Incident Response Latest
Incident Response Latest Courses:
In the second session of the Resilient Developer's Corner series, learn about the best ways to define and include your integrations Rules and Workflows in your integration package.
- Activity Fields
- Workflow Status
- Action Status
Duration: 26 minutes
Learn about the newest integration and how it can be leveraged in your environment. Utilize data in Resilient the way you want to by leveraging the newly released Data Feeder extension. This extension allows you to maintain “replica” data of a Resilient system for the purposes of reporting. It also allows enhanced accessibility of your data by allowing you to run business intelligence (BI) queries from other tools.
Join Ray Suarez, Product Manager for Resilient, in this month’s update to learn about one of our newest integrations.
- The need for SOAR data
- Resilient & Data Feeder Integration
- Resilient Data Storage Overview
- app.config Configuration File
- Specify Incident Range
- A Tour of the App Exchange
- Resilient Actions Demonstration
- Review of the Resilient integrations
- Questions and answers
Duration: 19 minutes
This is the first session of the multi-part Resilient Developer's
Corner series. As additional parts are published, links will be added to
the Quick references section below.
Learn how to start writing an integration and how to use the template files auto-generated from Resilient functions.
- Future recordings in this series
- Integration Taxonomy
- Integration Environment
- Demonstration using Resilient Console
- Customization settings
- Message Destinations
- Using codegen to automate the generation of Python integration code
- Detailed example of building out an integration in Python
Duration: 30 minutes
This video demonstrates how to create and use a Notify Data Protection Officer Task to automatically notify your DPO when specified conditions are met.
Duration: 3 minutes
This video demonstrates how Resilient Task Helper Functions can help
clean and consolidate notes to improve visibility into completed tasks
and ultimately cut down the time to respond for your security team.
The MITRE ATT&CK Framework is a globally-accessible knowledge base of advisory tactics and techniques based on real-world observations.
The ATT&CK knowledge base is used as a foundation for the development of specific threat models and methodologies in the private sector, in government, and in the cybersecurity product and services community.
This video provides and overview of the MITRE ATT&CK Framework, followed by a discussion of how IBM Resilient and other IBM Security products use MITRE ATT&CK with a live demonstration and a Q&A.