Course Search Results

Found 153 courses tagged with "language_de".

Overview
IBM Security Identity Governance and Intelligence, or simply IGI, is an appliance-based integrated identity governance solution. This solution employs business-centric rules, activities, and processes. It empowers Line of Business managers, auditors, and risk managers to govern access and evaluate regulatory compliance across enterprise applications and services.

This lab provides a real business user experience. You imitate a day in the life of a Line of Business manager, who uses IGI to manage accesses for his team members.

Feel free to explore each of the applications in depth and work with the data in any way you like. This is a live and fully functional Identity Governance environment, with many sample user records, roles, and risk definitions.

The Identity Governance and Intelligence user interface is divided into two areas. The Administration Console is reserved for administrators, while the Service Center is where the applications for business users are contained. In this lab we use the Service Center only.

Objectives

  • Overview of the Service Center
  • Working on pending requests
    • Submitting a request
    • Evaluating, approving or rejecting requests as a user manager
    • Verifying the new role
  • Requesting roles for team members
    • Requesting a role for a team member
    • Evaluating and approving requests
    • Verifying the new role
  • Certification campaigns
    • Evaluating running certification campaigns
    • Redirecting evaluation to another reviewer
    • Tracking progresses
    • Generating certification campaign reports

Overview

The Resilient Incident Response Platform makes incident response efficient and compliant utilizing a knowledge base of incident response best practices, industry standard frameworks, and regulatory requirements.


Duration: 2 minutes

Closed captions: English, French, German, Spanish and Japanese


In this demonstration, you learn how to set up Android Enterprise device owner mode in MaaS360. Device owner mode applies to the entire device; whereas, profile owner mode has separate work and personal profiles on one device.

In this video, you learn how to integrate and approve apps from Google Play for Work in the MaaS360 App Catalog and distribute them to Android Enterprise devices.

This video is a technical demonstration in which IBM Resilient and Carbon Black Response detect, respond, and remediate a live security incident. This integration is part of the long standing strategic partnership between Carbon Black and IBM.

Duration: 13 minutes
Closed captions: English, French, German, Spanish and Japanese

Overview

This course covers 4 common scenarios that demonstration of how the Resilient Incident Response Platform can be used to

  • Automate the escalation and collection of data
  • Manage a ransomware attack
  • Deal with a data breach involving an inside actor
  • Accelerate your Response to Phishing Attacks
Closed captions: English, French, German, Spanish and Japanese

Overview

You can configure the Resilient platform to send audit log messages to the Resilient client.log file and to Syslog, if you have set up and configured Syslog. This video will show you how easy it is to set up.

Closed captions: English, French, German, Spanish and Japanese

Overview:

This course demonstrates how to configure SMTP notifications for IBM Resilient. Resilient sends email notifications to users for various purposes and Resilient must use an SMTP server to send these messages.


Closed captions: English, French, German, Spanish and Japanese

Overview

This video demonstrates how to configure syslog to run on an IBM Resilient server.


Closed captions: English, French, German, Spanish and Japanese

Overview

Certification campaigns are a formal process that automates the periodic review of a relationship, and enables critical access decisions by nontechnical line-of-business managers.

Identity Governance and Intelligence (IGI) supports five different certification campaign types.
  • User assignment - review individual user entitlements
  • Organization unit assignment - assess where entitlements are visible
  • Risk violation mitigation - review unmitigated risk violations
  • Entitlement - examine the contents of each entitlement
  • Account - review account access for target applications under management

Objectives
  • Creating and running a user assignment certification campaign
    • Configuring a certification dataset
    • Creating the certification campaign
    • Starting a certification campaign
    • Running the certification campaign as a reviewer
    • Supervising a certification campaign
    • Handling exceptions in a certification campaign
  • Reviewing unmitigated risks with a certification campaign
    • Creating the certification campaign
    • Running the certification campaign
    • Understanding the effects of the unmitigated risks review

Overview

This video shows examples of creating graphs of incidents over time on the Resilient Analytics dashboard, including

  • Graph incidents by severity
  • Graph time to close by severity
  • Average time to close by severity over time
  • Average time to close by type

The video closes by demonstrating some other examples of graphs:

  • The number of incidents created per month for each user
  • The number of incidents created per month per city
  • Top trend incident category in last 90 days
  • Open incident by severity in last 30 days
  • Top incident category in last 30 days
  • Incident by type in last 90 days
Closed captions: English, French, German, Spanish and Japanese

WinCollect is a syslog event forwarder that collects Windows-based events from local and remote Windows-based systems and sends them to QRadar for processing and storage. In this video you learn about the two different WinCollect deployment models and how to manage them.

Using the table of contents menu in the video you can navigate to each one of these topics individually, or you can explore the content altogether:

  • WinCollect overview
  • WinCollect deployment models
  • Installing and configuring a managed deployment
  • Generating an authentication token
  • WinCollect agent GUI installation
  • WinCollect agent command line installation
  • Upgrading all WinCollect agents to V7.2.8
  • Troubleshooting a faulty WinCollect installation


With indicators of compromise or concern, you specify which activities you consider suspicious. Derive indicators from threat modeling while considering which kind of data QRadar SIEM can use to test for indicators. This course addresses the following topics:

  • Getting started with threat modeling
  • Using observables for indicators
  • Using context for indicators
  • Using external data for indicators 


In this video you learn how to integrate MaaS360 with Apple's Device Enrollment Program (DEP) to streamline the enrollment of institutionally owned devices. This course contains English, French, German, and Spanish language closed captions.

 In this demonstration, you access the Services page and examine the services in your MaaS360 portal.

The videos in this course serve as a quick start for getting ISAM running inside of a Docker environment.

The following topics are covered:

  • Docker Overview
  • Installing Docker
  • Obtaining ISAM Docker Images
  • Running ISAM Docker Containers

Overview

Resilient Incident Response Platform is a central hub for incident responses that helps make incident response efficient and compliant. The platform is based on a knowledge base of incident response best practices, industry standard frameworks, and regulatory requirements.

