integration
• Exercise 2 - BitTorrent is run on an endpoint 
• Exercise 3 – Malware detected (tryme.exe)