Security Intelligence Tutorial,

You
Demo & Use Case Videos

This document contains a growing list of very useful Security Intelligence Tutorial & Demo videos posted on
YouTube™. This file can be downloaded from this site: https://ibm.box.com/s/ich0yyiw54y0ek6s9a66xvtjku8e42rc

Security learning Academy http s:/ / yout u.be /eTdV t eV OraM J uly 12,2 017

X-Force and QRadar

Leveraging your FREE X-Force Subscription for QRadar (march 5,2017) https://youtu.be/-yWepLFePJI
Getting Logs When Systems are in the Cloud:
Azure Event Hub (March 8, 2018) https://youtu.be/SylTklpn2ko
Office 365 (March 31, 2017) https://youtu.be/km-2mMR6nCc
Box (March 16,2017) https://youtu.be/8g2AjsM9Q2g
Migration from other SIEM to QRadar (Nov 2017)
Syslog Redirect sending ArcSight logs to QRadar https://youtu.be/y2xIEkGjV1g
QRadar Community Edition (Oct/Nov 2017)
Link to Playlist: https://www.youtube.com/playlist?list=PLHh9jhztlMyom5iT0a1JCpQgeK8j3blZf

Introduction: https://youtu.be/Ii62Qy3ggnQ
CentOS installation https://youtu.be/FLMPFH9HgRM
Scripts to make the install even easier (Feb2, 2018) https://youtu.be/eRjql-I94vk
QRadar Community Edition Install https://youtu.be/i-qA3-b6_ME
Adding a DSM https://youtu.be/acwq1c1XXwA
Adding Windows Logs to QRadar CE https://youtu.be/ZgbHcp0IUIA
Very Basic Searches https://youtu.be/bqhPWQoBaMw
Advanced Searches https://youtu.be/xf5RFFbkneI
App Exchange https://youtu.be/UX3MICfP4k4
Network Hierarchy https://youtu.be/QI_8mQFGdXE
Adding Flows https://youtu.be/AJovcvi07nw
Dealing with offenses https://youtu.be/D6qOSG2-k7M
Adding X-Force Thread Feeds https://youtu.be/YkREukAOqts
Where to look for additional information https://youtu.be/5jxWB2RzDtw
QRadar Deployment Architecture
QRadar On Cloud (QROC) (Jan 23,2018) https://youtu.be/8KQjUrw1JnA
Part One (Jan 11, 2017) https://youtu.be/pl85saA_4BU
Part Two (Jan 11, 2017) https://youtu.be/CrCm5grwLRI
Part Three Cloud. (Jan 19, 2017) https://youtu.be/63LYYSBpTeQ

QRadar and Sysmon (from SysInternals)

Sysmon Introduction (Aug 7,2017) https://youtu.be/Xl31zNp4YUY
Sysmon PoweShell Use Case 1 (Aug 7,2017) https://youtu.be/PWiw-RpLIbw
Sysmon PowerShell Use Case 2 (Aug 7,2017) https://youtu.be/_eaMMo8sPtA
Sysmon PowerShell Use Case 3 (Aug 7,2017) https://youtu.be/sZUAuYpSe7Q
Sysmon Use Case 4 Bogus Windows Process (Aug 15,2017) https://youtu.be/gAS-B9gb3RY
Sysmon Use Case 5 Nasty Injection & Encoded Attacks (Aug 15 2017) https://youtu.be/kC2hIJxqF8Q

