Course Search Results

Found 42 courses tagged with "Think 2018".

This course demonstrates how IBM i2 Enterprise Insight Analysis (EIA) and IBM i2 Analyst's Notebook can enrich the analysis of an IBM QRadar offense by curating and importing data from several disparate sources into the EIA Information Store. In this use case, data from multiple sources is imported into i2 Analyst's Notebook where you use link analysis to uncover connections and networks among different entities as well as behavior patterns.

Among the topics that you will cover in this course are:

  • Using the Offense Investigator app to bring a QRadar offense into i2 Analyst's Notebook (ANB) and expanding on an offense
  • Connecting to (EIA) from i2 Analyst's Notebook to  to find data using Search and Visual Search tools from the Home toolbar
  • Using Expand and Expand with Conditions to bring linked items from the EIA Information Store into an ANB chart to visualize connections
  • Using i2 Analyst's Notebook analysis tools and the Analyze toolbar features like Search, List Items, Bar Charts and Histograms, Find Connecting Network
  • Bringing data from multiple sources into one analytical investigation to shut down security breaches and to find out who is behind them and why

In this two part lab, you learn how to configure MaaS360 Cloud Extender’s Certificate Integration module to integrate with a Microsoft CA to provision identity certificates for mobile devices. After you set up the Certificate Integration module, you configure the Enterprise Gateway module to use identity certificates for authentication.

In these exercises, you configure Transport Layer Security (TLS) (also known as SSL) communication between IBM Directory Server and IBM Directory Integrator.

IBM Access Manager provides OAuth 2.0 token introspection endpoint to support functions specified in RFC7662. The OAuth clients can use this endpoint to query the OAuth authorization server and request details about the access tokens issued by the server. For example, determining if the token is still active or accessing additional information about the token.
This lab demonstrates how to configure and use the OAuth 2.0 token introspection endpoint.

In this lab, you configure HTTP transformation rules to modify HTTP requests and responses passing through the reverse proxy junctions.

In this lab, you configure Access Manager V9.0.3 to facilitate authentication to the WebSphere Liberty application using JSON Web Tokens (JWT).

This lab provides a sample configuration that enables Liberty application to authenticate and authorize against the Access Manager LDAP user registry using an LTPA cookie.

In this lab, you set up an Active Directory as a Federated directory. Then, you configure the Active Directory users as Basic users in Access Manager.


Visit the following course for the updated version: Configuring client certificate and step-up authentication

This lab covers how to use the user certificates issued by a trusted authority for the client certificate authentication. It also demonstrates step-up authentication using client certificate as a second level of authentication.

IBM Access Manager supports device fingerprinting to allow tracking of a user across multiple devices and browsers.
This lab provides steps to configure Advanced Access Control policies to register a client device or browser using one-time password (OTP) sent to a user's email address.
The user is allowed access once OTP verification is complete.
The lab demonstrates silent and consent-based device registrations. It also covers how administrators and end users can manage device fingerprints.

Version 1.0

Duration: 1 hour 30 minutes

IRLP code: SEC9753

In this lab, you learn how to implement context-based access (CBA) using FORM (POST) parameters. You configure an access policy that detects high-value transactions based on a certain POST parameter in a web form and prompts for step-up authentication. The step-up authentication requires the users to provide a counter-based HMAC one-time password (HOTP).

You generate the OTP either using the OTP Generator demo application provided in the lab or by using a mobile app on your phone, for example, IBM Verify or Google Authenticator.

In this lab, you learn how to implement context-based access for a mobile application using REST (JSON) parameters. You configure an access policy that detects high-value transactions using a certain attribute in the JSON payload and prompts for step-up authentication. The step-up authentication requires the users to provide a time-based one-time password (TOTP).
You generate the OTP either using the OTP Generator demo application provided in the lab or by using a mobile app on your phone, for example, IBM Verify or Google Authenticator.

Guardium gathers a large amount of data about your database environment. You use reports and queries to learn the details of your data security environment. In this virtual lab, you create a dashboard, simple query, and report that is used to examine user data you generate.

The lab environment reflects Guardium 10.5.

Franklin Almonte

In this lab you create a replication topology. You do this by creating and configuring directory server instance idspeer2 that will serve as a second master in the peer to peer replication. (first master is idspeer1. You also create and configure a standalone instance idsalone that will be a forwarder from idsrepl1 and a partial replica of the o=sample subtree.

Guardium data security policies help flag suspicious database activity and events. In this virtual lab, you create a policy that will detect and alert on database login failures that occur multiple times over a short time period.

Franklin Almonte


For each incoming event and flow, QRadar SIEM evaluates rules to test for indicators that suggest an attack or policy violation. In this lab, you learn how to create custom rules, building blocks, custom event properties, and a reference set to detect an example suspicious activity.


  • Create and use custom event properties
  • Create and use a reference set
  • Add tests to new custom rules and building blocks
  • Leverage function tests
  • Configure rule actions and responses


1 hour

Course Version



The information in this Open Mic will help keep you out of trouble and possibly rescue you in the case of full appliance issues.


