QRadar101 Lab Challenge
Hands-on Analysis & Investigation Guide
Objectives of the QRadar101 Lab Challenge
β Get familiar with IBM QRadar as a SIEM tool.
π Practice filtering and analyzing logs to track attacker activity.
π΅οΈββοΈ Investigate a real attack scenario using QRadar's event logs and offenses.
π§ Improve skills in log correlation, event investigation, and IOC identification.
π‘ Learn how to extract useful insights and link logs to specific hosts, users, and malicious actions.
π Build a clear timeline of the attack using available artifacts (e.g., process creation logs, Suricata alerts, HTTP payloads).
Based on CyberDefenders Blue Team CTF https://cyberdefenders.org/blueteam-ctf-challenges/qradar101/
Last updated