IBM QRadar’s DomainTools Application

1
IBM QRadars DomainTools Application
www.infosectrain.com sales_at_infosectrain.com
2
QRadar is a single architecture that allows you
to analyze logs, flows, vulnerabilities, users,
and asset data all in one place. It detects
high-risk threats using real-time correlation and
behavioral anomaly detections. It has several
data points with high-priority incident
detections. It gives you complete control over
your network, software, and user behavior. It
also has automated regulatory enforcement
capabilities, including data collection,
correlation, and reporting.
www.infosectrain.com sales_at_infosectrain.com
3

• QRadar is a Security Information and Event
  Management (SIEM) platform that collects data
  from network devices and organizations. It's a
  SIEM product that is specifically designed for
  businesses to link to operating systems, host
  assets, applications, vulnerabilities, user
  activities, and behaviors. QRadar is used to
  examine log data and network flows in real-time
  so that malicious activities can be identified
  and stopped in the shortest time possible. As a
  result, QRadar ensures that the damage to its
  host company is either avoided or minimized.
• The IBM QRadar Applications
• The IBM QRadar offers numerous applications which
  you can browse at https//exchange.xforce.ibmcloud
  .com/hub. Some of the applications are
• DomainTools App for IBM QRadar With domain name
  profiles and risk ratings, the DomainTools App
  for IBM QRadar enables threat hunting and
  comprehensive incident response.
• Qualys App for QRadar The Qualys App for QRadar
  allows you to see your network vulnerabilities in
  IBM QRadar.
• QRadar Log Source Management The IBM Security
  QRadar Log Source Management app has been fully
  redesigned to allow you to access, create, edit,
  and delete log sources.
• Recorded Future for IBM QRadar IBM's Recorded
  Future App for QRadar allows for advanced IOC
  enrichment, lookups, correlations, and searches.

www.infosectrain.com sales_at_infosectrain.com
4

• Data collection in QRadar SIEM 
• IBM QRadar App For Splunk Data Forwarding The
  IBM QRadar App For Splunk Data Forwarding makes
  it simple to forward data from your Splunk
  instance to QRadar, allowing for more security
  use cases.
• IBM QRadar Data Synchronization App The IBM
  QRadar Data Synchronization App is a data
  resiliency solution that helps businesses boost
  IT resiliency and disaster recovery.
• QRadar DomainTools App
• The DomainTools App carries a lot of benefits for
  the security team, but some of the critical
  capabilities of the app incorporate
• In QRadar, the DomainTools Threat Hunting
  Dashboard displays a dynamic view of threats
  associated with domains observed in the user's
  world.
• It creates offenses with DomainTools' patented
  domain risk scores based on proximity.
• Without leaving QRadar, it investigates domain
  names in context.
• Threat hunting should be based on key aspects of
  a domain name's registration profile.
• QRadar with InfosecTrain
• If you want to learn QRadar, you can choose
  InfosecTrain's QRadar SIEM Security Training, as
  we are one of the leading training providers. Our
  highly trained and knowledgeable instructors have
  a thorough understanding of the content. We place
  a heavy emphasis on laying a solid foundation and
  providing candidates with technical knowledge.

www.infosectrain.com sales_at_infosectrain.com
5
QRadar's architecture is three-tiered, with
collectors at the bottom. The processor is placed
above the collectors, leaving the console at the
top. QRadar collectors are connected to all
network and cloud assets and apps. All collectors
transmit logs to the processor for correlation
and analysis, with the findings shown in the
QRadar interface. The first layer is data
collection, which collects data from your
network, such as events or flows. The all-in-one
appliance may gather data directly from your
network, or you can collect event or flow data
via collectors such as QRadar Event Collectors or
QRadar QFlow Collectors. Before sending to the
processing layer, the data is parsed and
normalized. When raw data is processed, it is
normalized to be presented in an organized and
helpful way. Event data describes events in the
user's environment at a particular moment in
time, such as user logins and emails. Flow data
is information about network activity or sessions
between two hosts on a network that QRadar
converts into flow records. QRadar converts or
normalizes raw data into IP addresses, ports,
byte and packet counts, and other information,
which is then recorded in flow records. This is
effectively a two-host session. In addition to
capturing flow information using a Flow
Collector, the QRadar Incident Forensics
component supports complete packet capture.
www.infosectrain.com sales_at_infosectrain.com
6
About InfosecTrain

• Established in 2016, we are one of the finest
  Security and Technology Training and Consulting
  company
• Wide range of professional training programs,
  certifications consulting services in the IT
  and Cyber Security domain
• High-quality technical services, certifications
  or customized training programs curated with
  professionals of over 15 years of combined
  experience in the domain

www.infosectrain.com sales_at_infosectrain.com
7
Our Endorsements
www.infosectrain.com sales_at_infosectrain.com
8
Why InfosecTrain
Global Learning Partners
Access to the recorded sessions
Certified and Experienced Instructors
Flexible modes of Training
Tailor Made Training
Post training completion
www.infosectrain.com sales_at_infosectrain.com
9
Our Trusted Clients
www.infosectrain.com sales_at_infosectrain.com
10
(No Transcript)
11
Contact us
Get your workforce reskilled by our certified and
experienced instructors!
IND 1800-843-7890 (Toll Free) / US 1
657-722-11127 / UK 44 7451 208413
sales_at_infosectrain.com
www.infosectrain.com