1 Security Intelligence Tutorial, Demo & Use Case Videos

 Security Intelligence Tutorial,
You
Demo & Use Case Videos
Sysmon Use Case 6 Detecting other Libraries (Aug 15, 2017) https://youtu.be/omWnyACNEcM
Sysmon Use Case 7 Privilege escalation Aug 21,2017 https://youtu.be/yitGRL-WJCM
Sysmon Use Case 8 Privilege escalation Cont. Aug 21,2017 https://youtu.be/8u6G6SEw3kE
Sysmon Use Case 9 More Privilege Escalation Detection (Aug 28) https://youtu.be/0Wy59Otr_Ag
Sysmon Use Case 10 Creating an Admin Account (Aug 28,2017) https://youtu.be/bJgaFSjuMSs
Sysmon Use Case 11 Detecting Name Pipe Impersonation (Aug 31,2017) https://youtu.be/pSBQ7NabDUY
Sysmon Use Case 12 Detecting Mimikatz (Aug 31,2017) https://youtu.be/gKa_CZAz3Jc
Sysmon Lateral Movement Detection, Example One (Sept 27,2017) https://youtu.be/IBEIN9sl4lk
Sysmon Lateral Movement Detection, Example Two (Oct 4,2017) https://youtu.be/whjpScDYaY4
Sysmon Lateral Movement Detection, Example Three (Oct 10 2017) https://youtu.be/7PXzi3pbmFo
Sysmon WinCollect Stand Alone Install & Config (Aug 7,2017) https://youtu.be/4Hx1rm8UX5k
Sysmon Install & Config (Aug 7,2017) https://youtu.be/vqGoXQEK8pA
Sysmon Rules and Funct. Install and Test (Aug 7,2017) https://youtu.be/T5SGPhmIAdw
Sysmon Kali (Aug 7,2017) https://youtu.be/2816tEAKFuw
Sysmon Patching is not Enough (Aug 7,2017) https://youtu.be/D-_941mrGHI
Sysmon Installation Notes (Aug 31,2017) https://youtu.be/xIu9vD7Nlw0
Deploying Sysmon easily with BigFix (Sept 11,2017) https://youtu.be/580o_c3UYNc
Sysmon Content Pack detecting Badrabbit (Oct 27,2017) https://youtu.be/eyHuf33LD5k
Sysmon and Watson chasing Badrabbit (Nov 16,2017) https://youtu.be/ah8rmpfS6-k
QRadar Content Management Tool (CMT)
Migrating QRadar Content Using CMT Part One (Dec 21, 2017) https://youtu.be/MBoaYUZCnZQ
Migrating QRadar’s Network Hierarchy with an App (Dec 25, 2017) https://youtu.be/oT87FrqT6_0
Migrating one Specific Use Case (Dec 26,2017) https://youtu.be/sdduMc-Cnqc

QRadar Multitenancy, Network Hierarchy and Domains

QRadar Mutitenancy (Nov 26, 2017) https://youtu.be/Xrn7q9v3vAk
Basics of CIRD Ranges (Nov 26, 2017) https://youtu.be/MmA0-978fSk

QRadar Tuning and Other Concepts

Tuning: Introduction https://youtu.be/xhrYeD3Pxiw
Server Discovery: https://youtu.be/gdQKS9HBEa8
Building Blocks and Reference Sets: https://youtu.be/UmKMbfmjqKQ June 14,2017
Network Hierarchy Part One https://youtu.be/mNyd8FNns_4 June 14,2017
Network Hierarchy Part Two: https://youtu.be/JagB0Ctd7tg June 14,2017
Tuning wrap up https://youtu.be/OGiIi39azT4 June 14,2017
Visualizing the content of Maps of Sets https://youtu.be/3QKCWcw7Src Sept 21,2017
QRadar Network Insights and DNS
Phishing, the attacker's view (Feb 14, 2018) https://youtu.be/tyKWrKUEirI
QRadar Flow Tutorial. Part One (Feb 12, 2018) https://youtu.be/RWf3AmWOk0U
QRadar Network Insights QNI. https://youtu.be/Kn8eC-L_dbs
Defending against DNS attacks. CyberSentinel. Part One https://youtu.be/7ep5V2sfLjs
Defending against DNS attacks. CyberSentinel. Part Two https://youtu.be/IZVFHM6dYao

QRadar Time Series

Time series Part 1 https://youtu.be/rLPQ1T9eWLA
Time series Part 2 https://youtu.be/6qklDxtjoFo

2 Security Intelligence Tutorial, Demo & Use Case Videos

Security Intelligence Tutorial,
You
Demo & Use Case Videos

QRadar Why isn't my rule firing? Series

QRadar Why isn't my rule firing? Part 0
You are going to love this troubleshooting tool https://youtu.be/VkwggreENSs
QRadar Why isn't my rule firing? Part 1
How to collect & replay logs https://youtu.be/lBUFRGvfnWs
QRadar Why isn't my rule firing? Part 2.
How to replay flows https://youtu.be/UcVIE8ObWK4
QRadar Why isn't my rule firing? Part 3.
Our first rule https://youtu.be/I-ZP-344xek
QRadar Why isn't my rule firing? Part 4.
False Positives https://youtu.be/LuEEoix4usU
QRadar Why isn't my rule firing? Part 5.
Exporting and Importing Rules https://youtu.be/VWTs3MtUF8M
QRadar Why isn't my rule firing? Part 6.
Exporting elements from dev. to production https://youtu.be/FdO4kFjpcKU
QRadar Why isn't my rule firing? Part 7.
Troubleshooting multi test rules https://youtu.be/nJbFK7OX9es
QRadar Why isn't my rule firing? Part 8.
Case Sensitivity and Network Hierarchy https://youtu.be/xM9iM33vuSA

