Title | LAB2 - Solution(1) - LAB2 - Solution(1) |
---|---|
Course | Computer and Network Security |
Institution | Universiti Putra Malaysia |
Pages | 5 |
File Size | 419.2 KB |
File Type | |
Total Downloads | 323 |
Total Views | 357 |
LAB 2: CSF-4613 Security Intelligence: Using the QRadar SIEMDashboard.Student Name: Ayman AhmedStudent ID: HLab Objectives: Create a new dashboard and add items to the dashboard.Lab Requirements: QRadar VM & Windows Server 2003 VM.Introduction: The Dashboard is the default view when you log ...
CSF-4613
Security Intelligence
Lab 2
LAB 2: CSF-4613 Security Intelligence: Using the QRadar SIEM Dashboard. Student Name: Ayman Ahmed Student ID: H0011122233
Lab Objectives: Create a new dashboard and add items to the dashboard. Lab Requirements: QRadar VM & Windows Server 2003 VM. Introduction: The Dashboard is the default view when you log in to QRadar SIEM. It provides a workspace environment that supports multiple dashboards to display views of network security, activity, or data that QRadar SIEM collects. The Dashboard tab provides five default dashboards focused on threat and security, network activity, application activity, system monitoring, and compliance. Each dashboard shows a default set of items. The dashboard items act as launch points to navigate to more detailed data. Create a custom dashboard to focus on your network security responsibilities. Creating a new dashboard: To create a new dashboard and add items to the dashboard, perform the following steps: 1. Power ON both virtual machines (QR & Win). Note: Play the VMs ahead of time, because it takes QRadar about 7 – 10 minutes to boot and get ready to work on. 2. Log in to the Windows server. (Username: administrator & password object00) 3. Open a PuTTY session on the QRadar SIEM server. Use the procedure “Logging in to the QRadar SIEM server VM” used in lab 1. 4. Generate events using PuTTY command line, type the following command:
Instructor/ Student Lab Manual
Ayman Ahmed
CSF-4613
Security Intelligence
Lab 2
5. Log in to the QRadar SIEM console by opening Firefox browser, then click on “Login To QRadar” button.
6. Click the New Dashboard icon.
7. In the Name field, type your name – Student ID. E.g. Ayman-H00111222. In the description field, type My Dashboard. Then click OK.
Note: A new custom dashboard is empty by default. Therefore, you must add items to the dashboard.
Instructor/ Student Lab Manual
Ayman Ahmed
CSF-4613
Security Intelligence
Lab 2
8. To add items to the new dashboard, from the Add Item list, select the following items: I. Network activity > Flow Searches > Top Application II. Offenses > Offenses > Most Recent Offense III. Log Activity > Event Searches > Event Rate (EPS) You should have the same items on your new dashboard as shown below:
9. You can arrange the dashboard items by dragging each to the appropriate location on the dashboard. 10. Arrange your dashboard items as shown below
Instructor/ Student Lab Manual
Ayman Ahmed
CSF-4613
Security Intelligence
Lab 2
11. Take a screenshot of your new dashboard after arranged as shown above, and paste it below: Note: If you move a dashboard item while arranging its location and it disappeared, press F5 on the keyboard to refresh the whole page to show the item.
End of the lab
Review Questions: The following questions are based on this lab activity and week 5 PowerPoint. Q1. List below the six default dashboards that are available in IBM security QRadar. (You may answer this question from the QRadar interface) Application Overview – Compliance Overview – Network Overview – System Monitoring – Threat and Security Monitoring – Vulnerability Management Q2. Why do you create custom dashboards rather than using the default dashboard? Create custom dashboards to focus on your security or operations responsibilities.
Q3. Which of the following IBM QRadar tabs that Query and display events? A. ☐ Network Activity Instructor/ Student Lab Manual
Ayman Ahmed
CSF-4613
Security Intelligence
Lab 2
B. ☒ Log Activity C. ☐ Offenses D. ☐ Assets
Q4. In IBM QRadar, the displayed dashboard, events and flows refresh every _____ unless you click Pause. A. B. C. D.
☐ One hour ☒ One minute ☐ One second ☐ One day
Instructor/ Student Lab Manual
Ayman Ahmed...