Cloud Pak for Security Platform

Cloud Pak for Security Platform Courses:

Installing and Configuring Cloud Pak for Security 1.4

In this course, Forrest Longanecker demonstrates 2 different ways to install and configure Cloud Pak for Security 1.4.

  1. Installing Cloud Pak for Security using the Command Line Interpreter (CLI)
  2. Installing Cloud Pak for Security using the IBM Cloud Catalog

IBM Cloud Pak for Security V1.5 Demonstration

IBM Cloud Pak for Security 1.5 is a unified platform designed to help you detect and respond to security threats with a simple unified experience without replacing your existing tools. This demonstration will show you how IBM Cloud Pak for Security puts the information you need at your fingertips to help mitigate a realistic real-world threat.

Cloud Pak for Security - Case Management app overview

Cloud Pak for Security comes with a Case Management application that integrates with other Cloud Pak for Security applications and provides basic case management capabilities. The main goal of this application is to help security investigations and response to incidents.

In Cloud Pak for Security 1.3, this basic Case Management application is expanded with automation and orchestration capabilities. However, those capabilities are licensed separately.

The video walks you thought the main features and terminology related to the Case Management app and Orchestration and Automation part. You learn about the concept of cases, tasks and phases, artifacts, incident classifications, user roles, simulation of dynamic playbooks. The main concepts for orchestration and automation are reviewed, such as scripts, rules, workflows, functions and message destinations.

Cloud Pak for Security 1.3 Threat Investigation Demonstration

The video demonstrates how a security analyst who uses Cloud Pak for Security 1.3 performs an investigation by seamlessly switching between three apps:

  • Threat Intelligence Insights (focused on incident detection)
  • Date Explorer (focused on incident investigation)
  • Cases (focused on incident response) with SOAR license that provides automation and orchestration of the cases.

IBM Cloud Pak for Security Developer Foundational Badge

CP4S Developer badge logo

Cloud Pak for Security - Developer Foundational


Overview

This course covers material important to the Cloud Pak for Security Developer. There is a strong focus on the development of STIX-shifter connectors. This badge is based on the IBM Cloud Pak for Security V1.5 release.


How can I earn this badge?

  • This badge is open to all IBM clients, business partners and employees.
  • Complete all courses listed in the 4 lesson sections below.
  • Earn 80% or higher on the exam.

IBM Cloud Pak for Security Investigator and Playbook Designer Demonstration
NEW

IBM Cloud Pak for Security is single platform designed to help cyber incident response teams mitigate threats faster by providing all the security information from different tools and log files the investigator needs in one place without having to jump between different applications.
In this use case, Mark Neumann demonstrates how to mitigate damage caused when an employee, who engaged in risky online activities, got his Social Security ID number stolen, and the subsequent attempts to use the stolen credentials to further penetrate the organization's systems.

Giving QRadar SOAR Capabilities with CP4S

In this video, Jose Bravo demonstrates the value that Cloud Pak for Security (CP4S) brings to a QRadar environment. Jose will demonstrate an attack on a Windows system and how QRadar recognizes an offense has occurred and triggers CP4S to take automated remedial action.


Cloud Pak for Security 1.5 - Architecture and installation overview

IBM Cloud Pak for Security is a platform that integrates security tools to gain insights into threats across hybrid, multicloud environments.

As more businesses move to the cloud, security data is frequently spread across different tools, clouds, and IT environments. This requires teams to spend more time integrating tools and information and maintaining those integrations, and less time securing their organizations. IBM Cloud Pak for Security helps teams address these issues with an open, secure platform. It is a platform that can deliver on connecting data, connecting workflows, and connecting openly by helping you quickly integrate your existing security tools to generate deeper insights into threats, orchestrate actions, and automate responses, all while you leave your data where it is.

This course describes critical components of the Cloud Pak for Security platforms such as multicloud adoption, private cloud requirements for storage and nodes spec, Red Hat OpenShift 4.3, IBM Cloud Pak common services, Cloud Pak for Security core services, and apps.
This version of the Cloud Pak comes with five apps:
  • IBM Security Data Explorer
  • IBM Security Threat Intelligence Insights
  • IBM Security Case Management
  • IBM Security User Behavior Analytics
  • IBM Security Risk Manager

The course also provides a high-level installation process.

Objectives

  • Describe Cloud Pak for Security components stack
  • Explain dependencies on OpenShift and IBM Cloud Pak common services
  • Describe IBM Cloud Pak for Security core services and the apps
  • Explain high-level installation steps

Cloud Pak for Security - Users and general settings

Overview

This video provides an overview of users, roles, and general settings for the IBM Cloud Pak for Security platform. The video discusses how a user from LDAP is imported into IBM Cloud Private and then into Cloud Pak for Security. Users can have one of two main roles in Cloud Pak for Security: Admin and regular User. Depending on the role, the user can have different permissions for Data sources, Organization settings, and the User management tool.

