The IBM Security Immune System looks at a security portfolio in an organized fashion - as an integrated framework of security capabilities that transmits and ingests vital security data to help gain visibility, understand, and prioritize threats, and coordinate multiple layers of defense. At its core, the system automates policies and block threats - just as the human immune system can assess and identify a virus and then trigger an immune response.

IBM believes that companies using point solutions cannot effectively combat advanced threats. These organizations should look at their security assets as organs in the human body, interacting with each other to fight disease and improve health. Integrated security solutions and security analytics are the key to a healthy Security Immune System.

This presentation delves into the integration points within the IBM Security Immune System, with a focus on architecture and technical details. Security architects and security analysts will find this session a strong introduction to building real-world security for their enterprise.

This course shows you how to integrate a scanner, such as IBM Security AppScan, with QRadar SIEM. This integration can help you correlate vulnerabilities discovered by the scanner with other log sources, such as IBM XGS, to protect your network assets from the attack at the application level.

This course demonstrates how IBM i2 Enterprise Insight Analysis (EIA) and IBM i2 Analyst's Notebook can enrich the analysis of an IBM QRadar offense by curating and importing data from several disparate sources into the EIA Information Store. In this use case, data from multiple sources is imported into i2 Analyst's Notebook where you use link analysis to uncover connections and networks among different entities as well as behavior patterns.

Among the topics that you will cover in this course are:

• Using the Offense Investigator app to bring a QRadar offense into i2 Analyst's Notebook (ANB) and expanding on an offense
  
• Connecting to (EIA) from i2 Analyst's Notebook to  to find data using Search and Visual Search tools from the Home toolbar
  
• Using Expand and Expand with Conditions to bring linked items from the EIA Information Store into an ANB chart to visualize connections
• Using i2 Analyst's Notebook analysis tools and the Analyze toolbar features like Search, List Items, Bar Charts and Histograms, Find Connecting Network
• Bringing data from multiple sources into one analytical investigation to shut down security breaches and to find out who is behind them and why

This video series demonstrates integration between IBM MaaS360 and IBM QRadar SIEM. It includes the following demonstrations:

• MaaS360 and QRadar Integration overview
  
• Sending MaaS360 events to QRadar SIEM
  
• Installing the MaaS360 app
  
• Using QRadar Action Script with MaaS360 API

Prerequisites: This video series assumes that you have the following skills:

• Basic knowledge of QRadar SIEM concepts
• Basic knowledge of the MaaS360 portal
• Basic knowledge of Python scripting

For more information about these topics, visit the QRadar SIEM and MaaS360 roadmaps in the Security Learning Academy.

This course teaches you how to take advantage of the information posted in IBM X-Force Exchange (XFE) platform by using the API, curl tool, and python language.

The course also demonstrates integration between XFE and QRadar SIEM using XFE SDK and direct integration or Threat Intelligence Application and TAXII endpoints.

Objectives

• Learn how to leverage the X-Force Exchange API, curl tool, and python scripts to pull threat data from the X-Force Exchange platform
• Install the Threat Intelligence app in QRadar SIEM
• Test the API using online documentation
• Use curl commands and the X-Force Exchange API documentation to simulate browser requests
  
• Write a python script that uses X-Force Exchange API code
• Use TAXII feeds, collections, and the QRadar Threat Intelligence app to integrate the X-Force Exchange API and QRadar SIEM
• Configure threat data feeds to monitor and detect ransomware outbreaks

This course includes two technical demonstrations that highlight how Carbon Black Response and IBM QRadar SIEM integrate to quickly detect, respond, and remediate live security incidents. This integration is part of the long standing strategic partnership between Carbon Black and IBM.

This course consists of a set of videos related to basic LDAP topics. The course is focused on IBM Security Directory Server, but the concepts are applicable to any LDAP v3 compliant directory. You learn about LDAP suffixes, directory information tree, object classes and attributes. The videos demonstrate basic LDAP commands: search, add, modify and delete. The video also explains concept of LDIF flies.

This lab demonstrates how IBM BigFix ® App for QRadar®  enhances security intelligence of managed endpoints.  You learn how endpoint information, such as vulnerabilities, patching status, software installed, and file hashes, are provided to the Security Analyst using the QRadar SIEM console. This lab contains a video that provides an overview of BigFix App for QRadar,  an installation video, and a hands-on section that gives you practice with the app's functions.

Objective

Learn how i2 Analyst's Notebook QRadar Offense investigator provides integration between QRadar SIEM and i2 Analyst's Notebook.

Duration

2 minutes

In this 4-part video series Jose Bravo demonstrates how you can detect and stop Ransomware from propagating by integrating IBM QRadar SIEM and IBM BigFix.

In a bonus video we describe an extended scenario integrating QRadar, XGS and BigFix helping with phishing and ransomware.