  • Introduction
  • Detection
  • First Response
  • Getting to Root Cause
  • Questions & Answers

In the follow-up to the Open Mic, John spends time answering audience questions on that and other topics.

  • Reboot the appliance
  • Issues with fixes
  • Vulnerabilities
  • The Discovery engine
  • High CPU

The IBM Security App Exchange is a collaborative platform that can help integrate and utilize the collective knowledge of security professionals through code sharing.  The App Exchange offers enhancements and integration between IBM Security products, and can include other security vendors, such as Trend Micro, Cisco, Qualys, and so on.
The majority of the security integration offerings today is available for the IBM® QRadar® product line.  The IBM Security App Exchange provides an expanded hub of QRadar content. IBM QRadar provides a RESTful API that allows access to the QRadar resources and data.

This lab guide demonstrates the tools that can help you to develop new apps for QRadar.  You can use two type of tools for your app development:

  • QRadar App Editor
  • QRadar SDK

The labs are using IBM QRadar Community Edition, or IBM QRadar CE.

This course teaches you how to take advantage of the information posted in IBM X-Force Exchange (XFE) platform by using the API, curl tool, and python language.

The course also demonstrates integration between XFE and QRadar SIEM using XFE SDK and direct integration or Threat Intelligence Application and TAXII endpoints.


  • Learn how to leverage the X-Force Exchange API, curl tool, and python scripts to pull threat data from the X-Force Exchange platform
  • Install the Threat Intelligence app in QRadar SIEM
  • Test the API using online documentation
  • Use curl commands and the X-Force Exchange API documentation to simulate browser requests
  • Write a python script that uses X-Force Exchange API code
  • Use TAXII feeds, collections, and the QRadar Threat Intelligence app to integrate the X-Force Exchange API and QRadar SIEM
  • Configure threat data feeds to monitor and detect ransomware outbreaks


Visit the updated version of the course here.

This lab demonstrates bidirectional integration of IBM® QRadar® SIEM and IBM® Guardium®.  QRadar SIEM collects the logs from various devices in enterprise networks.  The logs are received through connectors called Device Support Module (DSM).  QRadar has a DSM for Guardium. That DSM enables QRadar to receive and process logs from Guardium.

Alternatively, Guardium has an API that provides an option for QRadar to react to certain events detected by QRadar, and send Guardium those commands to adjust the database policy to properly react to the event.  For example, if QRadar detects that the source IP from an internal network is communicating with an IP address classified as the Botnet Server, it can send a command to Guardium to block any access to the database from the same IP address.  The call from QRadar to Guardium can be done using the Custom Actions feature of QRadar or using IBM Security Directory Integrator® (IDI) that acts as the proxy; transforming various events from QRadar into Guardium API calls.

This IDI solution uses custom developed code that IBM provides as-is without any support and maintenance commitments. You can download the code from the Security Learning Academy in the Additional Resources section of this course.

This Open Mic session was broadcast live from Think on 19-Mar-2018

Chris Weber from the IBM Support team delivered the "IBM Security Identity Governance and Administration Data Integrator (ISIGADI) Tips and Troubleshooting" Open Mic LIVE at the 2018 Think conference.


  • Logs and logging settings
  • Creating new IGI admin ID
  • Verify assembly line
  • ISIGtoISIM assembly line
  • Delta assembly line
  • Validate assembly line
  • ISIM person attribute mapping

In this course, you will learn about ingesting data into the i2 Analyze Information Store.  This covers how to populate staging tables, how to create a mapping file, as well as, how to run the data ingestion command.

Data that is stored within IBM i2 Analyze is secured on a need to know basis. The security model allows you to determine the type of access groups of users will get.

An IBM i2 Enterprise Insight Analysis (EIA) system comprises of a number of components that you must configure before data can be ingested. Staging tables have to be created and mapping files will need to be defined in order to ingested data into the Information Store. EIA comes with example files and data to assist with these tasks as well as ingestion commands to get data into the Information Store. 

This is a standalone lab, that will walk you through exercises needed to manually import data into iBase and search for that data via the Base Connector.

i2 Enterprise Insight Analysis (EIA) is an enterprise intelligence analysis solution that facilitates information sharing and intelligence production. This course will cover the deployment of an EIA product, specifically the process of updating and deploying a custom schema.

You will also learn how to edit or update an existing schema using the Schema Designer. This course will also walk you through the process of ingesting data in the EIA Information Store from an external data source.

In this course, you will deploy IBM i2 Analyze, which is part of the Enterprise Insight Analysis (EIA) solution. i2 Analyze provides the collaboration and search services in EIA.  You will create an example Opal deployment that includes the Information Store that is connected to use the i2 Analyze Opal services. After you deploy the Information Store, you can access the data that it contains by using Analyst's Notebook Premium (ANBP).  You will also learn to configure Quick Search and Visual Query.

i2 Enterprise Insight Analysis (EIA) is an enterprise intelligence analysis solution that facilitates information sharing and intelligence production. This course will walk students through an example implementation on how data from an external source, in this case QRadar,  data can be extracted, transformed, and loaded in the i2 Enterprise Insight Analysis (EIA).

