IBM QRadar SIEM Lab – Incident Detection & Response

This project involved completing the IBM QRadar SIEM Lab (Course LSL0232X), designed to simulate real-world SOC analyst workflows. The lab provided hands-on experience with log management, network flow analysis, and incident response using QRadar 7.4. Key tasks included:

System Familiarization: Logging into the SIEM console, navigating dashboards, customizing views, and working with Pulse widgets for real-time threat visualization.

Incident Investigation: Detecting and analyzing a simulated Remote Desktop Protocol (RDP) attack, reviewing offense details, and exploring contributing rules.

Threat Hunting: Creating searches for suspicious RDP connections, correlating events and flows, and applying filters for deeper analysis.

Reporting & Automation: Building custom report templates for monitoring remote access attempts, scheduling automated reporting, and visualizing results.

Network Management: Configuring the network hierarchy to properly classify local vs. remote traffic, reducing false positives, and ensuring accurate offense generation.

Incident Closure: Validating legitimate traffic, documenting investigation steps, and closing offenses with analyst notes.

Through this lab, I gained practical SOC skills in offense triage, threat detection, and SIEM administration. It demonstrates the ability to apply QRadar to detect malicious activity, investigate offenses, and automate reporting for proactive security monitoring.