Only a partial course catalog displayed. Please click here to log in to see the complete catalog.


Course Search Results

Found 132 courses tagged with "Hands-on Lab Course".

This video and hands-on lab provide a real business user experience by guiding you through tasks typically performed by a line-of-business manager who uses BM Identity Governance and Intelligence (IGI) to manage accesses for his team members.

In this lab, you learn how to create and deploy complex automation sequences by using automation plans. You deploy an automation plan to perform the installation of a two-tiered web application. You also learn how to use server automation content to create and manage virtual machines in a VMware environment.

NEW

In this self-paced course, you will do a deep dive in the foundations of the IBM QRadar Application Framework components and learn how they are managed within QRadar.

 

This course demonstrates how IBM i2 Enterprise Insight Analysis (EIA) and IBM i2 Analyst's Notebook can enrich the analysis of an IBM QRadar offense by curating and importing data from several disparate sources into the EIA Information Store. In this use case, data from multiple sources is imported into i2 Analyst's Notebook where you use link analysis to uncover connections and networks among different entities as well as behavior patterns.

Among the topics that you will cover in this course are:

  • Using the Offense Investigator app to bring a QRadar offense into i2 Analyst's Notebook (ANB) and expanding on an offense
  • Connecting to (EIA) from i2 Analyst's Notebook to  to find data using Search and Visual Search tools from the Home toolbar
  • Using Expand and Expand with Conditions to bring linked items from the EIA Information Store into an ANB chart to visualize connections
  • Using i2 Analyst's Notebook analysis tools and the Analyze toolbar features like Search, List Items, Bar Charts and Histograms, Find Connecting Network
  • Bringing data from multiple sources into one analytical investigation to shut down security breaches and to find out who is behind them and why

Application administrators can use IBM® Privileged Identity Manager for Applications (App ID) to remove hard-coded and unsafely stored credentials from applications, Windows services, scheduled tasks, and scripts. The App ID feature can also be used to manage the credential entitlements, track the use of each credential, and automate periodic password changes.

The App ID toolkit is provided to register applications and to allow different types of applications to get credentials that are managed by IBM Privileged Identity Manager (PIM).

This lab has two sections that are independent of each other. The first part teaches you how to administer credentials for custom scripts using PIM V2.1. In the second part, you learn how to administer credentials for Windows services and scheduled tasks.


The Guardium Vulnerability Assessment application enables organizations to identify and address database vulnerabilities in a consistent and automated fashion. The assessment process in Guardium evaluates and recommends actions to improve the health of your database environment. In this lab, you learn how to configure and run a database vulnerability assessment.

You can develop custom applications by using the REST application programming interfaces (APIs) that come with IBM Privileged Identity Manager. The REST APIs are available so that you can administer the tasks outside the user interface.

In this lab, you learn how to call IBM Privileged Identity Manager (PIM) V2.1 Rest APIs using IBM Directory Integrator (IDI). You use IDI to call two PIM Rest APIs: Search users and Update a user. The main actor in this scenario is PIM user Irene Novak. Irene receives shared ID access after successful Rest API calls.


IBM Guardium provides over 600 preconfigured reports. As well as being useful in themselves, these reports can serve as templates to create a report customized to your specific needs. This saves time and effort.

In this 30 minute course, you will clone a Guardium query. You will customize the fields and conditions of this query, then generate a report from this new query.

This video demonstrates the weaknesses of SNORT pattern-matching signatures as compared to the IBM Protocol Analysis Module (PAM) engine when the original exploit is modified. For the purpose of the demonstration, you use the Metasploit Framework and vulnerability described in CVE-2013-0422. In the second video, the same SNORT issues is demonstrated using CVE-2012-0507.

In this two part lab, you learn how to configure MaaS360 Cloud Extender’s Certificate Integration module to integrate with a Microsoft CA to provision identity certificates for mobile devices. After you set up the Certificate Integration module, you configure the Enterprise Gateway module to use identity certificates for authentication.

In these exercises, you configure Transport Layer Security (TLS) (also known as SSL) communication between IBM Directory Server and IBM Directory Integrator.

The Advanced Access Control (AAC) functionality of IBM Access Manager is not enabled by default. The AAC module must be purchased and activated to enable this functionality.This lab provides procedures to activate and configure the Advanced Access Control module.
Access Manager appliance has a built-in live mobile demonstration application that is useful for demonstrating the AAC use cases. This lab also covers the steps to enable the live demo application.