QRadar Advisor with Watson

Configuration and one example (Jan 10, 2018) https://youtu.be/GiIUqT79kaI
Another example. (Jan 10,2018) https://youtu.be/UY1JbxoKLh0
CozyDuke use case https://youtu.be/VGEz1mKqtaQ
QRadar Advisor, Beta: https://youtu.be/2dFd7Y2pTZQ
QRadar Apps
Carbon Black (Jan 23, 2018) https://youtu.be/hN4BatUgI-Q
Rule Explorer (Jan 19,2018) https://youtu.be/YXC04mzuR5Q
QRadar Use Case Series
SMS Notifications from QRadar July 28 https://youtu.be/T3OryGDucQg
Pulse 1.0.2 July 28 https://youtu.be/7yMm5o7h_0o
Creating a rule that fires with internal comms to C&C (or bad site) https://ibm.biz/BdrjyD
Monitoring VPN access from countries, you do not do business with https://ibm.biz/BdrjyR
Detecting a remote scan followed by attempts to login https://youtu.be/QewdWiGRHHA
Detecting multiple login failures to compliance servers https://youtu.be/BRk3JFRB55E
Detecting a chat to a malicious site using non standard ports https://youtu.be/qa0EMWr9-bA
Detecting UDP scans and getting flows from the IPS https://youtu.be/Slbe85LU8fI
Detecting Phishing e-mails https://youtu.be/IRsuNX3pKBo
QRadar Detecting DDoS attacks and Superflows https://youtu.be/dpO8MNzS-UA
Populating Reference Sets from Soltra and other threat sources https://youtu.be/VaoNMy94f94
Detecting Successful Attacks with QRadar Part One https://youtu.be/xr-GHzklr6g
Part Two https://youtu.be/Rb0Vo6XznZY
Part Three https://youtu.be/rW8QHBLnD1M