This course is intended for users who want to programmatically extract data on-demand from the QRadar ariel database and add it to the i2 EIA Information Store. 

As part of an IBM i2 Analyze deployment, an iBase connector provides a mechanism for providing users with access to an IBM i2 iBase database. The database becomes available in the Intelligence Portal as a data source that users can select and interact with.

There are two reasons for integrating iBase with a deployment of i2 Analyze. One reason is that you already have an iBase deployment, and you want to retain your data and your data model as you upgrade or migrate to i2 Analyze. The other reason is that you already have a deployment of i2 Analyze 4.1, and you want to use iBase as a way to ingest data from other data sources.

Note: This is an online, interactive lab. You will download and follow the lab guide using the associated elab. The elab will be available for 4 hours of runtime so be sure to set aside enough time to complete the lab in one setting. You will only have access to the lab for a 5 day period from when you start the lab.


In this session presented live at Think 2018, we review the framework built to leverage IBM Security Access Manager (ISAM) REST APIs using Python/Ansible to fully automate all changes to ISAM. This provides an overview for new customers and assists those who are already leveraging this approach.

This Open Mic was presented LIVE at Think 2018 and covered use of the REST APIs with IBM Security Identity Manager.

IBM Security Identity Manager (ISIM) product experts answered client questions about identity and governance during this Security Learning Academy Live session at Think 2018, 19 March 2018.

In this lab, you will learn how to deploy a test environment that integrates IBM MaaS360 and IBM Cloud Identity Essentials with a third-party SaaS (cloud) application.

This learning module demonstrates the integration of IBM Guardium and IBM IGI products to support the GDPR compliance initiative on structure data. The solution provides a custom developed AssemblyLine that runs in IBM Directory Integrator (IDI), and an IBM Identity Governance and Intelligence (IGI) Custom Adapter that requires IBM Directory Server and IDI to run.

The integration goal is to identify GDPR sensitive data using a provided sample database using IBM Guardium. Guardium then exports a report that contains users who have access to tables with GDPR relevant data. Then, the IGI Custom Adapter imports these reports into IGI for further compliance and access management.

The course provides a lab environment where the integration can be tested and demonstrated.

Also, if you do not have time to run the lab, you can review the videos that demonstrate all steps in the lab.

The additional learning section provides a custom AssemblyLine and a custom IGI adapter as-is with no IBM support. You can provide feedback to the Security Learning Academy if you have any issues with the code.

This lab covers the following three main OAuth 2.0 workflows supported by IBM Access Manager: Authorization code, Implicit grant, and Resource owner password credentials (ROPC).

In this lab, you use ACLs, POPs, and authorization rules to control access to the web content.



Visit the following course for the updated version: Securing web resources using ACL, POP and Authorization rule policies


This lab demonstrates how to set up management authentication and authorization for IBM Access Manager. You learn how to configure external authentication and authorization using LDAP. You also verify that the different user groups can authenticate with Access Manager and then test the user’s authorizations.

Version: 1.1

IRLP Code: SEC9742

This Open Mic Live session was originally broadcast from Think 2018 19-March-2018.

Nick Lloyd and Steven Hughes from Access Manager Technical Support deliver this Open Mic LIVE at the 2018 Think conference. 

This session covers IBM Security Access Manager appliance networking.

This Open Mic Live session was originally broadcast from Think 2018 19-March-2018.

Nick Lloyd and Thomas Ermis from Access Manager Technical Support deliver this Open Mic LIVE at the 2018 Think conference.

This session covers an overview of Docker and IBM Security Access Manager for Docker.

In this lab, you configure IBM Access Manager to generate and use JSON Web Tokens (JWTs) as OAuth Access Tokens rather than the standard opaque random string tokens that the OAuth server uses by default. JWTs are self-contained strings signed with a secret key. They contain a set of claims that assert an identity and a scope of access, reducing the need to go back and forth to the OAuth server to retrieve this information.

In this exercise, you learn how to use Switch/Case components in IBM Directory Integrator AssemblyLine.

In this course you learn to plan and construct complex, distributed IBM Directory Server (IDS) environments using several methods.
This course is designed for personnel who are responsible for the deployment, troubleshooting, and ongoing performance maintenance of IBM Directory Server distributed environments.
Intermediate to advanced knowledge of IBM Directory Server is required.

Distributed directories are essential to the successful deployment of IBM Directory Server (IDS). IDS provides a robust set of replication options you can use. In this course, you learn how to create two server instances and configure and test a simple replication.

The lab includes the following exercises:


  • Intermediate / Advanced working knowledge of Directory Server
  • Experience using Linux

Duration: 1hr 30m

Course version: 1.0