The Resilient platform implements incident responses through the use of dynamic playbooks. A dynamic playbook is the set of rules, conditions, business logic, workflows and tasks used to respond to an incident. The Resilient platform updates the response automatically as the incident progresses and is modified.
In this course, you learn the Resilient basic concepts, platform architecture, and will review a demonstration of the installation process.

Objectives

  • Learn the value of IBM Resilient
  • Review the introduction video to the IBM Resilient platform
  • Learn the IBM Resilient Platform architecture
  • Learn about necessary prerequisites
  • Review the installation process
  • Describe the value of dynamic playbooks
Closed captions: English, French, German, Spanish and Japanese

Listen to one of MaaS360's subject matter experts quickly walk you through how to configure  MaaS360  for unified endpoint management (UEM). You will learn the key components to get you started managing all of your devices.

In this video, you learn how coalescing works in IBM QRadar. 

In this video, you learn how to configure, use, and monitor shared privileged accounts using PIM V2.1. You first set up shared credentials, credential pools, shared access policies and approval workflow. Then, you use the shared credentials and the privileged session recorder playback console.

Use the QRadar Experience Center App to learn about the QRadar capabilities, simulate common threats, work with log samples in real time, and learn how to analyze your logs. The QRadar Experience Center App is designed for educational purposes, and its menu includes useful videos, links, an FAQ section, and more. 

In this video, you learn how to navigate the Experience Center App.

The server discovery function uses the Asset Profile database to discover different server types that are based on port definitions. Then, you can select the servers to add to a server-type building block for rules. 

The server discovery function is based on server-type building blocks. Ports are used to define the server type. Thus, the server-type building block works as a port-based filter when you search the Asset Profile database.

Using properly defined servers and host definition building blocks will allow for improved QRadar tuning, and to avoid false positives.

In this video, you learn how to perform server discovery and manage host definition building blocks.


This video discusses the HTTP transformation rules with IBM Access Manager. Topics covered include what are transformation rules, how they are configured, and, how to troubleshoot the rules. In addition, information on how to download example rules is included. 

This video describes the whys and wherefores of Identity Governance, starting with the "pain chain" of the gaps between auditors, business managers and IT when it comes to answering the question, "does an employee have the proper access privileges to perform duties per our company's policy?" The video explains key capabilities such as access certification, role mining and modeling, separation of duties and access risk analytics. These capabilities are provided by IBM Identity Governance. The video concludes with a role play of a company that's failed an audit and must address that failure within a 6 month window.

IGI leverages on the Enterprise Connectors application to align its data with the peripheral target systems.

This course demonstrates how to achieve data alignment between the centralized database of IBM Security Identity Governance, and peripheral target systems. The first part of the video focuses on configuring a connection with a peripheral target system, while the second part demonstrates account creation and removal on a remote Active Directory domain.

In diesem Schulungsmodul erfahren Sie, wie Sie MaaS360 mit Ressourcen integrieren, die sich hinter der Firewall befinden. Hierfür verwenden Sie das Modul Cloud Extender Enterprise Gateway.

In this demonstration you will learn how to configure privacy settings, create locations, and create expense plans. Privacy settings, locations, and expense plans are set up by administrators when configuring a portal account, usually before you begin to enroll devices across your organization. They can be adjusted or added to, as your enterprise mobility requirements evolve.

This course provides an overview of IBM QRadar DNS Analyzer, which provides insights into your local DNS traffic by identifying malicious activity, and allowing your security team to detect Domain Generated Algorithm (DGA), tunneling, or squatting domains that are accessed from within your network. The DNS Analyzer also provides options to filter any domains using blacklists and whitelists.

The video defines prerequisites, and provides an architecture overview explaining how the application is integrated with IBM QRadar SIEM and IBM X-Force Exchange.

Utilizing QNI flows, or logs with domain information from other devices, such as DNS servers, proxies, Apache web servers, or other BIND compatible devices, you can detect and monitor outbound network traffic to potentially malicious sites. With the DNS Analyzer dashboard and drill down capabilities, your team can identify DNS trends and investigate activity such as squatting attempts.

The application is also integrated with the IBM QRadar Pulse and IBM QRadar User Behavior Analytics app.



Overview

This course demonstrates how to use IBM Identity Governance and Intelligence to manage users, and user accounts, on the CyberArk Privileged Account Security server.

The first part of the course focuses on installing the adapter and configuring a connection with a CyberArk server, while the second part demonstrates some relevant adapter features, like user and account creation, entitlement management, account suspension, password change, and finally, user deletion.

Overview: The Identity Governance and Intelligence, or IGI, Rules Development Toolkit is a project for the Eclipse Java IDE, designed to assist the IGI administrator in developing and troubleshooting Java rules for IGI.

This video demonstrates how to download, install, execute and use the IGI Rules Development Toolkit.

Overview
The Access Risk Controls module of IBM Identity Governance and Intelligence (IGI) enforces Segregation of Duties (also known as Separation of Duties, or SoD) checks, based on relationships established between the Business Activities layer (BA) and the Role-Based Access Controls model (RBAC).

Risk is often defined in terms of the likelihood of an event, and the cost, or impact, of the consequences if the event occurs. Segregation of Duties is the principle of organizing complex structures by dividing tasks and responsibilities between the members of an organization, to prevent any member from having complete control of any transaction from initialization to completion.

IGI defines a Segregation of Duties risk as a combination of conflicting Business Activities.

Objectives

  • Getting familiar with business activities and risks
    • Business activities, permissions, and risk relationships
    • Add new business activities
    • Map business activities to permissions
    • Map permissions to business activities
  • Define Segregation of Duties (SoD) risk and assign mitigation controls
    • Define a new Segregation of Duties risk
    • Assign a mitigation to a Segregation of Duty risk
  • Check for Segregation of Duty risk violations
    • User risk violation analysis
    • Assign a mitigation to a risk violation

Overview

IBM Security Identity Governance and Intelligence (IGI), is an appliance-based integrated identity governance solution. This solution employs business-centric rules, activities, and processes. It empowers line-of-business (LOB) managers, auditors, and risk managers to govern access and evaluate regulatory compliance across enterprise applications and services.

