Experience: 2-3 years
Would understand the data logs available in an Organization.
Help in developing security data models and metrics.
Work on enabling to use the data effectively to generate meaningful rules and reports.
Understanding of Log sources such as Operating System, Database, Web servers, Security and Network Technologies
Responsible for normalization of logs either by reviewing the log baseline of log sources or recommending changes on log sources to reduce noise
Creation of UDSM (Universal Device Support Module) or custom Parsers for log sources that are not supported in Qradar
Analyze logs for unknown and stored events and accordingly resolve to ensure that there is no miss of security incidents
Monitoring of EPS and FPM dashboard for violations
In-depth understanding of security events/logs that can arise from various protection devices (IPS/WAF/DDOS/APT etc) and derive strategy to build use cases by SIEM Content developer.
Understand QRADAR product architecture - Understanding logs, Log formats, identify appropriate information for Log parsing and SIEM rule creation, Log Source Review
Suggest logging levels and baseline log sources.
Evaluate and suggest new use cases
Consume inputs from Monitoring and IR team for new Rule development.
Responsible for fine-tuning of use cases in SIEM implemented security technologies for security effectiveness and reducing false-positives. - Collate inputs from Monitoring and Incident Response team for new use case development
Understanding of Log sources such as Operating System, Database, Web servers, Security and Network Technologies.