QRadar Detecting Phishing & Ransomware

3 Security Intelligence Tutorial, Demo & Use Case Videos

 Security Intelligence Tutorial,
You
Demo & Use Case Videos
QRadar QNI Quad9 and Reaper (Dec 22, 2017) https://youtu.be/KWUpet9Y9Vw
QRadar Flows Detecting Reaper Malwar (Dec 6, 2017) https://youtu.be/f0kilm-zBNU
Detecting phishing via hashes using QNI Aug 18,2017 https://youtu.be/EsqpXIaQlBA
Discover Hidden Malware with QRadar Part 1: Introduction July 2,2017 https://youtu.be/-Wfb5I0pJYg
Discover Hidden Malware with QRadar Part 2: SMB exploit July 2,2017 https://youtu.be/_lwJxHd68jY
Discover Hidden Malware with QRadar Part 3 More July 2,2017 https://youtu.be/1-bvzAIeY_w
Discover Hidden Malware with QRadar Part 4: Petya Content Pack July 5,17 https://youtu.be/J5IO3X8GgXQ
Pertya June 28,2017 https://youtu.be/7jC9UCYl7TA
New Petcha Detecting it with QRadar and PAM June 29,2017 https://youtu.be/VJR3SkWXMYE
WannaCry Part 1 IPS and QRadar with before the breach detection https://youtu.be/pt2KK35TzBY
WannaCry Part 2 WannaCry content pack from App Exchange https://youtu.be/5YHi1L9Nqfg
WannaCry Part 3 Feed your WannaCry Ref Set from the X-Force https://youtu.be/vIYk69MYsp8
WannaCry Part 4 QVM detecting WannaCry exploited Vulnerabilities https://youtu.be/BO5AWlj_qwQ
WannaCry Part 5 Content Pack Update, Payload to Hex and Watson https://youtu.be/DUSTTQJxEuM
QRadar stopping Ransomware on its tracks. Part 1 https://youtu.be/ENYbSiUsfaE
QRadar stopping Ransomware on its tracks. Part 2 https://youtu.be/mpykyoWlnGI
QRadar stopping Ransomware on its tracks. Part 3 https://youtu.be/CVlBI6SnpgI
QRadar and Bigfix Stop Ransomware Autofast. Part One https://youtu.be/P90e4iEJ32s
QRadar and BigFix Stop Ransomware (Custom Action) Part Two https://youtu.be/sJOovKKX_SM
QRadar and Bigfix Stop Ransomware (Custom Action) Part Three https://youtu.be/-hGsYEDBbi8
QRadar and Bigfix Stop Ransomware (Custom Action) Part Four https://youtu.be/k0fKj4jAFXs
QRadar detecting Phishing and Ransomware https://youtu.be/BTRxRpMMmpI
Detecting Fraud with QRadar
Detecting fraud, Dormant accounts awakening https://youtu.be/MjS16uP5cHY
Detecting fraud, A URL with key word from a bad IP https://youtu.be/_ZDj18Swzcg
Detecting fraud, account takeover https://youtu.be/oUp3HYVrfQU
Detecting fraud, more examples https://youtu.be/llLQ8DlKhQQ
QRadar User Behavior Analytics
UBA 2.5 (Feb 1, 2018) https://youtu.be/UDp9n5c1YDc
UBA 2.4 (Jan 8,2017) https://youtu.be/5WZXsWfi9tc
UBA version 2.0 with Machine Learning https://youtu.be/RgF1RztR1yg
UBA version 1.1 https://youtu.be/5-VWAlPHZ6w
UBA version 1.2 https://youtu.be/fe3OwEUL7Vc
UBA example launching restricted programs https://youtu.be/OA5A0pYs93I
Detecting insider threat: USB inserted + bad website visited https://youtu.be/mV_cFTw__PQ
Custom offenses contributing to UBA risk score https://youtu.be/BzjCeADp5fo
QRadar Logs from Cloud and Analytics
QRadar Cloud Analytics App version 1.0 https://youtu.be/1fJPc6jdrq4
Box logs into QRadar https://youtu.be/8g2AjsM9Q2g
QRadar and Office 365 https://youtu.be/km-2mMR6nCc
QRadar DSM Editor
DSM Tutorial Part One (Jan 24 2018) https://youtu.be/LRhNMejQFNM
QRadar DSM Editor Tutorial in less than 10 minutes https://youtu.be/KF40bba_kp0
QRadar & Integration
Best Practices for Protecting Databases (Nov 25, 2017) https://youtu.be/rRaxHotyAQk
AppScan and Qradar
QRadar and AppScan Integration June 20,2017 https://youtu.be/ZkGGuGzhhs4
QRadar and AppScan Integration The Details June 20,2017 https://youtu.be/2FCIYlNqXzQ

4 Security Intelligence Tutorial, Demo & Use Case Videos

 Security Intelligence Tutorial,
You
Demo & Use Case Videos
Resilient and QRadar Integration https://youtu.be/WR1AsL8ia7U
BigFix App for Qradar Version 2.0 (Nov 23,2017) https://youtu.be/shuHRzBV1Bw
The Value of QRadar and BigFix Integration (Nov 23,2017) https://youtu.be/gXQMQHzbB-I

QRadar and Bigfix: 3 Reasons in 5 minutes Aug 11, 2017 https://youtu.be/yXErfcfZH04

BigFix App for QRadar Part One https://youtu.be/HXJuoVz_58c

BigFix App for QRadar Part Two https://youtu.be/r98wg1vMGsg

Understand QRadar/BigFix Integration in about 15 minutes:

QRadar and BigFix Integration Part1. Get vuln. data from BigFix https://youtu.be/1YUrzywMFgQ
QRadar and BigFix Integration Part2. Get real time vuln. data from BigFix https://youtu.be/zLKQ6CbDTKU
QRadar and BigFix Integration Part3. Getting logs from BigFix https://youtu.be/ZEO6Ll5QlAc
QRadar and BigFix Integration Part4. New Dashboard in Bigfix Console https://youtu.be/64HMrcS2w00

