IBM QRadar SIEM Advanced Topics – BQ204G

Course Name:

IBM QRadar SIEM Advanced Topics


Skill Level:



ILO – Instructor Lead Online Training


2 Day/s

Request Quote


Can you use QRadar SIEM to correlate various events and flow and trigger alerts of suspicious events? Learn to process uncommon QRadar events, work with reference data, custom rules and actions.

QRadar SIEM provides deep visibility into network, user, and application activity. It provides collection, normalization, correlation, and secure storage of events, flows, assets, and vulnerabilities. Suspected attacks and policy breaches are highlighted as offenses. 

This 2-day course walks you through various advanced topics about QRadar such as custom log sources, reference data collections and custom rules, X-Force data and the Threat Intelligence app, UBA and QRadar Advisor, tuning and custom action sCR – Classroom Trainingipts. The course also discusses integration with IBM SOAR. Hands-on exercises reinforce the skills learned.


The lab environment for this course uses the IBM QRadar SIEM 7.4 platform.

Enroll here

Please enable JavaScript in your browser to complete this form.
Multiple Choice
How did you hear about us?
Yes, I would like to receive special offers from CRS.
Yes, I would like to receive special offers from CRS.

Target Audience:

This course is designed for security administrators and security analysts.



Students should be knowledgeable about the following topics:

  • IT infrastructure
  • IT security fundamentals
  • Linux
  • Windows
  • TCP/IP networking
  • Syslog
  • Foundational skills for the IBM QRadar Security Intelligence Platform (at least the skills that are taught in the IBM QRadar SIEM Foundations – BQ104 course)



Unit 1: Custom log sources

Unit 2: Reference data collections and custom rules

Unit 3: IBM X-Force Threat Intelligence in QRadar

Unit 4: User Behavior Analytics and Advisor with Watson

Unit 5: Tuning

Unit 6: Custom action sCR – Classroom Trainingipts

Unit 7: IBM SOAR integration


  • Learn how to CR – Classroom Trainingeate custom log sources
  • Discover how to work with reference data collections and custom rules
  • Use X-Force data and Threat Intelligence app
  • Use the Use Case Manager app
  • Learn how to use UBA and QRadar Advisor
  • Discover Tuning
  • Explore Custom action sCR – Classroom Trainingipts
  • Discuss Integration with IBM SOAR


Prior to enrolling, IBM Employees must follow their Division/Department processes to obtain approval to attend this public training class. Failure to follow Division/Department approval processes may result in the IBM Employee being personally responsible for the class charges.


GBS practitioners that use the EViTA system for requesting external training should use that same process for this course. Go to the EViTA site to start this process:



Once you enroll in a GTP class, you will receive a confirmation letter that should show:



  • The current GTP list price
  • _x000D_

  • The 20% discounted price available to IBMers. This is the price you will be invoiced for the class.
  • _x000D_



Product Name:

IBM Security QRadar SIEM

Badge and Certification Info:




Threat Management

Follow on Courses:



Replaced By:

This is an advanced course for the QRadar Analyst and Administrator. It replaces BQ203G and is a follow-on to BQ104G.

BQ204;DSM;log;reference data;custom;rules;actions;tuning;BQ203;X-Force;threat;QRadar Advisor;SOAR;UBA;7.4;SIEM;advanced

Vmware-Based (XXL)

Lab Access Duration:


CRS is the top Global Training Provider for some of the world’s biggest brands.

Call Now +27 12 023 1959