Application programming interfaces (APIs) can greatly increase the functionality of the IBM Network Protection (XGS) appliance. In this course, you learn about the structure of the XGS appliance and how to use APIs that send management commands and APIs that send alerts to communicate with the appliance. This unit describes general web services commands or methods and how to create them using the cURL utility. You also learn to use the web services API to manage the appliance. Finally, you learn about using APIs to send alerts to third-party advanced threat protection (ATP) agents.
Advanced persistent threat (APT) attacks are in the news because, by using advanced sophisticated techniques, attackers stay stealthy after the initial break-in and usually steal millions of confidential and personal sensitive information. These videos describe the anatomy of APT attacks and where in the attack process XGS can be helpful.
This video demonstrates the weaknesses of SNORT pattern-matching signatures as compared to the IBM Protocol Analysis Module (PAM) engine when the original exploit is modified. For the purpose of the demonstration, you use the Metasploit Framework and vulnerability described in CVE-2013-0422. In the second video, the same SNORT issues is demonstrated using CVE-2012-0507.
XGS: Senior Administrator
This roadmap helps you leverage additional features in your XGS appliance, which increases the scope of protection you can manage as an IBM Network Protection Administrator. You learn how to apply protection policies to encrypted traffic, use SNORT signatures as an extra inspection engine to PAM, create policies based on user identity, prevent the unauthorized transmission of sensitive information, and navigate the command line interface for more granular control of the appliance and initial troubleshooting. It is important that an XGS Administrator have a working knowledge of SiteProtector.