QRadar IPS & BigFix helping to fight Ransomware & other attacks https://youtu.be/UELw-sZkwjA
Technical Details https://youtu.be/HMs6mjDvwQo
IPS and QRadar Forensics Detecting and investigating Ransomware https://youtu.be/IhSJQT9d8pk
An Integrated Immune System for Cyber Threats https://youtu.be/xneGcpgO_NM
Integration whiteboard
QRadar Network Protection Connector https://youtu.be/73SMeSAXQ4c
Dealing with Vulnerabilities https://youtu.be/chAu5jrYLTs
Data Bases and Mainframes https://youtu.be/JRzlb10NQN4
Using IPSs more effectively https://youtu.be/9qYhANNBNPk
Dealing with Advanced Malware https://youtu.be/uXELdLirLm4
Mobile and Patching https://youtu.be/cHDIwNydkYw
Leveraging Identity Management Intelligence https://youtu.be/8GhnhIUgYy4
Web Access Management https://youtu.be/XbV0O_n5sB8
X-Force https://youtu.be/-lsu--1DPCg
Forensics https://youtu.be/BvTPy9GKHBU
Integration Demos
Guardium, IPS and Carbon Black (Jun 2017) https://youtu.be/XYHnumgJFcM
Part One https://youtu.be/iHaHS9xTsXE
Part Two https://youtu.be/cRavhpqfVqs
Part Three https://youtu.be/7pWRqYtNdRU
Part Four https://youtu.be/lQE_WEG22WY
Part Five https://youtu.be/aUqfIef8Uog
ISIM and QRadar Integration examples https://youtu.be/YvbNlQ4If-Q
The symbiotic relationship between BigFix and QVM https://youtu.be/tPValdswHwA
Technical Details https://youtu.be/2MfHziZnGfo
Mitigate Attacks with IBM BigFix & QRadar https://youtu.be/sCncDEDI138
Detect & remediate vulnerabilities faster https://youtu.be/NUJZBcOiqaI
BigFix Query https://youtu.be/teUsb6Wa8tQ
IPS, BigFix, QRadar SIEM/QVM/QRM integration demo https://youtu.be/rW8QHBLnD1M
Steps to configure these technologies:
“BigFix to QRadar” configuration https://youtu.be/EyNFI4vuKSc
“QRadar to BigFix” configuration https://youtu.be/EcxicHXBgkA
QVM scanner configuration https://youtu.be/B30jZKvbrnc
IPS configuration (alerts and flows) https://youtu.be/v62LsbmH6xE
IPS and QRadar
QRadar and IPS Automatic Quarantines. Part One https://youtu.be/acWefmmkISc

