IBM Resilient
Click roadmap title to expand/collapse roadmap

Getting Started with IBM Resilient SOAR Platform

The total time required to complete this roadmap is 5h 9m.

This roadmap is designed to provide an initial introduction to Resilient Incident Response Program.

Overview and install

These courses help you to understand how Resilient can be integrated into your environment and provide the tools to get started.
IBM Cloud Pak for Security overview
Foundational
Tour Resilient on the Security Learning Academy
Foundational
Introduction to IBM Resilient SOAR
Foundational
Getting started with IBM Resilient
Foundational

On-premises setup

Learn how to perform the initial configuration to start using Resilient.
Initial configuration of the IBM Resilient appliance
Intermediate

User management and authentication

Learn how to configure user access
Setting up alternative authentication mechanisms in the IBM Resilient appliance
Intermediate
Managing users and groups in Resilient
Intermediate

Common use cases

Learn about typical scenarios for using Resilient.
Common Resilient use cases
Foundational

Badges and Certifications

Official IBM badges and professional certifications related to this role that can be earned
IBM Security Resilient Foundations Badge
Click roadmap title to expand/collapse roadmap

Resilient Application Administrator/Saas Administrator (Master Administrator)

The total time required to complete this roadmap is 2h 18m.

These courses teach you how to administer Resilient on both an On premise or SaaS deployment of Resilient SOAR platform

Managing users

Managing users and groups in Resilient
Intermediate
Resilient - Deleting or Deactivating a User
Foundational
Resilient - Deactivate user / Reassign
Foundational
Working with Resilient roles
Foundational
Resilient - Deleting Roles
Foundational

Authentication

Setting up alternative authentication mechanisms in the IBM Resilient appliance
Intermediate

Setting up the ORG

These courses teach you how to configure the Resilient Organization
Resilient - Organization Details
Foundational
Resilient - Organization Settings
Foundational
Resilient - Migrating Organizational Settings
Foundational
Resilient - Defanging URLs
Foundational
Resilient - Threat Sources Overview
Intermediate
Resilient - Notifications and substitution
Intermediate
Configuring automatic processing of inbound email in Resilient
Intermediate

Workspaces

Working with Resilient workspaces
Foundational
Click roadmap title to expand/collapse roadmap

Playbook Designer/ Developer

The total time required to complete this roadmap is 9h 28m.

This roadmap instructs the designer in the features available for creating playbooks within Resilient

Foundations of Design

These courses are about using the design components which make up a playbook in the Resilient SOAR platform.
Resilient - Modify the New Incident Wizard Layout
Foundational
Resilient - Reporting Custom Sections / Flags
Foundational
Resilient - Delete Incident / Bulk Actions
Foundational
Resilient - Artifact Relation
Foundational
Resilient - Threat Sources Overview
Intermediate
Creating custom graphs in the Resilient application
Intermediate
Resilient - Notifications and substitution
Intermediate
Resilient - How To Create Wikis
Intermediate
Resilient - Data Tables
Foundational
Resilient Rules and Workflows
Foundational
Resilient - Workflows
Foundational
Resilient - Dynamic Playbooks / Rules
Foundational
Resilient Developer's Corner - Integration First Steps
Intermediate
Building the MITRE ATT&CK Framework into your Resilient Incident Response
Foundational
Resilient - Tracking time spent on incident field values
Foundational

Automation and Integrations

These courses teach you about automation of your playbooks in the Resilient SOAR platform.
Common Resilient use cases
Foundational
Resilient Metrics Systems Administration
Foundational
Scale and Improve Automation in Resilient
Intermediate
Resilient Data Feeder Integration
Intermediate
Resilient Developer's Corner - Integration First Steps
Intermediate
Resilient Developer's Corner: Rules and Workflows
Intermediate
Publishing to the App Exchange
Intermediate
Inbound Mail Parsing and Configuration of Outbound Email for Resilient
Advanced
Resilient Intelligent Orchestration
Intermediate
Developing and Converting Apps for App Host in Resilient
Intermediate
Implementing your own Integration & Python Script into App Host
Intermediate
Click roadmap title to expand/collapse roadmap

Security Analyst

The total time required to complete this roadmap is 48m.

As a Security Analyst you will learn how to manage, use and respond to security events using Resilient playbooks.

Resilient Security Foundations

These courses teach you how to investigate and remediate security incidents using Resilient.
Resilient - Defanging URLs
Foundational
Resilient - How To Create Wikis
Intermediate
Resilient - Notifications and substitution
Intermediate
Resilient - Search
Foundational
Resilient - Reporting Custom Sections / Flags
Foundational
Configuring SMTP Notifications for IBM Resilient
Foundational
An Introduction to the IBM Resilient SOAR Interface
Foundational

Resilient Dashboards and Reporting

These courses teach you how to create custom dashboards and reports from your incident data
Resilient - Creating custom graphs for incident time tracking data
Foundational
Resilient - Reporting Custom Sections / Flags
Foundational
Creating custom graphs in the Resilient application
Intermediate

Artifacts and Threat Feeds

These courses will teach you how threat intelligence can perform automatic enrichment for artifacts.
Resilient - Threat Sources Overview
Intermediate
Resilient - Artifact Relation
Foundational
Resilient - Creating Custom Artifact Types
Foundational
Click roadmap title to expand/collapse roadmap

Privacy Officer

The total time required to complete this roadmap is 37m.