Course revision - 1.0

SEC9764


IBM Access Manager provides OAuth 2.0 token introspection endpoint to support functions specified in RFC7662. The OAuth clients can use this endpoint to query the OAuth authorization server and request details about the access tokens issued by the server. For example, determining if the token is still active or accessing additional information about the token.
This lab demonstrates how to configure and use the OAuth 2.0 token introspection endpoint.

Certification campaigns are a formal process that automates the periodic review of a given relationship. They enable critical access decisions by nontechnical line of business managers.
IGI supports five different certification campaign types.

  • User assignment - Review individual user entitlements
  • Organization unit assignment - Assess where entitlements are visible
  • Risk violation mitigation - Review unmitigated risk violations
  • Entitlement - Examine the contents of each entitlement
  • Account - Review account access for target applications under management

Certification campaigns are created and configured by the IGI Administrator in Access Governance Core, and then executed by reviewers, using the Service Center.
This lab lets you practice a complete and fully functional user assignment certification campaign.

This lab demonstrates steps to configure the Access Manager reverse proxy to redirect the authentication process to an EAI application.

In this lab, you configure HTTP transformation rules to modify HTTP requests and responses passing through the reverse proxy junctions.

The Federated Directory Server(FDS) admin console provides synchronization services from one or more source systems to the target directory. The Directory Server instance that runs on the Virtual appliance is the default core centralized or target repository for Federated Directory Server. This lab guides you through the configuration of the FDS that uses an LDIF file as a source. This is done through the FDS admin console.

QRadar SIEM comes already configured to prepare raw events from the most common software and network devices for event correlation. In this lab, you use the DSM Editor to configure QRadar SIEM to parse, normalize, name, and categorize events from an uncommon source.

NEW

IBM Access Manager Version 9.0.4 provides new features and extended functions for OpenID Connect (OIDC). The configuration and management tasks for the OIDC Providers and Relying Parties are enhanced. You configure the OIDC Provider through the API Protection interface. Relying Party federations use a new federation wizard that supports capabilities that complies with the OIDC specifications.
This lab demonstrates how to set up the OpenID Connect federation using IBM Access Manager 9.0.4. The lab provides two AM appliances: iam1 and iam2. The iam1 appliance is used as an OpenID Connect Provider (OP) and the iam2 appliance acts as a Relying Party (RP). The live mobile demo application running on the Relying party appliance is used for verifying the federation capabilities.

Version 1.0

IRLP code: SEC9604

NEW

This course provides a lab setup and step-by-step instructions on how to set up the SAML 2.0 federation using IBM Access Manager. You configure one of the Access Manager appliances as a SAML 2.0 Identity Provider and another one as a SAML 2.0 Service Provider.

The built-in demo application running on the Service Provider appliance is used to verify federation.

In this lab, you configure Access Manager V9.0.3 to facilitate authentication to the WebSphere Liberty application using JSON Web Tokens (JWT).


This lab provides a sample configuration that enables Liberty application to authenticate and authorize against the Access Manager LDAP user registry using an LTPA cookie.

You use the Privileged Session Gateway feature in IBM Privileged Identity Manager (PIM) to securely administer SSH-based resources through a web browser without installing client applications such as Putty, RDP, or Privileged Access Agent on your workstation. You can initiate, list, and end SSH sessions using the PIM Self Service web console. The privileged identity sessions are recorded using the PIM session recorder for auditing, security forensics, and compliance.

In this lab, you learn how to configure and use the Privileged Session Gateway feature in PIM V2.1. You first deploy the privileged session gateway image on the Docker host and specify the location of the gateway image in the PIM appliance console. Then, you log on to the PIM Self-service web console, check out a privileged credential for an SSH-based Linux system, and connect to the terminal shell session on the system. You also play back the session using the privileged session recorder.


This lab provides brief introduction to IBM Access Manager V9 Platform administration. You learn how to configure and use IBM Access Manager V9.0.3 Platform module for web access management.

In this lab, you set up an Active Directory as a Federated directory. Then, you configure the Active Directory users as Basic users in Access Manager.

This lab covers how to use the user certificates issued by a trusted authority for the client certificate authentication. It also demonstrates step-up authentication using client certificate as a second level of authentication.

In this lab, you will build the reverse proxy junctions and use various options to pass identity information through headers.

