LAB2 - Solution(1) - LAB2 - Solution(1) PDF
| Title | LAB2 - Solution(1) - LAB2 - Solution(1) |
|---|---|
| Course | Computer and Network Security |
| Institution | Universiti Putra Malaysia |
| Pages | 5 |
| File Size | 419.2 KB |
| File Type | |
| Total Downloads | 323 |
| Total Views | 357 |
Summary
LAB 2: CSF-4613 Security Intelligence: Using the QRadar SIEMDashboard.Student Name: Ayman AhmedStudent ID: HLab Objectives: Create a new dashboard and add items to the dashboard.Lab Requirements: QRadar VM & Windows Server 2003 VM.Introduction: The Dashboard is the default view when you log ...
Description
CSF-4613
Security Intelligence
Lab 2
LAB 2: CSF-4613 Security Intelligence: Using the QRadar SIEM Dashboard. Student Name: Ayman Ahmed Student ID: H0011122233
Lab Objectives: Create a new dashboard and add items to the dashboard. Lab Requirements: QRadar VM & Windows Server 2003 VM. Introduction: The Dashboard is the default view when you log in to QRadar SIEM. It provides a workspace environment that supports multiple dashboards to display views of network security, activity, or data that QRadar SIEM collects. The Dashboard tab provides five default dashboards focused on threat and security, network activity, application activity, system monitoring, and compliance. Each dashboard shows a default set of items. The dashboard items act as launch points to navigate to more detailed data. Create a custom dashboard to focus on your network security responsibilities. Creating a new dashboard: To create a new dashboard and add items to the dashboard, perform the following steps: 1. Power ON both virtual machines (QR & Win). Note: Play the VMs ahead of time, because it takes QRadar about 7 – 10 minutes to boot and get ready to work on. 2. Log in to the Windows server. (Username: administrator & password object00) 3. Open a PuTTY session on the QRadar SIEM server. Use the procedure “Logging in to the QRadar SIEM server VM” used in lab 1. 4. Generate events using PuTTY command line, type the following command:
Instructor/ Student Lab Manual
Ayman Ahmed
CSF-4613
Security Intelligence
Lab 2
5. Log in to the QRadar SIEM console by opening Firefox browser, then click on “Login To QRadar” button.
6. Click the New Dashboard icon.
7. In the Name field, type your name – Student ID. E.g. Ayman-H00111222. In the description field, type My Dashboard. Then click OK.
Note: A new custom dashboard is empty by default. Therefore, you must add items to the dashboard.
Instructor/ Student Lab Manual
Ayman Ahmed
CSF-4613
Security Intelligence
Lab 2
8. To add items to the new dashboard, from the Add Item list, select the following items: I. Network activity > Flow Searches > Top Application II. Offenses > Offenses > Most Recent Offense III. Log Activity > Event Searches > Event Rate (EPS) You should have the same items on your new dashboard as shown below:
9. You can arrange the dashboard items by dragging each to the appropriate location on the dashboard. 10. Arrange your dashboard items as shown below
Instructor/ Student Lab Manual
Ayman Ahmed
CSF-4613
Security Intelligence
Lab 2
11. Take a screenshot of your new dashboard after arranged as shown above, and paste it below: Note: If you move a dashboard item while arranging its location and it disappeared, press F5 on the keyboard to refresh the whole page to show the item.
End of the lab
Review Questions: The following questions are based on this lab activity and week 5 PowerPoint. Q1. List below the six default dashboards that are available in IBM security QRadar. (You may answer this question from the QRadar interface) Application Overview – Compliance Overview – Network Overview – System Monitoring – Threat and Security Monitoring – Vulnerability Management Q2. Why do you create custom dashboards rather than using the default dashboard? Create custom dashboards to focus on your security or operations responsibilities.
Q3. Which of the following IBM QRadar tabs that Query and display events? A. ☐ Network Activity Instructor/ Student Lab Manual
Ayman Ahmed
CSF-4613
Security Intelligence
Lab 2
B. ☒ Log Activity C. ☐ Offenses D. ☐ Assets
Q4. In IBM QRadar, the displayed dashboard, events and flows refresh every _____ unless you click Pause. A. B. C. D.
☐ One hour ☒ One minute ☐ One second ☐ One day
Instructor/ Student Lab Manual
Ayman Ahmed...
Similar Free PDFs
Lab2 - fdsadfs
- 2 Pages
Lab2 - Matlab
- 9 Pages
Lab2-ie
- 12 Pages
Lab2 Information and signals
- 12 Pages
QUEUE.java for lab2
- 8 Pages
Lab2 - Lab Report
- 17 Pages
Informe Lab2 Compresión
- 12 Pages
Lab2 - Grade: 5,0
- 3 Pages
Lab2 car Auction
- 2 Pages
Lab2-2 - More SQL
- 6 Pages
Lab2 win - Lab 2
- 6 Pages
Lab2 termo 1CL132
- 17 Pages
LAB2 Fundamentos de Informatica
- 6 Pages
COMP9517 20T2 Lab2 Specification
- 3 Pages
Lab2 - Lab report
- 3 Pages
Popular Institutions
- Tinajero National High School - Annex
- Politeknik Caltex Riau
- Yokohama City University
- SGT University
- University of Al-Qadisiyah
- Divine Word College of Vigan
- Techniek College Rotterdam
- Universidade de Santiago
- Universiti Teknologi MARA Cawangan Johor Kampus Pasir Gudang
- Poltekkes Kemenkes Yogyakarta
- Baguio City National High School
- Colegio san marcos
- preparatoria uno
- Centro de Bachillerato Tecnológico Industrial y de Servicios No. 107
- Dalian Maritime University
- Quang Trung Secondary School
- Colegio Tecnológico en Informática
- Corporación Regional de Educación Superior
- Grupo CEDVA
- Dar Al Uloom University
- Centro de Estudios Preuniversitarios de la Universidad Nacional de Ingeniería
- 上智大学
- Aakash International School, Nuna Majara
- San Felipe Neri Catholic School
- Kang Chiao International School - New Taipei City
- Misamis Occidental National High School
- Institución Educativa Escuela Normal Juan Ladrilleros
- Kolehiyo ng Pantukan
- Batanes State College
- Instituto Continental
- Sekolah Menengah Kejuruan Kesehatan Kaltara (Tarakan)
- Colegio de La Inmaculada Concepcion - Cebu