XGS Basics

Click roadmap title to expand/collapse roadmap

XGS: Administrator

An XGS Administrator uses XGS to perform basic network security protection and is responsible for device administration and basic security policy management. The administrator must understand the concepts of IBM X-Force Protocol Analysis Module (PAM) and how to use it for security event analysis. It is important that an XGS Administrator have a working knowledge of SiteProtector.

XGS Foundations

These courses introduce you to basic XGS concepts.


These courses deal with administering and maintaining the XGS appliance.

Security Policy Management

These courses teach how to configure the XGS appliance to provide network protection.


These courses teach you how to perform basic troubleshooting tasks in your XGS environment.

Analyzing Events

In this course, you will learn how to use the appliance's home dashboard to quickly view the most important events, the different types of events the appliance can detect and how to monitor them, and the advantages of using flow data graphs to conduct network usage investigations.

Controlling User Access

The XGS appliance is IBM's next generation Intrusion Prevention Systems (IPS). The appliance can monitor user activity on the network and block certain users and groups for accessing and using certain network applications and resources. This video series explains how to implement this functionality and how to track and block user activity on the network.

Core Security Policies

In this video series, you learn about the XGS Network Access Policy, Intrusion Prevention Policy, and IPS Event Filter Policy. Using the SiteProtector management system, you learn how to configure the policies, how the policies work together, and how they provide different levels of protection.

Generating ATP Alerts Using an API

This video demonstrates the API used to send the web services calls that generate the Advanced Threat Protection (ATP) type of security event alerts. This video is part of the XGS Advanced Topics course (IS680). It represents exercise five in Unit 06.

Implementing SNORT and Open Signatures

SNORT is open-source based software for Intrusion Prevention Systems (IPS) devices. Using the SNORT syntax, users can write the rules for IPS, or borrow, download, and buy already written SNORT rules on the market. If you want to write and implement your own set of rules, use the Open Signature policy to write and import rules written in SNORT syntax. This video walks you through the Open Signature policy.

Installation and Initial Setup

This video shows how to configure the IBM Security Network Protection for VMWare when installing the virtual appliance for the first time, using the command-line interface (CLI). The configurations steps are:

-    Logging in

-    Accepting the IBM Software License Agreement

-    Enabling FIPS mode

-    Changing passwords

-    Configuring the host

-    Configuring management interfaces

-    Configuring DNS information

-    Reviewing the configuration

Integration with SiteProtector

SiteProtector is the management platform used to enforce centralized policy management and event analysis from multiple XGS appliances. When SiteProtector takes control of the XGS, many of the administrative tasks can be done only thought the SiteProtector interface. 

In this video series, you learn how to register the XGS appliance in SiteProtector, push the licenses, and merge XGS local polices with the default polices in SiteProtector. 

IPS Authenticated User Policy

This XGS video demonstrates how to control user access to the network resources.

IPS Configuring Policies

This XGS demonstration focuses on policy configuration.

IPS Identifying Network Usage

This XGS video demonstrates how XGS can monitor and control network usage.

IPS Overview

This XGS demonstration of XGS product focuses on key IPS features.

IPS Protect Intellectual Property

This XGS demonstration focuses on blocking access to certain network applications and resources that can expose company information.

IPS Simple URL Category Block

This XGS demonstration focuses on blocking URLs.

IPS Terminology

The XGS demonstration focuses on the key IPS features.


The XGS demonstration focuses on blocking URLs.

IPS Using the API

This video demonstrates Using the API in IBM Security Network Protection

IPS Web Application Policies

This XGS demonstration focuses on Web Application policies.

ISNP appliance hardware overview

This video provides you with a high-level overview of the hardware components of the IBM Security Network Protection (or XGS) appliance, also referred to as ISNP.

ISNP network architecture

This video provides you with a high-level overview of the network architecture for the IBM Security Network Protection (or XGS) appliance, also referred to as ISNP, in which you’ll learn different considerations when placing the appliance on your network.