IBM Access Manager supports device fingerprinting to allow tracking of a user across multiple devices and browsers.
This lab provides steps to configure Advanced Access Control policies to register a client device or browser using one-time password (OTP) sent to a user's email address.
The user is allowed access once OTP verification is complete.
The lab demonstrates silent and consent-based device registrations. It also covers how administrators and end users can manage device fingerprints.

Version 1.0

Duration: 1 hour 30 minutes

IRLP code: SEC9753

In this lab, you learn how to implement context-based access (CBA) using FORM (POST) parameters. You configure an access policy that detects high-value transactions based on a certain POST parameter in a web form and prompts for step-up authentication. The step-up authentication requires the users to provide a counter-based HMAC one-time password (HOTP).

You generate the OTP either using the OTP Generator demo application provided in the lab or by using a mobile app on your phone, for example, IBM Verify or Google Authenticator.

In this lab, you learn how to implement context-based access for a mobile application using REST (JSON) parameters. You configure an access policy that detects high-value transactions using a certain attribute in the JSON payload and prompts for step-up authentication. The step-up authentication requires the users to provide a time-based one-time password (TOTP).
You generate the OTP either using the OTP Generator demo application provided in the lab or by using a mobile app on your phone, for example, IBM Verify or Google Authenticator.

In this lab you create a replication topology. You do this by creating and configuring directory server instance idspeer2 that will serve as a second master in the peer to peer replication. (first master is idspeer1. You also create and configure a standalone instance idsalone that will be a forwarder from idsrepl1 and a partial replica of the o=sample subtree.

Guardium Data Security policies help flag suspicious database activity. By configuring policy rules to ignore trusted database activity, you can reduce the load on the network and Guardium managed units.

In this lab, you create a policy with rules to discard trusted activity and to flag untrusted activity.

This hands-on lab is targeted towards Guardium users and administrators who maintain database security policies. It will take approximately 30 minutes to complete.

Using IBM Guardium, you can create policies to monitor access to unstructured data, such as that found in files, as well as structured data, such as that found in databases. In this lab, you learn how to create and install policies to monitor files. Then you modify the FAM policy and add a rule that prevents a group of users from copying a file.

IBM Guardium gathers a large amount of data about your database environment. Queries probe this data, while reports display this data in an easily viewable format.

In this lab, you will create a simple query and a report based on that query.

This hands-on lab is targeted towards Guardium users and administrators who create and maintain reports. It will take approximately 30 minutes to complete.


Guardium 10.1.4 provides a new group builder application which provides powerful tools for populating group members and allows you to see which resources use a given group.

In this exercise, you learn to how to build and populate the Guardium groups.

This hands-on lab is targeted for IBM Guardium users and administrators who need create and maintain groups. The lab will take approximately 30 minutes to complete.

In this lab, you build an IBM Security Directory Integrator change detection solution. This is an AssemblyLine that reads a CSV file, then uses the SDI delta mechanism to propagate changes into an IBM Security Directory Server LDAP and keep LDAP users’ data up to date. You run the AssemblyLine a number of times in order to explore different change detection use cases.

Guardium Data Security policies help flag suspicious database activity and events.

In this lab, you create a policy with rules to flag events where a database user has failed at multiple attempts to login during a short duration of time.

This hands-on lab is targeted towards Guardium users and administrators who maintain database security policies. It will take approximately 30 minutes to complete.


Overview

For each incoming event and flow, QRadar SIEM evaluates rules to test for indicators that suggest an attack or policy violation. In this lab, you learn how to create custom rules, building blocks, custom event properties, and a reference set to detect an example suspicious activity.


Objectives

  • Create and use custom event properties
  • Create and use a reference set
  • Add tests to new custom rules and building blocks
  • Leverage function tests
  • Configure rule actions and responses


Duration

1 hour


Course Version

1.0


SEC9766


In this lab, you create an IBM Security Directory Integrator AssemblyLine that generates a report for each user from IBM Security Directory Server who is the member of the LDAP group. LDAP groups included in the report are determined based on the value of the external property.

IBM provides comprehensive data encryption capabilities to help protect your data whereever it resides—on-premises, in the cloud, in multiple clouds, or in hybrid environments. This session will focus on IBM Multi-Cloud Data Encryption, specifically for cloud and hybrid data protection. Learn how to configure policies for file and folder encryption, as well as how to deploy agents to encrypt and decrypt data.

