Materials

In this page, you will find useful links, materials and other things about QRadar SIEM. This page will be updated with new material or deprecated others when necessary. Feel free to share yours in the comments section, I will be glad to add them.

---

General presentations:

• Section 1: Qradar Foundations
• Section 2: Qradar Data Sources

---

Social medias and blogs:

• Blog of Robert Rojek: https://www.robertrojek.pl/category/qradarsiem/
• Cyb3rSn0rlax's useful AQL Queries: https://github.com/Cyb3rSn0rlax/QRadar-AQLQueries/tree/master
• Jose Bravo QRadar SIEM materials (as Jose retired and he is not part of IBM, I suggest you to download the entire pack to prevent deletion) https://ibm.ent.box.com/s/ich0yyiw54y0ek6s9a66xvtjku8e42rc
• Jose Bravo Youtube channel: https://www.youtube.com/@jbravovideos/playlists

---

Technical documentations:

• Exporting custom content items of different types: https://www.ibm.com/docs/en/qsip/7.5.0?topic=content-exporting-custom-items-different-types
• Cross-origin resource sharing: https://ibmsecuritydocs.github.io/qradar_api_overview/c_rest_api_cors.html
• QRadar app framework v2: https://ibmsecuritydocs.github.io/qradar_appfw_v2/
• Viewing event details: https://www.ibm.com/docs/vi/qradar-on-cloud?topic=monitoring-viewing-event-details
• High Availability Guide : https://www.ibm.com/docs/en/SS42VS_7.4/pdf/b_qradar_ha_guide.pdf
• Troubleshooting and System
  Notifications Guide: https://www.ibm.com/docs/en/SS42VS_7.4/pdf/b_qradar_system_notifications.pdf

---

QRadar related projects:

• Unofficial third-party scripts, playbooks, and content for IBM QRadar & QRadar Community Edition: https://github.com/josh-morin/qradar/tree/master
• IBM-QRadar-Universal-Cloud-REST-API: https://github.com/IBM/IBM-QRadar-Universal-Cloud-REST-API/tree/master