As a Privacy Officer/ Analyst you will learn how to configure Resilient Privacy and to manage, use and respond to privacy events in your organization.

Resilient Privacy Foundations

These courses will teach you how to manage and respond to privacy events using Resilient SOAR platform.
Managing GDPR Data Breach Notification Requirements with the Resilient Incident Response Platform
Foundational
Resilient - How to Pre-Select Privacy Regulators
Foundational
Resilient - How To Create a Notify Data Protection Officer (DPO) Task in Resilient
Foundational
Customize Your Framework to Comply with a Federal Trade Commission Consent Order
Foundational
Click roadmap title to expand/collapse roadmap

Resilient System Administrator (OVA Administrator)

The total time required to complete this roadmap is 2h 35m.

These courses teach you how to install and configure IBM Resilient on both the OVA and BYORHEL on premise deployments

Install

Resilient Prerequisites
Foundational
Initial configuration of the IBM Resilient appliance
Intermediate
Resilient - Installing via an OVA File
Intermediate
Resilient - External Network Configuration
Foundational

Configuration

Resilient security
Intermediate
Resilient - Backing up the Keyvault
Foundational
Resilient - Encrypting the Keyvault Password
Intermediate
Resilient - Keyvaults, Keystores and Secrets
Foundational

Logging and troubleshooting

Managing logs in the IBM Resilient appliance
Intermediate
Troubleshooting Resilient and QRadar Integration Open Mic
Intermediate

Authentication

Setting up alternative authentication mechanisms in the IBM Resilient appliance
Intermediate
Managing users and groups in Resilient
Intermediate

Backup and DR

Resilient - Backing up and Restoring
Foundational
Using Resilient disaster recovery health checks
Intermediate
Running Resilient disaster recovery playbooks
Intermediate
Setting up Resilient disaster recovery
Intermediate
Troubleshooting Resilient and QRadar Integration Open Mic

Experts from the IBM Resilient and QRadar Support teams show the SOC analyst how to safely and effectively troubleshoot their Resilient integration with QRadar when issues arise. This video is a recording of a live Open Mic web seminar originally broadcast on 29-July-2020.

Agenda:

  • How to enable debug and retrieve logs
  • Checking connectivity
  • How to read the logs
  • Using the IBM QRadar API
  • Common errors
  • Opening a case, what next?
  • Questions for the panel


Duration: 26minutes


26m      Intermediate
Developing and Converting Apps for App Host in Resilient

This course was originally broadcast as a live web seminar on 6-June-2020.

Resilient Engineering Manager Mark Scherfling walks us through the features and enhancements associated with building apps in the AppHost environment of IBM Security Resilient SOAR platform v37.


Agenda

  • Review of resilient-sdk
  • App Host for Developers
  • Migrating to App Host
  • Developing for App Host
  • Current Issues
  • Resources & References

Duration: 40 minutes


40m      Intermediate
Resilient and QRadar Integration Open Mic

This video is a recording of the Resilient and QRadar Integration Open Mic web seminar originally broadcast on 17-November-2020.

Agenda

  • Part 1: IBM Resilient (SOAR) QRadar Integration App
    • Installation
    • Configuration (JINJA template)
    • AQL Attachment
    • Syncing notes and offenses status
  • Part 2: QRadar Functions for Resilient
    • Installation of the Functions (AppHost)
    • Examples and demonstration of functions, workflows, rules, and actions that extract the data from QRadar
    • QRadar AQL Search
  • Questions & Answers

1h 5m      Intermediate
Playbook & Workflow Design Best Practices

In this session from Virtual Master Skills University 2020, Benoit Rostagni will show you advanced tips, tricks, and best practices for Playbook and Workflow design.

37m     
Dev/Acceptance/Production Best Practices

In this session from Virtual Master Skills University 2020, Benoit Rostagni show you advanced tips, tricks, and best practices for Dev, Acceptance, and Production in Resilient.

42m     
Installing and Configuring Integrations for Different Use Cases

In this session from Virtual Master Skills University 2020, Gerald Trotman will demonstrate how to install and configure various integrations for different use cases.

1h 10m     
Metrics and Reporting: ROI, KPI, SLA

In this session from Virtual Master Skills University 2020, Benoit Rostagni will teach you advanced tips, tricks, and best practices for metrics and reporting, including ROI, KPI, and SLA.

56m     
How to Perform a Health Check on Your Environment

In this session from Virtual Master Skills University 2020, Eric Vervoort will demonstrate the steps to performing a Health Check on your Resilient environment.

1h 1m     
The Future of Integrations: App and App Host

In this session from Virtual Master Skills University 2020, Michael Lyons will demonstrate the App Host, Resilient's new integration infrastructure that containerizes integrations and brings integration management into the WebUI, reducing the installation and deployment time of applications to minutes.

1h 15m     
What's New with Resilient?

In this session from Virtual Master Skills University 2020, Chris Neely will show you what's new with the latest release of Resilient.

1h      
Problem Solving and Debugging

In this session from Virtual Master Skills University 2020, Maurice Williams will explain how to identify and resolve some of the most common troubleshooting topics in Resilient.

53m