Objectives
This lab provides a brief tour of the available applications to help you become familiar with the IGI user interface.

  • Tour of the Administration Console
  • Tour of the Service Center
  • Access Governance Core
  • Managing the exchange of data
    • Loading data by using the Bulk Data Load tools
    • Loading data by using the Enterprise Connectors
  • Role lifecycle management
    • Exploring roles
    • Exploring role mining
  • Access risk control modeling
  • Certification campaigns
  • Reporting
  • Automating tasks
  • Tour of the Virtual Appliance console

In this session presented live at Think 2018, we review the framework built to leverage IBM Security Access Manager (ISAM) REST APIs using Python/Ansible to fully automate all changes to ISAM. This provides an overview for new customers and assists those who are already leveraging this approach.

Identity Governance & Intelligence Free 45-Day Trial

This roadmap is designed to guide an IGI trial user through key administration and business user tasks such as role lifecycle management, managing SoD and other risks, running access certification campaigns and managing reports.

 

Make sure to register for the free 45-day trial of Identity Governance & Intelligence on the product marketplace page.


Overview

This course shows you how to import the Resilient license, a necessary step before the Resilient platform can be used. There are two ways to accomplish this task, both of which are shown in the video.

Agenda:

    • Transferring the Resilient license file
    • Importing the Resilient license file
    • Verifying the license import was successful
    • A second method of importing the license
    • Verifying the status of the Resilient license

    This course has been bookmarked to aide navigation and contains English language closed captions.

    Closed captions: English, French, German, Spanish and Japanese

    Overview

    This course contains 6 videos that cover various topics important to understand when installing and configuring the IBM Resilient Appliance.



    Agenda
    • Configuring SSL/TSL certificates
    • Importing the Resilient License Key
    • Updating the Resilient Appliance Software
    • Installing optional packages
    • Setting the time zoneSMTP Email configuration
    Closed captions: English, French, German, Spanish and Japanese

    In this video, you will learn how to enable Android Enterprise using a free single-user Gmail account. This requires domain verification.
    Android Enterprise is a service that must be enabled in the MaaS360 portal. If you use an Android device platform, Google and IBM MaaS350 recommend that you use Android Enterprise for your deployment, as opposed to traditional Device Administrator-based deployments.

    You can integrate QRadar and threat intelligence from IBM X-Force Exchange to protect your organization against ransomware attacks. This video walks you through configuring threat data feeds from X-Force Exchange to monitor and detect ransomware outbreaks such as Petya or WannaCry.

    This video provides a brief demonstration of IBM Security Identity Manager (ISIM) v7.0.0.2 administration. It has three parts. The first part includes administrative tasks such as managing organizational structure, roles, users, services, policies, and approvals. The second part teaches you how to use ISIM as an end user to request an access and approve the request as a manager. The third part demonstrates Active Directory integration exercises.

    In this video, you will learn how you can set up federated directories to connect to your Active Directory, then enable native Kerberos Single Sign-On to allow IBM Access Manager to single sign on to Microsoft® systems.


    Stateful tests in rules, which are configured as local, are evaluated by the CRE instance that receives the events and flows. Stateful tests in rules, which are configured as global, are evaluated by the CRE instance on the Console. In this course you learn about both of these options, which allows you to make an informed decision on whether to configure a rule as local or global. This course addresses the following topics:

    • Configuring rules as local or global
    • Examining the effects on rules with only stateful tests
    • Examining the effects on rules with only stateless tests
    • Examining the effects on rules with both stateful and stateless tests
    • Examining the effects on rule responses
    • Considering pros and cons

    Overview

    The Resilient platform logs various client and server activity in log files, located in the following directory: /usr/share/co3/logs/ This video will show you how to configure logging on the Resilient platform.


    Duration: 4 minutes

    Closed captions: English, French, German, Spanish and Japanese


    In this video, you review how to use the DSM Editor to select a log source type, configure property parsing, and create new event categories and mapping. You also examine the new features of the QRadar DSM Editor, which are contained in the Configuration section. 

    This video focuses on the new features: log source autodetection and properties. These features are available with QRadar SIEM 7.3.2.




    In diesem Modul lernen Sie das Modul “Cloud Extender Certificate Integration” kennen, mit dem Sie Cloud- und On-Premises-Zertifizierungsstellen in IBM MaaS360 integrieren und so von erweiterten Authentifizierungsschemata profitieren können. Sie erfahren, wie Sie dieses Integrationsmodul nutzen können, und lernen mehr zu den Anforderungen und Implementierungsdetails.

    In diesem Schulungsmodul erfahren Sie, wie Sie Active Directory und LDAP-basierte Unternehmensverzeichnisservices zur Nutzung der bestehenden Authentifizierungsinfrastruktur  in MaaS360 integrieren.

    Dieses Video enthält deutsche Untertitel.

    This video provides a broad overview of how you can use the MaaS360 Content Library to host and distribute documents to your end users. You learn how to add documents and folders to the MaaS360 Content Library.

    In diesem Schulungsmodul lernen Sie, wie Sie MaaS360 mit Active Directory und LDAP-basierten Verzeichnisservices (Directory Services) im Unternehmen integrieren, um bestehende Benutzer und Gruppen nutzen zu können.

    In the first part of this MaaS360 Unified Endpoint Management course series, you learn about enrolling iOS and Android devices, device policies, and distributing apps and documents to mobile devices.

    In the second part of this MaaS360 Unified Endpoint Management (UEM) course series, you learn about configuring container, or workplace persona policies, bulk enrollment workflows, and how you can integrate Active Directory with Cloud Extender.

    In the third part of this MaaS360 Unified Endpoint Management course series, you are introduced to  Artificial Intelligence (AI) insights in My Advisor with Watson and contextual analytics. Identity and access management, or Cloud Identity Connect (CIC) is explained as well as in depth details on the Cloud Extender Configuration Tool. 