Presented by:

  • Rinkesh Bansal, IBM

IBM BigFix Compliance enforces continual security compliance throughout your organization for all managed endpoints across the corporate network. BigFix enforces continuous configuration compliance with security and regulatory policies on every endpoint including out-of-the-box support for PCI-DSS, DISA STIG, and more.

This lab addresses compliance through the creation of custom check lists, check list deployment, compliance review, and remediation of non-compliant systems. Compliance Analytics is also addressed through the use of operational tasks, in-depth reporting and customization, remediation, exception determination, and the provisioning of users and roles.

This video demonstrates the API used to send the web services calls that generate the Advanced Threat Protection (ATP) type of security event alerts. This video is part of the XGS Advanced Topics course (IS680). It represents exercise five in Unit 06.

The IBM Security App Exchange is a collaborative platform that can help integrate and utilize the collective knowledge of security professionals through code sharing.  The App Exchange offers enhancements and integration between IBM Security products, and can include other security vendors, such as Trend Micro, Cisco, Qualys, and so on.
The majority of the security integration offerings today is available for the IBM® QRadar® product line.  The IBM Security App Exchange provides an expanded hub of QRadar content. IBM QRadar provides a RESTful API that allows access to the QRadar resources and data.

This lab guide demonstrates the tools that can help you to develop new apps for QRadar.  You can use two type of tools for your app development:

  • QRadar App Editor
  • QRadar SDK

The labs are using IBM QRadar Community Edition, or IBM QRadar CE.


This course teaches you how to take advantage of the information posted in IBM X-Force Exchange (XFE) platform by using the API, curl tool, and python language.

The course also demonstrates integration between XFE and QRadar SIEM using XFE SDK and direct integration or Threat Intelligence Application and TAXII endpoints.


Objectives

  • Learn how to leverage the X-Force Exchange API, curl tool, and python scripts to pull threat data from the X-Force Exchange platform
  • Install the Threat Intelligence app in QRadar SIEM
  • Test the API using online documentation
  • Use curl commands and the X-Force Exchange API documentation to simulate browser requests
  • Write a python script that uses X-Force Exchange API code
  • Use TAXII feeds, collections, and the QRadar Threat Intelligence app to integrate the X-Force Exchange API and QRadar SIEM
  • Configure threat data feeds to monitor and detect ransomware outbreaks

Application programming interfaces (APIs) can greatly increase the functionality of the IBM Network Protection (XGS) appliance. In this course, you learn about the structure of the XGS appliance and how to use APIs that send management commands and APIs that send alerts to communicate with the appliance. This unit describes general web services commands or methods and how to create them using the cURL utility. You also learn to use the web services API to manage the appliance. Finally, you learn about using APIs to send alerts to third-party advanced threat protection (ATP) agents.

In production environments, it is not uncommon for enterprise firewall rules to be put in place that accidentally step on another team’s requirements, or for desktop clients to be updated and close ports that were once open. This exercise simulates a network change that disrupts some endpoint management services by re-enabling the Windows firewall and disabling specific rules.  It also walks you through troubleshooting methods to identify such communication outages.

In this scenario, managed clients that are successfully registered and managed are no longer updating in the Console. In this lab, you will force the environment to fail, generate updates for the endpoints, diagnose why the clients are not updating, and remediate the issue.

In this lab, a patch is deployed to a client but fails on a specific client. Once investigated, it appears that the file used by the patch exists in the download cache on the server, but is corrupted You will replace the corrupted patch and verify that BigFix applies it.

In this lab, you use the IBM BigFix Patch content to assess the number and types of patches that are required in the enterprise. You apply a Windows security patch and then roll back that patch.

In this scenario, it is determined from practical use that the BigFix server that has license updates, subscribed sites, and content within those sites is no longer able to update content. You check various aspects of the server and its connectivity to determine the root cause.

IBM Directory Integrator (IDI) is a generic data integration tool suitable for a wide range of scenarios that usually require custom coding and significantly more resources than traditional integration tools. In this lab, you learn how to create an AssemblyLine that reads a CSV-formatted file and logs the information in the IDI console.

IBM Directory Suite is provided as a virtual appliance (virtual machine). A virtual appliance is a pre-configured virtual desktop environment. In this lab you explore IBM Directory Suite graphical management interface also known as LMI (Local Management Interface) and a command-line interface (CLI).

