System Integrations

This category contains integration scenarios that use IBM Incident Response products.

System Integrations Courses:

Giving QRadar SOAR Capabilities with CP4S
NEW

In this video, Jose Bravo demonstrates the value that Cloud Pak for Security (CP4S) brings to a QRadar environment. Jose will demonstrate an attack on a Windows system and how QRadar recognizes an offense has occurred and triggers CP4S to take automated remedial action.


22m      Intermediate
IBM Resilient SOAR and IBM QRadar integration
NEW

This lab focuses on the integration of IBM Security Resilient SOAR Platform and IBM Security QRadar SIEM products.
The IBM QRadar SIEM solution helps you monitor and detect security threats. Based on the QRadar correlation rule engine (CRE), the product can generate offenses that require the attention of a security analyst.

Then, to conduct a more comprehensive investigation, you can bring offenses to the Resilient platform as incidents to take advantage of the Resilient playbooks and, if needed, make corrections in QRadar. Also, the integration keeps notes that are related to offenses and incidents in sync on both products, including the closing of offenses and incidents.

Thus, the integration is bidirectional, and according to the previous diagram, it has two components:
  • The IBM Resilient QRadar Integration app
    The app is installed on QRadar. It is responsible for sending the offense, offense details, owner, and artifacts to Resilient as well as synchronizing notes, and synchronizing closure of the incident or the offense on the both platforms.
  • The QRadar Functions for Resilient app
    The app installs on the Resilient App Host. The app can run the searches of QRadar data by using QRadar Ariel Query Language (AQL) and API calls to perform updates of QRadar configuration such as manipulation of the data in the QRadar reference sets.

Some of the topics covered in the lab are:

  • Install QRadar app for Resilient
  • Configure QRadar app for Resilient
  • Customize the Resilient configuration
  • Customize the Jinja templates
  • Configure Custom Actions and synchronization
  • Install QRadar functions for Resilient
  • Create table with artifacts by using the QRadar functions
  • Create action to search QRadar for file hashes from a log source
  • Test the apps integration and customization using the QRadar offenses

En
1h 30m      Advanced