Duration: 20 minutes

Cloud Pak for Security 1.5 - Security Analyst Badge

Cloud Pak for Security - Security Analyst logo graphic

Cloud Pak for Security - Security Analyst


Overview

This enablement path is for SOC Analysts and technical resources who require a comprehensive knowledge of cybersecurity threat investigation using Cloud Pak for Security. By completing this enablement, you will know how to configure connectors to data sources, become familiar with federated searches, and be able to use filter and data analysis in the Data Explorer app, configure Threat Intelligence Insights and basics of Case Management. ​

IBM Cloud Pak for Security: Threat Intelligence Insights demo

IBM Security Threat Intelligence Insights is an app on Cloud Pak for Security that delivers unique and relevant threat intelligence prioritized for your organization. It seamlessly integrates with other apps on Cloud Pak for Security to further continue the investigation and remediation processes.

This video provides a demonstration of the Threat Intelligence Insights app on Cloud Pak for Security.

Duration: 22 minutes

Secure Your Hybrid, Multicloud Environment with Cloud Pak for Security

Businesses today are moving their operations to the cloud piece by piece, with applications and data spread across multiple clouds and on-premise resources. Securing this fragmented IT environment requires security teams to undertake costly migration projects and complex integrations, and continuously switch between different screens and products. This course shows you how IBM Cloud Pak for Security solves this problem!
 

IBM Cloud Pak for Security provides a platform to help more quickly integrate your existing security tools to generate deeper insights into threats across hybrid, multicloud environments, using an infrastructure-independent common operating environment that runs anywhere. You can quickly search for threats, orchestrate actions and automate responses—all while leaving your data where it is.

This course provides a deep dive on Cloud Pak for Security and how it can help solve your challenges. It will also cover Cloud Pak for Security features and capabilities available to use and an architectural overview. There is a demo of Cloud Pak for Security included in this video — to show how everything comes together.

Duration: 59 minutes

IBM Cloud Pak for Security overview

IBM Cloud Pak for Security is a platform to more quickly integrate your existing security tools to generate deeper insights into threats, orchestrate actions and automate responses—all while leaving your data where it is.

This video provides an overview of the IBM Cloud Pak for Security platform.


Investigate cybersecurity threats using IBM Cloud Pak for Security

This course demonstrates a typical cybersecurity investigation based on the field report from X-Force Exchange and the third-party vendor FireEye.
The investigation uses IBM Cloud Pak for Security, which can easily connect to multiple data sources and perform a federated search by using the Data Explorer app that runs in IBM Cloud Pak for Security.
You also learn how to use the Cases app, which helps to collect investigation artifacts and collaborate with the broader team that is involved in conducting the investigation.

Installing and configuring Cloud Pak for Security 1.3

This technical talk gives the inside scoop on installing and configuring Cloud Pak for Security version 1.3. David Druker covers prerequisites, IBM Cloud Platform install, CP4S application install, and post-installation tasks, including connecting an LDAP server and performing basic CP4S configuration. He discusses troubleshooting and resolving typical problems, as well as how to do upgrades.

The session includes screenshots of install procedures and a live demo of configuration procedures.

Agenda

  • Prerequisites & preparation
  • Open Cloud Product (OCP) installation
  • IBM Cloud Platform Common Services
  • Common Services, Foundations & Solutions Charts
  • Postinstallation
  • Available resources


Duration: 37 minutes

IBM Cloud Pak for Security - Security Engineer Badge

Cloud Pak for Security Security Engineer badge logo

Cloud Pak for Security - Security Engineer


Overview

The IBM Cloud Pak for Security Security Engineer badge earner is a systems engineer who has knowledge and experience installing, configuring, and maintaining IBM Cloud Pak for Security solution. This security engineer can perform advanced tasks related to the management and operation of the IBM Cloud Pak for Security environment including troubleshooting using the Cloud Pak for Security cpctl tool, acquiring the mustgather data, familiarity with IBM Cloud Platform Common Services, Docker and Red Hat OpenShift Container Platform.

How can I earn this badge?

  • This badge is open to all IBM clients, business partners and employees.
  • Complete all courses listed in the 3 lessons below.
  • Earn 80% or higher on the exam.

Using third-party threat feeds in Cloud Pak for Security
NEW

To add value to Cloud Pak for Security, you can enable third-party threat feeds. This video demonstrates how to use third-party threat feeds such as AlienVault, SANs ISC, and Virustotal within Cloud Pak for Security. It walks through step-by-step on how to view any information that is provided by the third-party threat feeds while you use an X-Force package or without X-Force enabled.  

Test C1000-115, IBM Cloud Pak for Security 1.x Administrator - Exam Preparation Checklist
NEW

Cloud Pak for Security Administrator certification logo

IBM Certified Administrator - Cloud Pak for Security 1.x

Overview

Job Role Description / Target Audience

An IBM Cloud Pak for Security v1.x Administrator is an experienced system administrator who has knowledge and experience installing, configuring, administering, and maintaining IBM Cloud Pak for Security in a cloud environment. This administrator can perform advanced tasks related to the daily management and operation of the IBM Cloud Pak for Security environment including IBM Cloud Platform Common Services and Red Hat OpenShift Container Platform.