    In this Open Mic session, Matthew Shaver shares MaaS360 enrollment tips, tricks, and best practices. You learn about the various enrollment types such as unique one-time passcodes, local user credentials, corporate Active Directory integration, and two-factor authentication. Enrolling devices using the web URL and Enroll On Behalf Of methods are also discussed. Use the table of contents to access the following topics in the presentation.

    In this demonstration, as a MaaS360 administrator, you learn how to add Android devices from the Quick Start, enroll them using a one-time passcode, and review them in Device Inventory. 

    This video shows how to add content and content sources to the MaaS360 Content Library that can be distributed by administrators and accessed by device users. This course contains German and French language closed captions.

    In this demonstration, as a MaaS360 administrator, you learn how to add iOS devices from the user directory, enroll them using a one-time passcode, and review them in Device Inventory.

    In this demonstration, you learn how to navigate the MaaS360 collaborative apps for mail, calendar, and contacts on an Android device.

    The previous version of this course contains French and German language closed captions.

    In this demonstration, you learn how to to set up the MaaS360 app catalog with Android for Work apps, and distribute them to devices. 

    This course contains German and French language closed captions.

    In this video you learn how to wrap an iOS and Android enterprise app with MaaS360 WorkPlace Persona policies. You test the DLP policies on the device.

    In this video you learn how to build an enterprise App catalog that can be distributed to devices.

    This course contains German and French language closed captions.

    In this video, you learn how to collect logs to send to IBM support for troubleshooting. You also learn how to enable and disable verbose logging.

    In this video, you learn how to collect logs from an iOS device to send to IBM Support for troubleshooting. You also learn how to enable and disable verbose logging.

    In this demonstration, you learn how to enable and configure User Visibility and User Authentication using the Cloud Extender Configuration Tool and the MaaS360 portal.  The advanced LDAP configuration for Active Directory is used to import users and groups, and to enable authentication using corporate credentials.

    This course contains German and French language closed captions.

    In diesem Video erfahren Sie, wie Sie die grundlegenden Bereitstellungseinstellungen im MaaS360-Portal konfigurieren, die zum Verwalten und Registrieren von Geräten erforderlich sind.

    In this demonstration, you learn how to configure Gateway and Secure Browser settings in the WorkPlace Persona policy, configure Content Sources, and access Gateway integrated resources from a device. On the device, MaaS360 Docs and the Secure Browser are used to access resources.

    This course contains German and French language closed captions.

    In this demonstration, you learn how to set up the Apple Push Notification service (APNS) certificate that is required for MDM providers to manage Apple devices.

    In this video you learn how to clean up old device records from MaaS360 and mail servers.

    This course demonstrates the various ways you can distribute apps to end-users. Apps can be distributed as they are added to the app catalog or afterwards to a specific device, group of devices or all devices.

    This course contains German and French language closed captions.

    In this demonstration, you learn how to configure the Mobile Enterprise Gateway in relay mode on a standalone server for demonstration and evaluation purposes. Gateway clusters and direct mode settings are also reviewed to prepare you for a production implementation.

    This course contains German and French language closed captions.

    In this demonstration, you learn how to enroll an iOS device. This scenario demonstrates the iOS enrollment where an administrator generates a unique enrollment request with a one time passcode for a local user.

    In this video you learn how to integrate with G Suite for enterprise mail integration.

    In this video, you learn about the different information sources available to you to help you plan for, implement, and support your MaaS360 solution. It covers IBM developerWorks, IBM Product pages, MaaS360 Vimeo Channel, and IBM Knowledge Center.

    In this demonstration, you walk through the installation of the Cloud Extender core and launch the Cloud Extender Configuration Utility. The demonstration assumes you already downloaded the Cloud Extender package and requested a license key. Review the how to video MaaS360: Enabling and downloading the Cloud Extender first. 

    This course contains German and French language closed captions.

    In this video, you learn to use the Device Inventory in the MaaS360 portal view, actions and summary information to manage devices.

    In this demonstration, you learn how to create local users and local groups and associate existing users with the new group. The alternative to adding local users and groups in the portal, is to integrate MaaS360 with your corporate directory service using the Cloud Extender, and automatically import users and groups. The previous version of this course contains German, French and Spanish language closed captions.

    In this video, you learn how portal administrators can reset the device passcodes for iOS and Android devices. You also learn how users reset the MaaS360 container/app passcode.

    In this demonstration, you learn how to set up a 30 day MaaS360 trial account using an IBM ID. If you do not have an IBM ID, you create one as part of the process. Use the trial account to evaluate MaaS360, and when you are ready, it can be set as your production account without any rework.  

    This course contains German and French language closed captions.

    In this video, you learn how to create an Android MDM policy and configure general settings to secure mobile devices.

    This course contains German and French language closed captions.

    In this video, you learn how enabling different services affect what persona policy options are available for configuration. You learn the different persona policy settings and how they are used to secure corporate content on mobile devices.

    This course contains German and French language closed captions.

    In this video you learn how policies are assigned: default, manual, groups, dynamic, precedence. You also learn how to identify policies that are assigned to devices.

    In diesem Video erfahren Sie, wie Sie mit der Funktion "Verwaltet als" mehrere Kundenkonten von einem Partnerhierarchiekonto aus unterstützen. Wenn Sie Helpdesk-Support für mehrere Kunden unter einem IBM Business Partner-Konto bereitstellen, bietet die Verwaltete Funktion die Möglichkeit, problemlos zwischen Konten von einem Partnerportal zu wechseln.

    Dieses Video enthält deutsche Untertitel.

    In this video you learn how to enable the TeamViewer service in the portal, initiate a session between the administrator and user's device, and use TeamViewer to view the user's device for troubleshooting purposes.

    In this demonstration, you learn how to navigate the MaaS360  collaborative apps for mail, calendar, and contacts on an iOS device.

    Overview

    The Resilient Incident Response Platform has been updated to incorporate the new data breach notification requirements of the EU General Data Protection Regulation (GDPR). This video demonstrates these enhancements by walking through how notifications would be handled during a ransomware attack at a hospital where personal data was exposed.

