Integrated Security Solutions
This lab demonstrates bidirectional integration of IBM® QRadar® SIEM and IBM® Guardium®. QRadar SIEM collects the logs from various devices in enterprise networks. The logs are received through connectors called Device Support Module (DSM). QRadar has a DSM for Guardium. That DSM enables QRadar to receive and process logs from Guardium.
Alternatively, Guardium has an API that provides an option for QRadar to react to certain events detected by QRadar, and send Guardium those commands to adjust the database policy to properly react to the event. For example, if QRadar detects that the source IP from an internal network is communicating with an IP address classified as the Botnet Server, it can send a command to Guardium to block any access to the database from the same IP address. The call from QRadar to Guardium can be done using the Custom Actions feature of QRadar or using IBM Security Directory Integrator® (IDI) that acts as the proxy; transforming various events from QRadar into Guardium API calls.
This IDI solution uses custom
developed code that IBM provides as-is without any support and
maintenance commitments. You can download the code from the Security
Learning Academy in the Additional Resources section of this course.
This learning module demonstrates the integration of IBM Guardium and IBM IGI products to support the GDPR compliance initiative on structure data. The solution provides a custom developed AssemblyLine that runs in IBM Directory Integrator (IDI), and an IBM Identity Governance and Intelligence (IGI) Custom Adapter that requires IBM Directory Server and IDI to run.
The integration goal is to identify GDPR sensitive data using a provided sample database using IBM Guardium. Guardium then exports a report that contains users who have access to tables with GDPR relevant data. Then, the IGI Custom Adapter imports these reports into IGI for further compliance and access management.
The course provides a lab environment where the integration can be tested and demonstrated.
Also, if you do not have time to run the lab, you can review the videos that demonstrate all steps in the lab.The additional learning section provides a custom AssemblyLine and a custom IGI adapter as-is with no IBM support. You can provide feedback to the Security Learning Academy if you have any issues with the code.
This course demonstrates how IBM X-Force PAM engine works in IBM Security Access Manager (ISAM) appliance. The course is the how-to lab guide with the set of virtual machines that students can explore on they own time.
This course teaches you how to take advantage of the information posted in IBM X-Force Exchange (XFE) platform by using the API, curl tool, and python language.
The course also demonstrates integration between XFE and QRadar SIEM using XFE SDK and direct integration or Threat Intelligence Application and TAXII endpoints.
- Learn how to leverage the X-Force Exchange API, curl tool, and python scripts to pull threat data from the X-Force Exchange platform
- Install the Threat Intelligence app in QRadar SIEM
- Test the API using online documentation
- Use curl commands and the X-Force Exchange API documentation to simulate browser requests
- Write a python script that uses X-Force Exchange API code
- Use TAXII feeds, collections, and the QRadar Threat Intelligence app to integrate the X-Force Exchange API and QRadar SIEM
- Configure threat data feeds to monitor and detect ransomware outbreaks
course demonstrates how IBM i2 Enterprise Insight Analysis (EIA) and
IBM i2 Analyst's Notebook can enrich the analysis of an IBM QRadar
offense by curating and importing data from several disparate sources
into the EIA Information Store. In this use case, data from multiple
sources is imported into i2 Analyst's Notebook where you use link
analysis to uncover connections and networks among different entities as
well as behavior patterns.
Among the topics that you will cover in this course are:
- Using the Offense Investigator app to bring a QRadar offense into i2 Analyst's Notebook (ANB) and expanding on an offense
- Connecting to (EIA) from i2 Analyst's Notebook to to find data using Search and Visual Search tools from the Home toolbar
- Using Expand and Expand with Conditions to bring linked items from the EIA Information Store into an ANB chart to visualize connections
- Using i2 Analyst's Notebook analysis tools and the Analyze toolbar features like Search, List Items, Bar Charts and Histograms, Find Connecting Network
- Bringing data from multiple sources into one analytical investigation to shut down security breaches and to find out who is behind them and why
This lab demonstrates how IBM BigFix ® App for QRadar® enhances security intelligence of managed endpoints. You learn how endpoint information, such as vulnerabilities, patching status, software installed, and file hashes, are provided to
the Security Analyst using the QRadar SIEM console. This lab contains a video that provides an overview of BigFix App for QRadar, an installation video, and a hands-on section that gives you practice with the app's functions.
Explain the value of IBM BigFix App for QRadar during investigation and remediation
Install the BigFix App for QRadar
Use the hands-on lab environment that has BigFix Platform and BigFix App for QRadar installed to perform the following tasks:
Manage the distribution of patches and review vulnerability data on endpoints
Incorporate endpoint data gathered by BigFix Inventory using a default fixlet named Initiate Software Scan and a custom fixlet
Leverage endpoint compliance status information
Use X-Force Threat Intelligence data to verify the reputation of file hashes on endpoints
Enable or disable antivirus on Windows endpoints
In this lab, you learn how to use the User Behavior Analytics for QRadar (UBA) application to detect anomalous or malicious behavior. The lab comes with UBA already installed and configured. You learn to use the QRadar UBA Dashboard and how the application
can help you detect malicious user behavior. The lab also walks you through the investigation process and demonstrates the integration with QRadar Advisor with Watson. The QRadar Advisor with Watson app is also already installed and configured
in the lab. To learn more about QRadar Advisor with Watson, visit the dedicated section in the Security Learning Academy, where you can run the lab that is focused on QRadar Advisor with Watson. Finally, the lab walks you through tuning the rules for
user risky behavior by configuring the senseValue parameter.
UBA leverages the Machine Learning (ML) app to analyze risky user behavior. Because the Machine Learning part of the lab requires at least one week of historical data to properly analyze user behavior, it is not possible to demonstrate that feature in the lab that runs only about an hour. The machine learning part of QRadar UBA is covered in video training on the Security Leaning Academy.
Systems Integration Architect
A systems integration architect Is responsible for implementing integrated security solutions that support compliance, protect business assets, and combat security threats.