5 Security Intelligence Tutorial, Demo & Use Case Videos

Security Intelligence Tutorial,
You
Demo & Use Case Videos
QRadar and IPS Automatic Quarantines. Part Two
Palo Alto Integration
Configure Palo Alto to send Logs to QRadar. Part 1
Configure Palo Alto to send NetFlows for QRadar. Part 2
Configure Palo Alto and QRadar to automatically block bad IPs. Part 3 https://youtu.be/-lV3tVK6a1Y
Configure Palo Alto and QRadar to automatically block bad IPs. Part 4 https://youtu.be/SWmcoKkw60s
Carbon Black Integration
QRadar and Carbon Black Integration
QRadar, Carbon Black Response and IBM BigFix
Guardium, QRadar, IPS and PIM working together (July 2, 2016)
Protecting mainframes, DBs and AD
IBM Mainframe
Real time logs from mainframes Part One
Real time logs from mainframes Part Two
Is the mainframe your SIEM's dark spot?
Mainframe does not have to be a security silo
How to easily collect mainframe events
Health Check for mainframes using RACF or ACF/2
i-Series/AS/400/OS400
How to easily collect
Guardium Integration
Sending logs from V10 (April 2,2018)
Integration Look
Vulnerabilities
Guardium & QRadar Demo (May 13,2013)
AppScan, ISAM, IPS & QRadar Demo
Bi directional Integration
IPS Integration - Quarantine from QRadar to IPS
Big Data
QRadar BigData extension
QRadar basics and Big Data
AQL Tutorial
AQL Series- Quick Filter and UI Searches June 26,2017
AQL Series- AQL Introduction June 26,2017
AQL Series- Where, Group, Having, Order June 26,2017
AQL Series- Counting June 26,2017
AQL Series- Ref Set, Assets and UBA June 26,2017
AQL Series- Health Metrics and X Force June 26,2017
AQL Series More Health Metrics and API calls Unnounced
AQL Series Payload, Indexed and Regex Searches Unannounced https://youtu.be/_9_JgEPbZvU
Part 1. Documentation and basic syntax.
Part 2. Very useful AQL functions:
Part 3. Leveraging the X-Force calls
Part 4. Investigating APTs using AQL
Part 5. Nested IF/ELSE and CASE statement
Part 6. Custom AQL functions
Part 7 AQL queries to a table from LDAP
QRadar RESTful API
How to use the API
Connecting to QRadar API (based on 7.2.6 demo)
CyberSentinel
QRadar. Defending against DNS attacks. CyberSentinel. Part One
6 Security Intelligence Tutorial, Demo & Use Case Videos
https://youtu.be/AtJigoIkgBA
https://youtu.be/kLecgZEsOjQ
https://youtu.be/HuS7J07czAY
https://youtu.be/YbuzkQMAwcE
https://youtu.be/D0CVbItza9g
https://youtu.be/8ht6QL9E2FY
https://youtu.be/PzSv5mYci1Q
https://youtu.be/G7uNEDsEfJk
https://youtu.be/59qYMaoSing
https://youtu.be/lD8rR4IQhQs
https://youtu.be/9tDItmjcVU8
https://youtu.be/A7vTtgYP-Qw
https://youtu.be/Ur9mS29n4Zs
https://youtu.be/Ca-eYpLnlIw
https://youtu.be/TfpItWTJIJE
https://youtu.be/dPkYuPKunWs
https://youtu.be/OahQLas_fPk
https://youtu.be/s0_lAota9ts
https://youtu.be/_Sr0BBHkAd4
https://youtu.be/7wbqdzdI4MM
https://youtu.be/zhdB55Zjo9s
https://youtu.be/l_4ASz0cOQs
https://youtu.be/i6wezpafLNo
https://youtu.be/oXLiTVp_6sY
https://youtu.be/J_xeOGq3b40
https://youtu.be/0E1sVKuWMmg
https://youtu.be/Pf3BO1cNa80
https://youtu.be/VmQodzEYBKk
https://youtu.be/cPK6nW0667o
https://youtu.be/q5vyQlL2Olg
https://youtu.be/-ZHVubxGO2s
https://youtu.be/KfXrij5hGSM
https://youtu.be/Bpq-T8pgNwI
https://youtu.be/n99ttBe4WcQ
https://youtu.be/aoRiVYnlIQk
https://youtu.be/6z8zjXw-xE4
https://youtu.be/VTlnanRdfXQ
https://youtu.be/pPC23DDYiVc
https://youtu.be/30Tq-oWLlRw
https://youtu.be/7ep5V2sfLjs
Security Intelligence Tutorial,
You
Demo & Use Case Videos
QRadar Application Example with AQL via REST API
Part 1 https://youtu.be/XE9UBI9spQ8
Part 2 https://youtu.be/Kd96J3AU9cs
Integration AppScan, IPS and QRadar
https://youtu.be/fUmYZ0TpKes
https://youtu.be/NMaNCOwe6C4
https://youtu.be/7wAE4TnyERI
QRadar & IBM Control Desk (ICD/SCCD) Integration https://youtu.be/3ZctrDd41aw
Maas360 and QRadar Integration https://youtu.be/Vvilnt2pQ0A
Why QRadar?
What makes QRadar So Special (Oct 6, 2017) https://youtu.be/dpMn0GrAsCg
Flows Tutorial. Part One (Feb 12, 2018) https://youtu.be/RWf3AmWOk0U
QRadar Flows https://youtu.be/mlm_g5vqk1k
Why QRadar is so special (in 30 minutes)
Part One https://youtu.be/ditD3aD4Y-Q
Part Two https://youtu.be/Uoyl9y-wUZI
Part Three https://youtu.be/2Y6pwDdLCwU
Why QRadar delivers value so rapidly https://youtu.be/LqnNkReUXe4
What makes QRadar so special?
Part One https://youtu.be/g749DASrzgU
Part Two https://youtu.be/HV6X-NLD4c0
What makes QRadar so Special (updated with QVM) https://youtu.be/-RU-PSsddmc
Some of QRadar 7.2.6 Features https://youtu.be/onTkiCm2yJA
QRadar App Exchange (based on 7.2.6 demo system) https://youtu.be/1M7JUBJJE1c
QRadar App - QRadar User Behaviour Analytics https://youtu.be/ARVsuQaSF9E
Easy to administer (based on 7.2.6 demo system)
Customizing QRadar https://youtu.be/HpE6mU_NAMw
Looking for anomalies https://youtu.be/iAv8cZAqN2A
Creating behaviour, anomaly &threshold rules https://youtu.be/LgksZvchS38
Searches in QRadar https://youtu.be/sYcfxB0p3oU
QRadar 7.2.7 new features in 9 minutes https://youtu.be/WQ3IZfYPcbg
QRadar SIEM
QRadar Server Discovery https://youtu.be/gdQKS9HBEa8
QRadar Taxonomy https://youtu.be/5RcsaHOBKX8
Tuning QRadar Part 1 https://youtu.be/xhrYeD3Pxiw
QRadar SIEM Core Foundation Enablement https://youtu.be/hlrZPsz82pM
QRadar walkthrough (QRM, QVM, AppExchange, QRadar Visual Analytics and Incident Overview)
https://vimeo.com/177539234
A look inside IBM Security QRadar / Offense Workflow https://youtu.be/69rnM_hR9Lw
QRadar Offense Investigation Walkthrough https://vimeo.com/177564412
Workflows in QRadar (based on 7.2.6 demo system) https://youtu.be/u7u4J4lcfdc
Security Intelligence
Part One: https://youtu.be/eedzh6U5AEk
Part Two: https://youtu.be/Bck5jNRZf3w
QRadar Rule creation: Baseline of trusted users https://youtu.be/kRVsbxsYHg0
Creating Searches, Rules and Offenses using Categories https://youtu.be/hlw7npbq0j0
QRadar and Network Flows
Simple analogy to explain the value of flows https://youtu.be/T3Z8bBp7ylc
The power of flows https://youtu.be/C9UUuVZ1TmE
The value of flows https://youtu.be/8fXII1rXFHQ
Explaining QFlows (and adding them to QRadar) https://youtu.be/r1r3ontFVfw