    Closed captions: English, French, German, Spanish and Japanese

    In this course, you learn how to integrate IBM MaaS360 and Microsoft Office 365 for unified endpoint management of devices that are accessing corporate email. 



    Overview

    This course demonstrates how to manage logs in the IBM Resilient appliance. This includes how to configure logging, audit logging and syslog.




    Agenda

    • 1. Log configuration
    • 2. Configuring audit logs
    • 3. Configuring syslog

    Duration: 8 minutes

    Closed captions: English, French, German, Spanish and Japanese

    Overview

    This course covers aspects of managing users and groups in IBM Resilient such as creating users using the Resilient user-interface or by using terminal commands and how to reassign incidents and tasks to a different user.



    Agenda

    1. Creating a user using using the UI
    2. Creating a user using terminal commands
    3. Reassigning incidents and tasks
    4. Enabling LDAP authentication
    5. Enabling LDAP users in groups and deleting LDAP users
    Closed captions: English, French, German, Spanish and Japanese

    The MaaS360 portal provides one uniform view for managing all of your devices, content, and apps. In this video, you learn to navigate the IBM MaaS360 portal home page. 

    In this video, you learn how to create building blocks and how they differ from QRadar custom rules. You will be able to leverage building blocks for their typical purposes of reducing complexity and resource consumption, facilitating reuse of functionality and information, as well as reflecting your organization's IT environment.

    Understanding the architecture of the IBM QRadar ecosystem is viable for everyone in IT Security who is concerned with solutions within the security immune system. By learning how the central Security Intelligence components are designed to take in and process log events and flow data, you will be better equipped to holistically work as a Security Analyst with IBM QRadar. This course includes three videos:

    1. QRadar functional architecture and deployment models
    2. QRadar SIEM component architecture
    3. Dissecting the flow of a captured event

    QRadar collects network activity information, or what is referred to as "flow records".  Flows represent network activity by normalizing IP addresses, ports, byte and packet counts, as well as other details, into "flows", which effectively represent a session between two hosts. QRadar can collect different types of flows, which differ greatly in the collected details. In this video series, we explain and demonstrate the differences between the following network flow capture mechanisms:

    • Cisco Netflow
    • QRadar QFlow
    • QRadar Network Insights (QNI)

    The capacity of a deployment is measured by the number of events per second (EPS) and flows per minute (FPM) that IBM QRadar can collect, normalize, and correlate in real time. The event and flow capacity is set by the licenses that are uploaded to the system. In this video, you learn about the features of managing the license event and flow capacity.

    • Define functions of event and flow processing capacity, such as shared license pool, capacity sizing, and internal events
    • Define burst handling

    This IBM Security Support Open Mic video explains how QRadar uses log source protocols to collect event data, capturing configuration properties, error messages, and other use cases for data collection.

    Objectives:

    • Events FAQ and terminology
    • Listening protocols (Syslog)
    • Polling protocols (JDBC / Log File)
    • Tips and performance Suggestions
    • Specialty protocols (APIs)
    • Questions and discussion

    You can enhance the Windows log collection capability by using a publicly available tool called System Monitor (Sysmon). In combination with QRadar SIEM you can now process much more detailed events to protect your deployment from malicious attacks.

    This course contains the following video lessons:

    • Sysmon Introduction 
    • Use Case 1 - Malicious File Injection and Execution 
    • Use Case 2 - In memory attack 
    • Use Case 3 - Base64 encoded data obfuscation 
    • Use Case 4 - Hiding behind a common Windows service process 
    • Use Case 5 - Malicious file injection using encrypted HTTPS 
    • Use Case 6 - Detecting Other Libraries
    • Use Case 7 - Privilege Escalation Detection
    • Use Case 8 - More Privilege Escalation Detection
    • Use Case 9 - Even More Privilege Escalation Detection
    • Use Case 10 - Creating an Admin Account
    • Use Case 11 - Detecting Name Pipe Impersonation
    • Use Case 12 - Detecting Mimikatz
    • Use Case 13 - Sysmon Lateral Movement Detection, Example One
    • Use Case 14 - Sysmon Lateral Movement Detection, Example Two
    • Use Case 15 - Sysmon Lateral Movement Detection, Example Three
    • Use Case 16 - Sysmon Detecting BadRabbit
    • Use Case 17 - Sysmon and Watson chasing BadRabbit

    Every QRadar SIEM Analyst has to master basic investigations skills. In this video series you learn about the following topics: 

    • Using flexible Searches to narrow down your investigations 
    • Finding Anomalies
    • Monitoring internal Log Sources

    This IBM Support Open Mic video covers topics around QRadar software updates and a best practice admin checklist.

    • Before you begin 
    • Patch and upgrade checklist 
    • Firmware 
    • Troubleshooting
    • Reference

    IBM QRadar needs to provide precise information about captured log events and network flows that have been collected within your network. It can only do that sufficiently after you provided enough contextual information about your network hierarchy and assets. 

    This video series describes how to properly tune the following networking aspects:

    • Introduction to QRadar and Tuning
    • Domain Management
    • Network Hierarchy Basics
    • Structuring your Network Hierarchy
    • Keeping the Network Hierarchy Updated

    IBM QRadar needs to provide precise information about captured log events and network flows that have been collected within your network. It can only do that sufficiently after you provided enough contextual information about your assets, rules, and how to handle false positives. 

    This video series describes how to properly tune the following aspects:

    • Server Discovery and Host Definition
    • The Basics of Rules and Building Blocks
    • Content Packs and the QRadar Assistant App
    • SIEM Tuning Report
    • False Positive Tuning

    This video provides an overview of the QRadar UBA application architecture. You learn about UBA concepts, such as the senseValue variable, risk scores, and the IBM Sense DSM. The video also shows how QRadar rules are connected to UBA, and how to access the UBA docker container and application logs.