This lab demonstrates bidirectional integration of IBM® QRadar® SIEM and IBM® Guardium®.  QRadar SIEM collects the logs from various devices in enterprise networks.  The logs are received through connectors called Device Support Module (DSM).  QRadar has a DSM for Guardium. That DSM enables QRadar to receive and process logs from Guardium.

Alternatively, Guardium has an API that provides an option for QRadar to react to certain events detected by QRadar, and send Guardium those commands to adjust the database policy to properly react to the event.  For example, if QRadar detects that the source IP from an internal network is communicating with an IP address classified as the Botnet Server, it can send a command to Guardium to block any access to the database from the same IP address.  The call from QRadar to Guardium can be done using the Custom Actions feature of QRadar or using IBM Security Directory Integrator® (IDI) that acts as the proxy; transforming various events from QRadar into Guardium API calls.

This IDI solution uses custom developed code that IBM provides as-is without any support and maintenance commitments. You can download the code from the Security Learning Academy in the Additional Resources section of this course.


In this lab you learn the fundamental administrative tasks to set up a MaaS360 portal account to manage organizations bring your own device (BYOD) and corporate owned mobile devices. The first portal account that you create is a service administrator account that has all the access required to configure MaaS360 for your organization. There are also exercises to enroll devices.

This lab targets administrators who must configure IBM MaaS360 to manage and secure mobile apps. You learn how to use MDM policies and compliance rules to enforce application compliance. Application compliance can include restricting mobile apps, requiring mobile apps, and whitelisting mobile apps on managed devices. You also learn how to build an enterprise app catalog and distribute apps to mobile devices.

In addition to MDM controls for mobile apps, MaaS360 provides comprehensive data loss prevention controls for the content mobile apps access, using WorkPlace Persona policies. In these exercises, you learn how to configure WorkPlace Persona policies to restrict data leaks from enterprise apps that are wrapped with MaaS360 WorkPlace policies.

In this lab session, you learn how to use the MaaS360 portal workflows to support a mobile enterprise.  As a help desk administrator you might have access to all MaaS360 workflows or a subset of workflows based on your access roles. In the lab, you learn how to set up and use key configurations such as security policies, compliance rules, enrollment requests, and device groups. You use workflows such as apps and docs to push content to devices, and then use device inventory and actions to manage devices.  In order to understand how users enroll and use the MaaS360 app on devices, you enroll an Android device in MaaS360.

In this lab session, you learn how to use the MaaS360 portal workflows to support a mobile enterprise.  As a help desk administrator you might have access to all MaaS360 workflows or a subset of workflows based on your access roles. In the lab, you learn how to set up and use key configurations such as security policies, compliance rules, enrollment requests, and device groups. You use workflows such as apps and docs to push content to devices, and then use device inventory and actions to manage devices.  In order to understand how users enroll and use the MaaS360 app on devices, you enroll an iOS device in MaaS360.

The tasks in these exercises demonstrate how IBM Network Protection Manager (NPM) is used to monitor the registered XGS agents in your network. The main features this product offers are: the ability to search and filter information related to agents, policies, and signatures; apply policy changes directly to the agents; and verify the agents’ status.

This lab shows how to navigate the SiteProtector Console and how to identify key components such as views, menus, and resources.

In this lab, you will use IBM i2 Analyst's Notebook to customize person entities using substitution files in the import specification.

In this course, you will learn about ingesting data into the i2 Analyze Information Store.  This covers how to populate staging tables, how to create a mapping file, as well as, how to run the data ingestion command.

Data that is stored within IBM i2 Analyze is secured on a need to know basis. The security model allows you to determine the type of access groups of users will get.

An IBM i2 Enterprise Insight Analysis (EIA) system comprises of a number of components that you must configure before data can be ingested. Staging tables have to be created and mapping files will need to be defined in order to ingested data into the Information Store. EIA comes with example files and data to assist with these tasks as well as ingestion commands to get data into the Information Store. 

This is a standalone lab, that will walk you through exercises needed to manually import data into iBase and search for that data via the Base Connector.

As part of an IBM i2 Analyze deployment, a Connector Creator provides a mechanism for providing users with access to external data. The external data becomes available in the Intelligence Portal in a new tab that users can select and interact with as well as customize. This lab will introduce you to the Connector Creator, its components, and the installation process.

i2 Enterprise Insight Analysis (EIA) is an enterprise intelligence analysis solution that facilitates information sharing and intelligence production. This course will cover the deployment of an EIA product, specifically the process of updating and deploying a custom schema.

