IBM Security SOAR (Resilient)

Click roadmap title to expand/collapse roadmap

Getting Started with IBM Security SOAR (formerly Resilient)

The total time required to complete this roadmap is 5h 9m.

This roadmap is designed to provide an initial introduction to Resilient Incident Response Program.

Overview and install

These courses help you to understand how IBM Security SOAR can be integrated into your environment and provide the tools to get started.

On-premises setup

Learn how to perform the initial configuration to start using IBM Security SOAR.

User management and authentication

Learn how to configure user access

Common use cases

Learn about typical scenarios for using IBM Security SOAR.

Badges and Certifications

Official IBM badges and professional certifications related to this role that can be earned

Click roadmap title to expand/collapse roadmap

Playbook Designer/ Developer

The total time required to complete this roadmap is 9h 28m.

This roadmap instructs the designer in the features available for creating playbooks within IBM Security SOAR.

Foundations of Design

These courses are about using the design components which make up a playbook in IBM Security SOAR.

Automation and Integrations

These courses teach you about automation of your playbooks in IBM Security SOAR.

Click roadmap title to expand/collapse roadmap

Security Analyst

The total time required to complete this roadmap is 48m.

As a Security Analyst you will learn how to manage, use and respond to security events using IBM Security SOAR playbooks.

IBM Security SOAR Security Foundations

These courses teach you how to investigate and remediate security incidents using IBM Security SOAR.

IBM Security SOAR Dashboards and Reporting

These courses teach you how to create custom dashboards and reports from your incident data.

Artifacts and Threat Feeds

These courses will teach you how threat intelligence can perform automatic enrichment for artifacts.

Click roadmap title to expand/collapse roadmap

Privacy Officer

The total time required to complete this roadmap is 37m.

As a Privacy Officer/ Analyst you will learn how to configure IBM Security SOAR Privacy and to manage, use and respond to privacy events in your organization.

IBM Security SOAR Privacy Foundations

These courses will teach you how to manage and respond to privacy events using IBM Security SOAR.

Troubleshooting Resilient and QRadar Integration Open Mic

Experts from the IBM Resilient and QRadar Support teams show the SOC analyst how to safely and effectively troubleshoot their Resilient integration with QRadar when issues arise. This video is a recording of a live Open Mic web seminar originally broadcast on 29-July-2020.

Agenda:

  • How to enable debug and retrieve logs
  • Checking connectivity
  • How to read the logs
  • Using the IBM QRadar API
  • Common errors
  • Opening a case, what next?
  • Questions for the panel


Duration: 26minutes


Common Resilient use cases

Overview

This course covers 4 common scenarios that demonstration of how the Resilient Incident Response Platform can be used to

  • Automate the escalation and collection of data
  • Manage a ransomware attack
  • Deal with a data breach involving an inside actor
  • Accelerate your Response to Phishing Attacks
Closed captions: English, French, German, Spanish and Japanese

Getting started with IBM Resilient

Overview

Resilient Incident Response Platform is a central hub for incident responses that helps make incident response efficient and compliant. The platform is based on a knowledge base of incident response best practices, industry standard frameworks, and regulatory requirements.

The Resilient platform implements incident responses through the use of dynamic playbooks. A dynamic playbook is the set of rules, conditions, business logic, workflows and tasks used to respond to an incident. The Resilient platform updates the response automatically as the incident progresses and is modified.
In this course, you learn the Resilient basic concepts, platform architecture, and will review a demonstration of the installation process.

Objectives

  • Learn the value of IBM Resilient
  • Review the introduction video to the IBM Resilient platform
  • Learn the IBM Resilient Platform architecture
  • Learn about necessary prerequisites
  • Review the installation process
  • Describe the value of dynamic playbooks
Closed captions: English, French, German, Spanish and Japanese

Introduction to Resilient

Overview

This course is designed to provide an initial introduction to Resilient Incident Response Program. It will help you understand how Resilient can be integrated in your environment and provide the tools to get started.



Agenda

  1. Introduction to Resilient
  2. How Resilient Aligns to your Organization
  3. Installing & Administering Resilient
  4. Developing Playbooks
  5. Resources and Support

Guardium and Resilient integration: Email Connector

In this video, you will see how to set up IBM Guardium email alerts in an IBM Resilient incident response workflow using the Resilient Email Connector.

IBM Resilient SOAR and IBM QRadar integration

This lab focuses on the integration of IBM Security Resilient SOAR Platform and IBM Security QRadar SIEM products.
The IBM QRadar SIEM solution helps you monitor and detect security threats. Based on the QRadar correlation rule engine (CRE), the product can generate offenses that require the attention of a security analyst.

Then, to conduct a more comprehensive investigation, you can bring offenses to the Resilient platform as incidents to take advantage of the Resilient playbooks and, if needed, make corrections in QRadar. Also, the integration keeps notes that are related to offenses and incidents in sync on both products, including the closing of offenses and incidents.

Thus, the integration is bidirectional, and according to the previous diagram, it has two components:
  • The IBM Resilient QRadar Integration app
    The app is installed on QRadar. It is responsible for sending the offense, offense details, owner, and artifacts to Resilient as well as synchronizing notes, and synchronizing closure of the incident or the offense on the both platforms.
  • The QRadar Functions for Resilient app
    The app installs on the Resilient App Host. The app can run the searches of QRadar data by using QRadar Ariel Query Language (AQL) and API calls to perform updates of QRadar configuration such as manipulation of the data in the QRadar reference sets.

Some of the topics covered in the lab are:

  • Install QRadar app for Resilient
  • Configure QRadar app for Resilient
  • Customize the Resilient configuration
  • Customize the Jinja templates
  • Configure Custom Actions and synchronization
  • Install QRadar functions for Resilient
  • Create table with artifacts by using the QRadar functions
  • Create action to search QRadar for file hashes from a log source
  • Test the apps integration and customization using the QRadar offenses