    In this QRadar WinCollect Troubleshooting Open Mic video, you will learn about the following topics:

    • About WinCollect
    • Managed vs standalone deployment
    • Troubleshooting tuning issues 
    • Error messages 
    • General WinCollect troubleshooting 
    • Troubleshooting with IBM Support 
    • Q&A
    This Open Mic session was recorded on 21 September 2018.

    In this QRadar Open Mic you learn about domains and tenants, and how these concepts are implemented and used. You also hear about tips and other helpful information for QRadar administrators.

    To properly understand and use the capabilities of QRadar SIEM beyond the basic concepts, it is important to learn about assets. In this course, you learn how assets can be discovered and then dynamically updated by QRadar, including network information, running applications and services, active users, and vulnerabilities.

    With IBM QRadar SIEM, you can monitor and display network events in real time or perform advanced searches.

    The Log Activity tab displays event information as records from a log source, such as a firewall or router device. Use the Log Activity tab to do the following tasks:

    • Investigate events that are sent to QRadar SIEM in real time
    • Search events
    • Monitor log activity by using configurable time-series charts
    • Identify false positives to tune QRadar SIEM

    In IBM QRadar SIEM, you can investigate the communication sessions between two hosts.

    If the content capture option is enabled, the Network Activity tab displays information about how network traffic is communicated and what was communicated. Using the Network Activity tab, you can do the following tasks:

    • Investigate the flows that are sent to QRadar SIEM in real time
    • Search network flows
    • Monitor network activity by using configurable time-series charts

    IBM QRadar uses the network hierarchy objects and groups to organize network activity and monitor groups or services in your network.

    When you develop your network hierarchy, consider the most effective method for viewing network activity. The network hierarchy does not need to resemble the physical deployment of your network. QRadar supports any network hierarchy that can be defined by a range of IP addresses. You can base your network on many different variables, including geographical or business units.

    In this course, you learn about the following Network Hierarchy fundamentals:

    • Part 1 - Network Hierarchy Basics 
    • Part 2 - Structuring your Network Hierarchy
    • Part 3 - Keeping the Network Hierarchy Updated

    In this video, you learn about how QRadar rules perform tests on events, flows, or offenses. If all the conditions of a test are met, the rule generates a response.

    QRadar SIEM includes rules that detect a wide range of activities, including excessive firewall denies, multiple failed login attempts, and potential botnet activity. 

    The following list describes the two rule categories:

    • Custom rules perform tests on events, flows, and offenses to detect unusual activity in your network
    • Anomaly detection rules perform tests on the results of saved flow or event searches to detect when unusual traffic patterns occur in your network

    The Fictional Insurance Company is planning to deploy a centralized Security Intelligence solution that can tie in with many of their IT infrastructure components.

    Here, they are investigating the topic of vulnerability management and learn about IBM QRadar Vulnerability Manager (QVM).

    James, an IBM Security Intelligence Architect, meets with Kate, the CISO of The Insurance Company, to explain to her the fundamentals behind an enterprise vulnerability management program.

    James explains that vulnerability management is part of a continuous enterprise IT security risk process. He focuses on vulnerabilities in an IT context and takes a close look at the security intelligence timeline. In the context of an overall IT Risk Management program he illustrates environmental influence factors. Finally, he demonstrates how vulnerabilities are ranked and filtered using IBM QRadar Vulnerability Manager.

    Overview

    This course covers backup up and restoring the Resilient application for on-premise customers running Resilient version 27.2 or higher. These procedures will backup and restore all user data in the appliance including the Resilient database, file attachments and the keyvault file.

    Closed captions: English, French, German, Spanish and Japanese

    Overview

    The keyvault stores all passwords used within IBM Resilient. If the keyvault were lost, it would result in a considerable loss of data. For that reason, the Resilient platform runs a backup of keyvault files to the system database anytime passwords are added or removed and after each system upgrade. This course shows how to use the resutil keyvaultrestore command to restore keyvault files from the system database.

    Duration: 4 minutes

    Closed captions: English, French, German, Spanish and Japanese

    Overview

    Configuring Secure Sockets Layer (SSL) or Transport Layer Security (TLS) Certificates in the IBM Resilient Appliance is not difficult. The Resilient Appliance ships with a self-signed certificate but, for optimal security, it is recommended you obtain a certificate from a trusted authority. This course details the steps necessary to obtain and install an SSL or TLS certificate.

    Duration: 4 minutes

    Closed captions: English, French, German, Spanish and Japanese

    Overview

    This course demonstrates how to create a new workspace in IBM Resilient.

    Closed captions: English, French, German, Spanish and Japanese

    Overview

    This course shows you how to create global or workspace roles in IBM Resilient.

    Global roles define a set of permissions that apply across the organization.
    Workspace roles define a set of permissions for specific workspaces only.

    Closed captions: English, French, German, Spanish and Japanese

    Overview

    This course demonstrates how to create new users using resutil terminal commands


    Closed captions: English, French, German, Spanish and Japanese

    Overview

    This course covers the creation of new users using the Resilient user interface as well as the assignment of roles and groups.

    Closed captions: English, French, German, Spanish and Japanese

    Overview

    This course demonstrates how to "defang" your URLs in IBM Resilient to help assure users do not inadvertently click on malicious links.

    Closed captions: English, French, German, Spanish and Japanese

    Overview

    This course demonstrates how to delete and existing workspace in IBM Resilient.

    Closed captions: English, French, German, Spanish and Japanese

    Overview

    This course demonstrates how to delete a role from within IBM Resilient.

    Closed captions: English, French, German, Spanish and Japanese

    Overview

    This course demonstrates how to delete or deactivate a user from Resilient.

    Closed captions: English, French, German, Spanish and Japanese

    Overview

    This course demonstrates how to set up LDAP authentication for IBM Resilient including a discussion of prerequisite work that must be completed first.


    Closed captions: English, French, German, Spanish and Japanese

    Overview

    When creating a Resilient group, you can link the group to any LDAP group. The result is that members of that LDAP group who are also members in the authorized group are added to the Resilient group. Any membership changes in the LDAP group are reflected automatically in the Resilient group. This feature allows you the flexibility to create numerous groups for specific tasks or duties.