7 Security Intelligence Tutorial, Demo & Use Case Videos

Security Intelligence Tutorial,
You
Demo & Use Case Videos
Data Loss and Flows https://youtu.be/l_ZM4IzxGno
DDoS and Superflows https://youtu.be/XDbcG000zHw
Anomaly on aggregated search https://youtu.be/lqhUYVUWihI
Policy Violation https://youtu.be/Am8O6tgmUpY
Offense Chaining https://youtu.be/TM5sAgencY8
Unauthorized user https://youtu.be/aD9136ZrUkg
Detecting beaconing https://youtu.be/X1auYa_nTAQ
Reports (based on 7.2.6 demo system) https://youtu.be/VslO4_4Xz2Q
Asset DB in QRadar (based on 7.2.6 demo system) https://youtu.be/7dIOdpk3KF4
Advanced Searches
Introduction https://youtu.be/Wt03C9SxO3w
Editing some searches https://youtu.be/L6UwGCG3DPw
Detecting beaconing at irregular intervals https://youtu.be/GBEGyV11kMg
Creating reports with application names and user names https://youtu.be/ODgBM2viXTg
Using sophisticated searches when investigating offenses https://youtu.be/kB1Hi--Vs8Y
QRadar Tutorial (based old demo system)
-1 Offenses 1025, 885 and 953 https://youtu.be/h63fyGlprTw
-2 Offenses 911, 995 and 929 https://youtu.be/N9ul6gfGimc
-3 Offenses 916, 938 and 906 https://youtu.be/624_AFAaF78
-4 Offenses 919, 898 & QRM Policy https://youtu.be/dAMjGijuVmY
-5 QRM Simulation of Changes https://youtu.be/KywEpLd3m9k
QRadar Offenses (based on 7.2.6 demo system)
QRadar detects exploited vulnerabilities https://youtu.be/OlkmbKoHPAI
Detecting Jailbroken iPhones https://youtu.be/cvJIoHYB0f0
Either in the building (badged) or remote (VPN) but not both https://youtu.be/igrZ_FYME4c
Detecting stolen credit card data https://youtu.be/PhK6TKnMWrE
Offenses with one thing in common https://youtu.be/DH_J6rEc09o
QRadar is easy to administer (based on 7.2.6 demo system)
Customizing QRadar https://youtu.be/HpE6mU_NAMw
Detecting anomalies https://youtu.be/iAv8cZAqN2A
Creating behavior, anomaly and threshold rules in QRadar https://youtu.be/LgksZvchS38
Searches in QRadar https://youtu.be/sYcfxB0p3oU
QRadar Tuning – Tutorial https://youtu.be/NZuTruTxMeY
QRadar Testing rules with LogRun, TCPReplay & Right-click https://youtu.be/LHv6_JjhFU4
QRadar Domain Segmentation & Multi-Tenancy (Concept & Demo) https://youtu.be/kuoxqUeOEWs
QRadar Detecting DDoS attacks and Superflows https://youtu.be/dpO8MNzS-UA

