• Create custom log sources to utilize events from uncommon sources
  • Create, maintain, and use reference data collections
  • Develop and optimize custom rules to detect indicators of an attack or policy violation

Key topics

  • Module 1: Creating custom log sources
  • Module 2: Leveraging reference data collections
  • Module 3: Developing custom rules


  • Security administrators
  • Security technical architects
  • Offense managers
  • Professional services using QRadar SIEM
  • QRadar SIEM administrators


  • IT infrastructure
  • IT security fundamentals
  • Linux
  • Microsoft Windows
  • TCP/IP networking
  • Log files and events
  • Network flows
  • You should also have completed the IBM Security QRadar SIEM Foundations course.


Two Days