Cloud Pak for Security


IBM Cloud Pak for Security is a cloud-based platform that can easily connect to multiple data sources, process the data, and use it to solve different cybersecurity problems such as federated search across various security tools. IBM Cloud Pak for Security boosts your invitations, helps you to process your investigations and workflows faster, and closes the gap with new apps when there is a shortage of cybersecurity resources.

Cloud Pak for Security Courses:

Configuring IBM QRadar datasource for IBM Cloud Pak for Security

IBM Cloud Pak for Security platform helps to integrate tools and connect workflows across hybrid, multi-cloud environments. It uses connectors to your existing data sources to generate deeper insights and securely access IBM and third-party tools to search for threats across any cloud or on-premises location. This video demonstrates how to connect IBM QRadar Management Console to the IBM Cloud Pak for Security.

IBM Cloud Pak for Security overview

IBM Cloud Pak for Security is a platform to more quickly integrate your existing security tools to generate deeper insights into threats, orchestrate actions and automate responses—all while leaving your data where it is.

This video provides an overview of the IBM Cloud Pak for Security platform.


Investigate cybersecurity threats using IBM Cloud Pak for Security

This course demonstrates a typical cybersecurity investigation based on the field report from X-Force Exchange and the third-party vendor FireEye.
The investigation uses IBM Cloud Pak for Security, which can easily connect to multiple data sources and perform a federated search by using the Data Explorer app that runs in IBM Cloud Pak for Security.
You also learn how to use the Cases app, which helps to collect investigation artifacts and collaborate with the broader team that is involved in conducting the investigation.

Secure Your Hybrid, Multicloud Environment with Cloud Pak for Security

Businesses today are moving their operations to the cloud piece by piece, with applications and data spread across multiple clouds and on-premise resources. Securing this fragmented IT environment requires security teams to undertake costly migration projects and complex integrations, and continuously switch between different screens and products. This course shows you how IBM Cloud Pak for Security solves this problem!
 

IBM Cloud Pak for Security provides a platform to help more quickly integrate your existing security tools to generate deeper insights into threats across hybrid, multicloud environments, using an infrastructure-independent common operating environment that runs anywhere. You can quickly search for threats, orchestrate actions and automate responses—all while leaving your data where it is.

This course provides a deep dive on Cloud Pak for Security and how it can help solve your challenges. It will also cover Cloud Pak for Security features and capabilities available to use and an architectural overview. There is a demo of Cloud Pak for Security included in this video — to show how everything comes together.

Duration: 59 minutes

How do I install the SOAR license in Cloud Pak for Security 1.3
NEW

To access the complete capabilities provided by IBM® Orchestration & Automation, you must install your IBM Orchestration & Automation license.
This How do I video demonstrates steps to install SOAR license key using the Red Hat OpenShift Container Platform interface.
Note, to accomplish this task, you must log on to the Red Hat OpenShift Container Platform as OpenShift Administrator.

IBM Cloud Pak for Security - Connect QRadar on Cloud data source demo
NEW

The video provides a demonstration on how to connect the QRadar on Cloud (QROC) data source in Cloud Pak for Security.

IBM Cloud Pak for Security: Threat Intelligence Insights demo
NEW

IBM Security Threat Intelligence Insights is an app on Cloud Pak for Security that delivers unique and relevant threat intelligence prioritized for your organization. It seamlessly integrates with other apps on Cloud Pak for Security to further continue the investigation and remediation processes.

This video provides a demonstration of the Threat Intelligence Insights app on Cloud Pak for Security.

Duration: 22 minutes

IBM Cloud Pak for Security - How to connect a data source
NEW

This IBM Cloud Pak for Security video explains how to connect a data source, including what is a data source, what data sources are available for Cloud Pak for Security, and, what prerequisites are required before connecting a data source.

Also, you are introduced to an IBM tool called STIX-shifter that you can use with Cloud Pak for Security to create custom connectors. STIX is open standard and stands for Structured Threat Information eXpression (STIX™).

Duration: 3 minutes


Cloud Pak for Security - Cases app overview
NEW

Cloud Pak for Security comes with a Case Management application that integrates with other Cloud Pak for Security applications and provides basic case management capabilities. The main goal of this application is to help security investigations and response to incidents.

In Cloud Pak for Security 1.3, this basic Case Management application is expanded with automation and orchestration capabilities. However, those capabilities are licensed separately.

The video walks you thought the main features and terminology related to the Case Management app and Orchestration and Automation part. You learn about the concept of cases, tasks and phases, artifacts, incident classifications, user roles, simulation of dynamic playbooks. The main concepts for orchestration and automation are reviewed, such as scripts, rules, workflows, functions and message destinations.

Cloud Pak for Security - Architecture and installation overview
NEW

IBM Cloud Pak for Security is a platform that integrates security tools to gain insights into threats across hybrid, multicloud environments.

As more businesses move to the cloud, security data is frequently spread across different tools, clouds, and IT environments. This requires teams to spend more time integrating tools and information and maintaining those integrations, and less time securing their organizations. IBM Cloud Pak for Security helps teams address these issues with an open, secure platform. It is a platform that can deliver on connecting data, connecting workflows and connecting openly by helping you more quickly integrate your existing security tools to generate deeper insights into threats, orchestrate actions, and automate responses, all while you leave your data where it is.

This course describes critical components of the Cloud Pak for Security platforms such as multicloud adoption, private cloud requirements for storage and nodes spec, RedHat OpenShift 4.3, IBM Cloud Pak common services, Cloud Pak for Security core services, and apps.
This version of the Cloud Pak comes with three apps:
  • Data Explorer
  • Threat Intelligence Insights
  • Cases with Resilient
The course also provides a high-level installation process.

Objectives

  • Describe Cloud Pak for Security components stack
  • Explain dependencies on OpenShift and IBM Cloud Pak common services
  • Describe IBM Cloud Pak for Security core services and the apps
  • Explain high-level installation steps

Cloud Pak for Security - Users and general settings
NEW

Overview

This video provides an overview of users, roles, and general settings for the IBM Cloud Pak for Security platform. The video discusses how a user from LDAP is imported into IBM Cloud Private and then into Cloud Pak for Security. Users can have one of two main roles in Cloud Pak for Security: Admin and regular User. Depending on the role, the user can have different permissions for Data sources, Organization settings, and the User management tool.

Duration: 20 minutes

Cloud Pak for Security 1.3 Threat Investigation Demonstration
NEW

The video demonstrates how a security analyst who uses Cloud Pak for Security 1.3 performs an investigation by seamlessly switching between three apps:

  • Threat Intelligence Insights (focused on incident detection)
  • Date Explorer (focused on incident investigation)
  • Cases (focused on incident response) with SOAR license that provides automation and orchestration of the cases.