    Duration: 9 minutes

    Closed captions: English, French, German, Spanish and Japanese


    Overview

    This course describes how to encrypt a keyvault password in IBM Resilient. The keyvault password is stored as an unencrypted file by default but can be encrypted using gpg to protect it and decrypted whenever needed.

    Closed captions: English, French, German, Spanish and Japanese

    Overview

    This course describes the external network access needed by Resilient to function properly.

    Duration: 2 minutes

    Closed captions: English, French, German, Spanish and Japanese


    Overview

    This short course describes the difference between Global and Workspace roles.

    Closed captions: English, French, German, Spanish and Japanese

    Overview

    Users with the required permission can create and edit wiki pages from within the application. This enables organizations to add important information, guidelines, and reference material for the Incident Response team and wikis can be used as part of incident response process. The wiki feature is useful as a central repository for storing content, references, and guidelines to support users working on incidents and tasks. Users can link to existing wiki pages from incident and task notes and other wiki pages.

    Closed captions: English, French, German, Spanish and Japanese


    Overview

    This course demonstrates how to install the Resilient appliance using an OVA file.

    Closed captions: English, French, German, Spanish and Japanese

    Overview

    This course discusses keyvaults, keystores and secrets within IBM Resilient.

    Closed captions: English, French, German, Spanish and Japanese

    Overview

    This course covers LDAP Authentication and the use of LDAP Trees within IBM Resilient.


    Closed captions: English, French, German, Spanish and Japanese

    Overview

    This course demonstrates how to migrate organizational settings by importing and exporting them from one organization to another.

    Closed captions: English, French, German, Spanish and Japanese

    Overview

    Use the notifications feature to alert users when a specific condition occurs for an object. A condition can be anything you choose, such as object creation or deletion, or a change in value to a field. An object can be an incident, note, milestone, task, attachment, or artifact.

    Through substitution you can insert into the body of the notification, information about the object and its parent to provide additional information. The available objects are incident, note, milestone, task, attachment, and artifact. You can reference the parent (incident or task) of the object, and any custom fields of that parent object.

    Closed captions: English, French, German, Spanish and Japanese

    Overview

    This course describes how to view and request changes to your organization details within Resilient.

    Closed captions: English, French, German, Spanish and Japanese

    Overview

    >This course reviews the organizational settings that can be made on your Resilience instance, such as

    • Session Timeout
    • Attachments
    • Default Tasks
    • Incident Deletion
    • LDAP Authentication
    • Two-Factor Authentication
    Closed captions: English, French, German, Spanish and Japanese

    Overview

    A role is a specific set of permissions, which you can assign to users and groups. The Roles tab allows you to define and manage roles. You can assign multiple roles to a user, which gives the user a super-set of all the permissions in the roles.

    This course reviews the predefined roles on the IBM Resilient appliance and provides caution regarding changing critical administrative roles.

    Closed captions: English, French, German, Spanish and Japanese

    Overview

    This course demonstrates how to reassign incidents and tasks to new owners in Resilient.

    Closed captions: English, French, German, Spanish and Japanese

    Overview

    This course provides an overview of available permissions categories when specifying roles for your IBM Resilient users.

    Closed captions: English, French, German, Spanish and Japanese

    Overview

    This course demonstrates how to set the time zone on the IBM Resilient Appliance.

    Duration: 3 minutes

    Closed captions: English, French, German, Spanish and Japanese

    Overview

    When artifacts are added to incidents, the Resilient platform can optionally search for those artifacts in several cyber threat sources that have been integrated into the product. This course demonstrates how to enable and disable threat sources in Resilient.

    Closed captions: English, French, German, Spanish and Japanese


    Overview

    This course covers Two-Factor Authentication with IBM Resilient.

    Closed captions: English, French, German, Spanish and Japanese

    Overview

    This video demonstrates how to upgrade the Resilient Appliance. The Appliance can only be upgraded one major version at a time. This course shows how to install upgrades after they have been downloaded from the IBM Resilient Customer Success Portal.

    Closed captions: English, French, German, Spanish and Japanese


    Overview

    This course reviews the key concepts of Resilient workspaces. A workspace is present on the system at all times. Users with the global permission for workspaces can create and manage workspaces. New incidences can be assigned to any of the existing workspaces.

    Closed captions: English, French, German, Spanish and Japanese

    Overview

    This short video discusses the prerequisites necessary to successfully install the Resilient appliance on a host. The Resilient appliance is a self-contained server that runs the Resilient platform.

    Closed captions: English, French, German, Spanish and Japanese


    Overview

    This course reviews key issues in managing security in IBM Resilient. Topics cover a broad range of issues such as how to defang a URL, change ciphers and protocols, how to work with keyvaults, keystores and secrets as well as how to encrypt and backup the keyvault password.

    Agenda

      1. Defanging URLs
        • This video demonstrates how to "defang" your URLs in IBM Resilient to help assure users do not inadvertently click on malicious links.
      2. Changing Ciphers and Protocols in IBM Resilient
        • This video demonstrates how to change the ciphers and protocol in IBM Resilient. There is a review of which ciphers and protocols are used by default using the nmap application, followed by a demonstration of which files need to be edited in order to adjust the ciphers and protocols being used.
      3. Keyvaults, Keystores and Secrets
        • This video discusses keyvaults, keystores and secrets within IBM Resilient.
      4. Encrypting the keyvault password
        • This video describes how to encrypt a keyvault password in IBM Resilient. The keyvault password is stored as an unencrypted file by default but can be encrypted using gpg to protect it and decrypted whenever needed.
      5. Backing up the keyvault
        • The keyvault stores all passwords used within IBM Resilient. If the keyvault were lost, it would result in a considerable loss of data. For that reason, the Resilient platform runs a backup of keyvault files to the system database anytime passwords are added or removed and after each system upgrade. This video shows how to use the resutil keyvaultrestore command to restore keyvault files from the system database.


      Duration: 19 minutes

      Closed captions: English, French, German, Spanish and Japanese


      Overview

      This video shows how to use the Resilient Disaster Recovery system.

