This category contains integration scenarios that use IBM Incident Response products.
System Integrations Courses:
This video is a technical demonstration in which IBM Resilient and Carbon Black Response detect, respond, and remediate a live security incident. This integration is part of the long standing strategic partnership between Carbon Black and IBM.
This video is a technical demonstration of the integration between Carbon Black Response, IBM Resilient, and QRadar to detect, respond, and remediate a live security incident. This integration is part of the long standing strategic partnership between Carbon Black and IBM.
- Part 1 demonstrates the integration of QRadar Advisor with Watson with Resilient functionality. QRadar with Watson provides artificial intelligence to automatically investigate and provide insights to threat indicators and related entities. Integration with Resilient allows the security analyst to automatically track and enrich incident artifacts and reporting.
- Part 2 demonstrates how to use Resilient as a workflow automation tool to enhance the analyst's ability to manage the response to the more complex threats that require more than the actions allowed directly from within QRadar.
Experts from the IBM Resilient and QRadar Support teams show the SOC analyst how to safely and effectively troubleshoot their Resilient integration with QRadar when issues arise. This video is a recording of a live Open Mic web seminar originally broadcast
- How to enable debug and retrieve logs
- Checking connectivity
- How to read the logs
- Using the IBM QRadar API
- Common errors
- Opening a case, what next?
- Questions for the panel
In this video, Jose Bravo demonstrates the value that Cloud Pak for Security (CP4S) brings to a QRadar environment. Jose will demonstrate an attack on a Windows system and how QRadar recognizes an offense has occurred and triggers CP4S to take automated remedial action.
This lab focuses on the integration of IBM Security Resilient SOAR Platform and IBM Security QRadar SIEM products.
The IBM QRadar SIEM solution helps you monitor and detect security threats. Based on the QRadar correlation rule engine (CRE), the product can generate offenses that require the attention of a security analyst.
- The IBM Resilient QRadar Integration app
The app is installed on QRadar. It is responsible for sending the offense, offense details, owner, and artifacts to Resilient as well as synchronizing notes, and synchronizing closure of the incident or the offense on the both platforms.
- The QRadar Functions for Resilient app
The app installs on the Resilient App Host. The app can run the searches of QRadar data by using QRadar Ariel Query Language (AQL) and API calls to perform updates of QRadar configuration such as manipulation of the data in the QRadar reference sets.
Some of the topics covered in the lab are:
- Install QRadar app for Resilient
- Configure QRadar app for Resilient
- Customize the Resilient configuration
- Customize the Jinja templates
- Configure Custom Actions and synchronization
- Install QRadar functions for Resilient
- Create table with artifacts by using the QRadar functions
- Create action to search QRadar for file hashes from a log source
- Test the apps integration and customization using the QRadar offenses
This video is a recording of the Resilient and QRadar Integration Open Mic web seminar originally broadcast on 17-November-2020.
- Part 1: IBM Resilient (SOAR) QRadar Integration App
- Configuration (JINJA template)
- AQL Attachment
- Syncing notes and offenses status
- Part 2: QRadar Functions for Resilient
- Installation of the Functions (AppHost)
- Examples and demonstration of functions, workflows, rules, and actions that extract the data from QRadar
- QRadar AQL Search
- Questions & Answers