-> Create custom log sources to utilize events from uncommon sources
-> Create, maintain, and use reference data collections
-> Develop and manage custom rules to detect unusual activity in your network
-> Develop and manage custom action scripts for automated rule response
-> Develop and manage anomaly detection rules to detect when unusual network traffic patterns occur
-> Describe how QRadar SIEM collects data to detect suspicious activities
-> Describe the QRadar SIEM component architecture and data flows
-> Navigate the user interface
-> Investigate suspected attacks and policy breaches
-> Search, filter, group, and analyze security data
-> Investigate the vulnerabilities and services of assets
-> Use network hierarchies
-> Locate custom rules and inspect actions and responses of rules
-> Analyze offenses created by QRadar SIEM
-> Use index management
-> Navigate and customize the QRadar SIEM dashboard
-> Use QRadar SIEM to create customized reports
-> Use charts and filters
-> Use AQL for advanced searches
-> Analyze a real-world scenario
-> Overview
-> Create a log Analytics workspace and Sentinel Workspace.
-> Integrating Log Sources with Sentinel using (API, SYSLOG and Agent based)
-> Writing custom parsers using KQL
-> Creating Analytic Rules in Sentinel
-> Creating custom workbooks in Sentinel
-> Introduction and demo of Azure Logic Apps (2 Automation will be covered)
-> Creating Watchlist and calling them in Rules
-> Creating Automation Rules and binding them with playbooks
-> Overview of Sentinel workspace
-> Learning KQL in detail.
-> Understanding the schema for various log sources
-> Lab on applying custom search using KQL
-> Analysing Security incidents
-> Developing skills to correlate between multiple log sources.
-> Finetuning of the rules.
-> Understanding the logs for core security infrastructures like WAF, FW, AD etc.