      • Enabling the Resilient DR system
      • Verify the DR is enabled correctly using the health monitoring
      • Enabling the receiver as the active Resilient appliance
      • Run a controlled swap of the master and receiver
      • Running a playbook to disable DR
      Closed captions: English, French, German, Spanish and Japanese


      In IBM Security Access Manager v9.0.4, a new OpenID Connect (OIDC) implementation is available where OIDC is built on top of OAuth 2.0.  In previous versions, OIDC and OAuth were implemented separately, and OIDC support was limited to simple Single Sign-on use cases.  In this course, you will learn about the benefits of this new implementation.

      Overview

      This video demonstrates how to install and set up the Resilient Disaster Recovery system. The disaster recovery (DR) system involves installing and setting up DR on two appliance systems.

      Setup overview
      - Verify the prerequisites
      - Install and set up DR and optional packages on both appliances
      - Install the SSL certificates
      - Create Ansible vault files for each appliance
      - Create Ansible inventory files for each appliance


      Closed captions: English, French, German, Spanish and Japanese


      Overview

      This course demonstrates how to set up SAML Authentication in IBM Resilient. Use of SAML allows customers to use their own corporate login credentials to authenticate to Resilient.

      Duration: 8 minutes
      Closed captions: English, French, German, Spanish and Japanese

      Overview

      This course covers several alternative mechanisms for authenticating users in the IBM Resilient product, including LDAP, SAML and two-factor authentication.




      Agenda

      1. LDAP authentication
      2. SAML authentication configuration
      3. Two-factor authentication

      Duration: 22 minutes

      Closed captions: English, French, German, Spanish and Japanese

      This Open Mic Live session was originally broadcast from Think 2018 19-March-2018.

      Nick Lloyd and Steven Hughes from Access Manager Technical Support deliver this Open Mic LIVE at the 2018 Think conference. 

      This session covers IBM Security Access Manager appliance networking.


      License keys entitle you to specific IBM QRadar products, and control the event and flow capacity for your QRadar deployment. You can add licenses to your deployment to activate other QRadar products, such as QRadar Vulnerability and Risk Manager. After you apply the license keys to QRadar, redistribute the EPS and FPM rates to ensure that each of the managed hosts is allocated enough capacity to handle the average volume of network traffic.

      In this video, you learn about the features of managing licenses in QRadar SIEM.

      Overview

      This video shows how to use the Resilient Disaster Recovery Health Monitoring. DR Health Monitoring involves setting and fine-tuning values in the group_vars/all file.

      Agenda

      • Introduction
      • Syslog configuration
      • Health monitoring settings
      Closed captions: English, French, German, Spanish and Japanese

      Each event and flow is a record of an activity in you IT environment. For some events, and all flows, this activity includes a network connection. Many rules need to test, if this network connection is approved in your organization. The rules do this by testing whether the event or flow has been tagged by building blocks with names beginning with BB:HostDefinition and BB:HostReference. Their purpose is to signal QRadar SIEM, which network connections are approved in your organization. In this course, you learn how to approve network connections using these building blocks.



      Every organization must see and control the mobile devices entering their enterprise, whether they are provided by the company or part of a Bring Your Own Device (BYOD) program. IBM MaaS360 with Watson provides one uniform platform you use to manage your devices, content, and apps. This course introduces administrators to some of the first tasks that are needed to implement MaaS360 such as integrate with Apple programs, manage Android devices, build an enterprise app catalog, and assign corporate policies and compliance rules to devices and users.

      APNS, Apple, DEP, VPP, Android kiosk, KME, Knox Mobile Enrollment, app catalog

      IBM Identity Governance and Intelligence version 5.2.4 introduces some enhancements, and a new look and feel, to the user interface.

      This video demonstrates the new functionalities on the Service Center, available to a Business User.

      Agenda:

      • Updates in the Service Center User Interface
      • Customization of the login and logout pages
      • Column customization in Access Certification
      • Signoff updates in Access Certification
      • Password synchronization
      • Feedback survey

      In this set of videos, we introduce the powerful capabilities of IBM QRadar SIEM.

      • The first video depicts how data is ingested into the QRadar environment by collecting log information, network flow data, and vulnerability information. You learn about the asset model, and how the QRadar rules are used to create actionable offenses. In addition, the video explains the integration with IBM BigFix, as well as QRadar Risk and Vulnerability Manager.
      • The second video starts off by explaining the concepts of QRadar Reference Sets and how to use them. It then takes a look at the forensic capabilities, and briefly introduces the deployment architecture.
      • The third video focuses on integration capabilities between QRadar and IBM BigFix, IBM Guardium, network intrusion prevention systems, IBM Trusteer, IBM Identity Manager, and IBM mainframe SMF records,
      • After a brief recap of the QRadar fundamentals, the fourth video explains many of the new capabilities that have been recently added to QRadar. These include the new appliances QRadar Network Insights, the Data Node, and the App Node. It then provides an overview of the QRadar API and the App Exchange, and takes a closer look at some of the available app extensions, including the BigFix App, User Behavior Analytics, Sysmon integration, and the QRadar Advisor with Watson. Finally, it introduces the new DSM Editor.
      • Collecting and investigating network flows is one of the outstanding QRadar capabilities. The final video explains how QRadar approaches network flows, and how the security analysts benefit from this in their daily investigations.

      Overview

      This course will show you how to understand roles in the IBM Resilient product. A role is a specific set of permissions, which you can assign to users and groups. The Roles tab allows you to define and manage roles. You can assign multiple roles to a user, which gives the user a superset of all the permissions in the roles.The course demonstrates how to create and delete roles, describes the difference between global and workspace roles, which roles are predefined and explains how Resilient uses role categories.

      Overview

      This course teaches how the IBM Resilient product uses workspaces. The course covers key workspace concepts, how to create them and how to delete them.



      Agenda
      1. Workspace key concepts
      2. Create workspace
      3. Delete workspace

      Duration: 7 minutes
      Closed captions: English, French, German, Spanish and Japanese