QRadar Risk & Vulnerability Managers

QVM Dashboard https://youtu.be/jjBg5c0_etk

QVM and QRM fast-pace tutorial https://youtu.be/C6TqOPGy1zc
QRadar Vulnerability Manager Demo https://youtu.be/7gHmVZ-f9IY
https://youtu.be/Vg3u6Z0dZ4U
QRadar Risk Manager Tutorial
1- White Board Intro https://youtu.be/vj2mCONlRQQ
2- Connections & Topology https://youtu.be/osxDKH6zpZw
3- Policies https://youtu.be/QCcEzBQhyEk
4- More on Policies https://youtu.be/fXNa_-HU35M
5- Simulation of Changes https://youtu.be/KywEpLd3m9k
QRM & QVM modules (based on 7.2.6 demo system)
QRadar Vulnerability Manager https://youtu.be/EY4f94244j8
QRadar Risk Manager https://youtu.be/wu48D-bYczw

8 Security Intelligence Tutorial, Demo & Use Case Videos

Security Intelligence Tutorial,
You
Demo & Use Case Videos

QRadar Incident Forensics

Introduction https://youtu.be/KPl4v1esscw
Use case #1 https://youtu.be/-2de18vjxRU
Use case #2 https://youtu.be/vPJshiECOvk
Use case #3 https://youtu.be/NqGqUyUfY3k
Use case #4 https://youtu.be/28Y39DbwmsQ
Nothing escapes the scrutiny of QRadar Forensics (based on 7.2.6) https://youtu.be/uhGGboQyQdY
File Analysis, looking for suspicious files (based on 7.2.6) https://youtu.be/Cb-E7Et389U
Image Analysis (steganography) & Quick Start View (based on 7.2.6) https://youtu.be/DJ_f1um-j6k
VGrid Surveyor Link Analysis and Query Builder (based on 7.2.6) https://youtu.be/QShGR_naFxo
More on File, Image and Link Analysis (based on 7.2.6) https://youtu.be/Lar7B9Mj6qc
Advanced Persistent Threats
What are APTs? https://youtu.be/1qFga_DJs0c
An average of 225 days to detect an APT… https://youtu.be/_hEX9vSmTII
Advanced Persistent Threats
Part One https://youtu.be/Fzl34he-qB8
Part Two https://youtu.be/9vaEtX0d2gg
Part Three https://youtu.be/LsYYtB5-WD0
Part Four https://youtu.be/m-1Gr1UK3k8
MISC.
Quad 9 https://youtu.be/b7vxSLR2ptI
What is "Cognitive" Security? https://youtu.be/WOl3qENuE_g
Cognitive Security - IBM Security Summit 2016 https://vimeo.com/171964887
Watson for Cyber Security https://youtu.be/xG9jazUpEus
Dealing with ShellShock https://youtu.be/jN2zXlQ520E
IPS: Snort Engines can be easily fooled https://youtu.be/xSVT1aOIM2E
Security Cloud Enforcer - Introductory Whiteboard https://youtu.be/1aIhaLxEPew
Why is Computer Security so hard? https://youtu.be/ox_DDz3oLgc
Cross Site Scripting https://youtu.be/llry5ZxTDUM

9 Security Intelligence Tutorial, Demo & Use Case Videos