System Integrations

This category contains integration scenarios that use IBM Security Intelligence products.

System Integrations Courses:

MaaS360 and QRadar SIEM integration

This video series demonstrates integration between IBM MaaS360 and IBM QRadar SIEM. It includes the following demonstrations:

  • MaaS360 and QRadar Integration overview
  • Sending MaaS360 events to QRadar SIEM
  • Installing the MaaS360 app
  • Using QRadar Action Script with MaaS360 API

Prerequisites: This video series assumes that you have the following skills:

  • Basic knowledge of QRadar SIEM concepts
  • Basic knowledge of the MaaS360 portal
  • Basic knowledge of Python scripting

For more information about these topics, visit the QRadar SIEM and MaaS360 roadmaps in the Security Learning Academy.


Carbon Black Response - Integrating with IBM QRadar SIEM

This course includes two technical demonstrations that highlight how Carbon Black Response and IBM QRadar SIEM integrate to quickly detect, respond, and remediate live security incidents. This integration is part of the long standing strategic partnership between Carbon Black and IBM.

i2 Analyst's Notebook - QRadar Integration

Objective

Learn how i2 Analyst's Notebook QRadar Offense investigator provides integration between QRadar SIEM and i2 Analyst's Notebook.

Duration

2 minutes

Resilient and QRadar Advisor integration topics

Overview

  • Part 1 demonstrates the integration of QRadar Advisor with Watson with Resilient functionality. QRadar with Watson provides artificial intelligence to automatically investigate and provide insights to threat indicators and related entities. Integration with Resilient allows the security analyst to automatically track and enrich incident artifacts and reporting.
  • Part 2 demonstrates how to use Resilient as a workflow automation tool to enhance the analyst's ability to manage the response to the more complex threats that require more than the actions allowed directly from within QRadar.


QRadar and AppScan integration

This course shows you how to integrate a scanner, such as IBM Security AppScan, with QRadar SIEM. This integration can help you correlate vulnerabilities discovered by the scanner with other log sources, such as IBM XGS, to protect your network assets from the attack at the application level.

Building the MITRE ATT&CK Framework into your Resilient Incident Response

The MITRE ATT&CK Framework is a globally-accessible knowledge base of advisory tactics and techniques based on real-world observations.

The ATT&CK knowledge base is used as a foundation for the development of specific threat models and methodologies in the private sector, in government, and in the cybersecurity product and services community.

This video provides and overview of the MITRE ATT&CK Framework, followed by a discussion of how IBM Resilient and other IBM Security products use MITRE ATT&CK with a live demonstration and a Q&A.


Using IBM X-Force Indicators of Compromise in QRadar

IBM Security X-Force continuously monitors threats and contributes to the X-Force collections with Indicators of Compromise (IoC). Some of the X-Force collections and threat intelligence data are public and some is premium. To effectively search and discover malicious activity in your organization based on X-Force threat intelligence, you can use the "Am I Affected" feature. To continuously and proactively monitor IBM Security QRadar events and receive X-Force threat intelligence data, install and configure the free Threat Intelligence app from the IBM Security App Exchange. This video describes those integrations that use the X-Force threat intelligence data related to malicious threats associated with the COVID-19 pandemic.


Protect against ransomware using Guardium Data Encryption and QRadar

This video presented by Jose Bravo discusses a technique to use Guardium Data Encryption and QRadar to help protect against ransomware.

IBM Security Secret Server and QRadar integration
NEW

This course demonstrates integration between IBM Security Secret Server and IBM Security QRadar SIEM. You use Secret Server to manage privileged user account activity, which is reported to QRadar in syslog events.

In the course demonstration, syslog CEF logging is enabled in Secret Server, and QRadar is configured to parse and normalize the events that are received from Secret Server. As part of the course, a custom content extension is provided, which contains over 170 mapped events from the Secret Server. In addition, the extension has one custom rule, two reference sets, two custom search queries, and one log source type named SecretServer_SLA.
The purpose of this custom extension is to show how Secret Server can help you investigate some critical activities.


Giving QRadar SOAR Capabilities with CP4S
NEW

In this video, Jose Bravo demonstrates the value that Cloud Pak for Security (CP4S) brings to a QRadar environment. Jose will demonstrate an attack on a Windows system and how QRadar recognizes an offense has occurred and triggers CP4S to take automated remedial action.