Cloud Pak for Security
Cloud Pak for Security Courses:
IBM Cloud Pak for Security is a platform to more quickly integrate your existing security tools to generate deeper insights into threats, orchestrate actions and automate responses—all while leaving your data where it is.
This video provides an overview of the IBM Cloud Pak for Security platform.
This course demonstrates a typical cybersecurity investigation based on
the field report from X-Force Exchange and the third-party vendor
The investigation uses IBM Cloud Pak for Security, which can easily connect to multiple data sources and perform a federated search by using the Data Explorer app that runs in IBM Cloud Pak for Security.
You also learn how to use the Cases app, which helps to collect investigation artifacts and collaborate with the broader team that is involved in conducting the investigation.
Businesses today are moving their operations to the cloud piece by
piece, with applications and data spread across multiple clouds and
on-premise resources. Securing this fragmented IT environment requires
security teams to undertake costly migration projects and complex
integrations, and continuously switch between different screens and
products. This course shows you how IBM Cloud Pak for Security solves this problem!
To access the complete capabilities provided by IBM® Orchestration &
Automation, you must install your IBM Orchestration & Automation
This How do I video demonstrates steps to install SOAR license key using the Red Hat OpenShift Container Platform interface.
Note, to accomplish this task, you must log on to the Red Hat OpenShift Container Platform as OpenShift Administrator.
IBM Security Threat Intelligence Insights is an app on Cloud Pak for Security that delivers unique and relevant threat intelligence prioritized for your organization. It seamlessly integrates with other apps on Cloud Pak for Security to further continue the investigation and remediation processes.
This video provides a demonstration of the Threat Intelligence Insights app on Cloud Pak for Security.
Duration: 22 minutes
This IBM Cloud Pak for Security video explains how to connect a data source, including what is a data source, what data sources are available for Cloud Pak for Security, and, what prerequisites are required before connecting a data source.
you are introduced to an IBM tool called STIX-shifter that you can use
with Cloud Pak for Security to create custom connectors. STIX is open
standard and stands for Structured Threat Information
Duration: 3 minutes
Cloud Pak for Security comes with a Case
Management application that integrates with other Cloud Pak for Security
applications and provides basic case management capabilities. The main
goal of this application is to help security investigations and response
In Cloud Pak for Security 1.3, this basic Case Management application is expanded with automation and orchestration capabilities. However, those capabilities are licensed separately.
The video walks you thought the main features and terminology related to the Case Management app and Orchestration and Automation part. You learn about the concept of cases, tasks and phases, artifacts, incident classifications, user roles, simulation of dynamic playbooks. The main concepts for orchestration and automation are reviewed, such as scripts, rules, workflows, functions and message destinations.
This version of the Cloud Pak comes with three apps:
- Data Explorer
- Threat Intelligence Insights
- Cases with Resilient
- Describe Cloud Pak for Security components stack
- Review prerequisites such as number of nodes, persistent storage, VPN connectivity
- Explain dependencies on OpenShift and IBM Cloud Pak common services
- Describe IBM Cloud Pak for Security core services and the apps
- Explain high-level installation steps
The video demonstrates how a security analyst who uses Cloud Pak for
Security 1.3 performs an investigation by seamlessly switching between
- Threat Intelligence Insights (focused on incident detection)
- Date Explorer (focused on incident investigation)
- Cases (focused on incident response) with SOAR license that provides automation and orchestration of the cases.