IBM Security SOAR (Resilient)
Getting Started with IBM Security SOAR (formerly Resilient)
The total time required to complete this roadmap is 5h 9m.
Overview and install
User management and authentication
Common use cases
Badges and Certifications
IBM Security SOAR Application Administrator/Saas Administrator (Master Administrator)
The total time required to complete this roadmap is 2h 18m.
Setting up the ORG
Playbook Designer/ Developer
The total time required to complete this roadmap is 9h 28m.
Foundations of Design
Automation and Integrations
The total time required to complete this roadmap is 48m.
IBM Security SOAR Security Foundations
IBM Security SOAR Dashboards and Reporting
Artifacts and Threat Feeds
The total time required to complete this roadmap is 37m.
IBM Security SOAR Privacy Foundations
IBM Security SOAR System Administrator (OVA Administrator)
The total time required to complete this roadmap is 2h 35m.
Logging and troubleshooting
Backup and DR
Experts from the IBM Resilient and QRadar Support teams show the SOC analyst how to safely and effectively troubleshoot their Resilient integration with QRadar when issues arise. This video is a recording of a live Open Mic web seminar originally broadcast
- How to enable debug and retrieve logs
- Checking connectivity
- How to read the logs
- Using the IBM QRadar API
- Common errors
- Opening a case, what next?
- Questions for the panel
- Automate the escalation and collection of data
- Manage a ransomware attack
- Deal with a data breach involving an inside actor
- Accelerate your Response to Phishing Attacks
The Resilient platform implements incident responses through the use of dynamic playbooks. A dynamic playbook is the set of rules, conditions, business logic, workflows and tasks used to respond to an incident. The Resilient platform updates the response
automatically as the incident progresses and is modified.
In this course, you learn the Resilient basic concepts, platform architecture, and will review a demonstration of the installation process.
- Learn the value of IBM Resilient
- Review the introduction video to the IBM Resilient platform
- Learn the IBM Resilient Platform architecture
- Learn about necessary prerequisites
- Review the installation process
- Describe the value of dynamic playbooks
This course is designed to provide an initial introduction to Resilient Incident Response Program. It will help you understand how Resilient can be integrated in your environment and provide the tools to get started.
- Introduction to Resilient
- How Resilient Aligns to your Organization
- Installing & Administering Resilient
- Developing Playbooks
- Resources and Support
This lab focuses on the integration of IBM Security Resilient SOAR Platform and IBM Security QRadar SIEM products.
The IBM QRadar SIEM solution helps you monitor and detect security threats. Based on the QRadar correlation rule engine (CRE), the product can generate offenses that require the attention of a security analyst.
- The IBM Resilient QRadar Integration app
The app is installed on QRadar. It is responsible for sending the offense, offense details, owner, and artifacts to Resilient as well as synchronizing notes, and synchronizing closure of the incident or the offense on the both platforms.
- The QRadar Functions for Resilient app
The app installs on the Resilient App Host. The app can run the searches of QRadar data by using QRadar Ariel Query Language (AQL) and API calls to perform updates of QRadar configuration such as manipulation of the data in the QRadar reference sets.
Some of the topics covered in the lab are:
- Install QRadar app for Resilient
- Configure QRadar app for Resilient
- Customize the Resilient configuration
- Customize the Jinja templates
- Configure Custom Actions and synchronization
- Install QRadar functions for Resilient
- Create table with artifacts by using the QRadar functions
- Create action to search QRadar for file hashes from a log source
- Test the apps integration and customization using the QRadar offenses