Light DLP Setup

The XGS appliance is IBM's next generation Intrusion Prevention Systems (IPS). One of the XGS features is a light version of Data Leakage Protection (DLP) that can help in overall DLP design and architecture. The key characteristic of a DLP implementation in XGS is Content Analyzer Module (CAM). The CAM module can detect certain patterns of Personal Identifiable Information (PII) over limited number of network protocols and file formats. The video shows an example of a CAM implementation. 

Overview of Appliance Portfolio and Network Architecture

This course gives you an overview of the IBM Security Network Protection, or XGS appliance. You will learn what a next-generation IPS is, what are its main features and how to deploy it in your network. You also learn the main hardware components the different XGS appliance models can offer.

Overview of the IBM Security Network Protection (XGS) for VMWare

This video series demonstrates the completion of lab exercises that were offered at InterConnect 2016.  You will learn all the differences that XGS for VMWare has with its physical appliance version: its limitations, the scenarios in which it is best suited, and how to configure it to work properly. 

Transferring your GX Configuration Settings to an XGS Configuration

This video shows, with examples, the configuration of different functionalities on the IBM Secuirty Intrusion Prevention System (or GX appliance) and how these configurations are performed in the IBM Network Protection (or XGS appliance); thus reducing the learning process when transitioning from the GX to the XGS technology

Understanding PAM

Protocol Analysis Module (PAM) provides deep packet inspection and blocks malicious network traffic based on the signatures provided by IBM X-Force. In this course, you learn the key principles behind how PAM works. 

Using IP Reputation and Geolocation

This video explains how the IBM XGS product enhances the protection of enterprise networks by leveraging research information from IBM X-Force about IP reputation and geolocation. In part, the demonstration shows how those features can be demonstrated in lab setups that use private IP addresses.

Using the IBM XGS Command-Line Interface (CLI) for troubleshooting

The XGS Command-Line Interface (CLI) provides many different features to help you control and obtain important information from your XGS appliance for management and troubleshooting purposes. These features are classified hierarchically in different menus, or modes, which are accessed by typing their corresponding names, or commands. This course includes the following content:

  1. Introduction to the XGS command line interface (CLI)
    This video introduces the CLI, what it is used for, explains the modes and commands, and an overview of the global commands.
  2. XGS CLI modes Part I
    This video describes and demonstrates how to use the following CLI modes:
    1. Certificates
    2. Firmware
    3. Management
    4. OpenSignatures
  3. XGS CLI modes Part II
    This video describes and demonstrates how to use the following CLI modes:
    1. Protection
    2. Session
    3. Snapshots
    4. Stats
    5. Support
    6. Sysinfo
  4. Analysis
    This video shows how to leverage the analysis mode in the XGS CLI to troubleshoot the appliance using a few commands. It includes how to set the debug levels, how to use filters and how to disable Deep Packet Inspection.
  5. Logs
    This video describes the usage of four logs from the XGS CLI to troubleshoot the XGS appliance: System, Webserver, Updates, and Analysis. It includes a description of three methods to examine these log files: Tail, Less, and Grep.
  6. Capture
    This video describes how to use capture packets from the XGS CLI that can be used to perform advanced research and troubleshoot the XGS appliance. It shows how to capture logs on both the management and protection interfaces.

Note:  The videos in this series will display in their own windows to provide a better viewing experience.  You might have to disable the pop-up blocker in your browser if prompted to do so.

Using X-Force Exchange Information for XGS Administration

This course explains how to use IBM X-Force Exchange to research signatures and vulnerabilities.

What's New in the Latest XGS Firmware Updates - Interconnect 2017 presentation

This presentation talks about the features released in the latest version of XGS firmware delivered through 2016 and beginning of 2017. The session will cover the latest features such as hardware updates, stacking, integration with QRadar, QFlow enhancements, syslog over TLS and so on.

XGS 7100 stacking

In this video, you see how you can stack two IBM QRadar Network Security XGS 7100 appliances to significantly increase the amount of throughput traffic you are able to inspect for threats.

XGS Management Dashboard Overview

The video provides an overview of the XGS dashboard.