You will also learn how to edit or update an existing schema using the Schema Designer. This course will also walk you through the process of ingesting data in the EIA Information Store from an external data source.

In this course, you will deploy IBM i2 Analyze, which is part of the Enterprise Insight Analysis (EIA) solution. i2 Analyze provides the collaboration and search services in EIA.  You will create an example Opal deployment that includes the Information Store that is connected to use the i2 Analyze Opal services. After you deploy the Information Store, you can access the data that it contains by using Analyst's Notebook Premium (ANBP).  You will also learn to configure Quick Search and Visual Query.

i2 Enterprise Insight Analysis (EIA) is an enterprise intelligence analysis solution that facilitates information sharing and intelligence production. This course will walk students through an example implementation on how data from an external source, in this case QRadar,  data can be extracted, transformed, and loaded in the i2 Enterprise Insight Analysis (EIA).

This course is intended for users who want to programmatically extract data on-demand from the QRadar ariel database and add it to the i2 EIA Information Store. 

As part of an IBM i2 Analyze deployment, an iBase connector provides a mechanism for providing users with access to an IBM i2 iBase database. The database becomes available in the Intelligence Portal as a data source that users can select and interact with.

There are two reasons for integrating iBase with a deployment of i2 Analyze. One reason is that you already have an iBase deployment, and you want to retain your data and your data model as you upgrade or migrate to i2 Analyze. The other reason is that you already have a deployment of i2 Analyze 4.1, and you want to use iBase as a way to ingest data from other data sources.

Note: This is an online, interactive lab. You will download and follow the lab guide using the associated elab. The elab will be available for 4 hours of runtime so be sure to set aside enough time to complete the lab in one setting. You will only have access to the lab for a 5 day period from when you start the lab.

SEC9765

Identity Governance and Intelligence enforces segregation of duties (SoD) checks, based on relationships established between the Business Activities (BA) layer and the Role-Based Access Control (RBAC) model.

Companies invest in roles to better model “who-can-do-what”, while auditors do not trust roles; they trust user permissions and assignments. Except for simple scenarios, the number of permission and role combinations to review becomes unmanageable quickly. In this scenario, it is difficult to conduct SoD analysis using roles.

This video and lab demonstrate how Identity Governance and Intelligence enforces segregation of duties (SoD) checks, based on relationships established between the Business Activities (BA) layer and the Role-Based Access Control (RBAC) model.

IBM Identity Governance and Intelligence (IGI) is a network appliance-based integrated identity governance solution. This solution employs business-centric rules, activities, and processes. It empowers line-of-business managers, auditors, and risk managers to govern access and evaluate regulatory compliance across enterprise applications and services.

IGI has a robust and intuitive user interface, divided into two areas. Administration Console is reserved for administrators. Service Center is where the applications for business users are contained.

This lab provides a brief tour of the available applications to help you become familiar with the IGI user interface. Feel free to explore each of the applications in depth and work with the data in any way you like. This is a live and fully functional copy of IGI with more than 2300 sample user records.

In the IBM Identity Governance (IGI) and Intelligence data model, an entitlement identifies a structured set of permissions. Permissions grant to users accesses the resources of an organization. Permissions often have obscure names that make it difficult to understand what they really represent. For these reasons, permissions are grouped into named roles in IGI.

IBM Identity Governance and Intelligence offers a number of approaches for role management, role definition, role consolidation and role mining.

In the role definition approach, the administrator defines a role upon existing knowledge of what that role should contain, simply by adding permissions and other roles. In a role consolidation, you replace a set of common entitlements with a more easily understood role. In role mining, you search for prospect roles in the business organization by seeing what entitlements have already been assigned to users in similar roles leveraging the advanced role mining features of Identity Governance and Intelligence.

This video and lab guides you to discovering the approaches that IGI offers for role management.

In this lab, you will learn how to deploy a test environment that integrates IBM MaaS360 and IBM Cloud Identity Essentials with a third-party SaaS (cloud) application.

Directory Server is now a part of the Directory Suite, and the instance of the Directory Server runs on the Appliance. This lab explains the process on how to populate the Directory using an LDIF file. It shows how to upload the LDIF file into the Appliance through an LMI (Local Management Interface), and then import the data into Directory Server using command-line interface (CLI).

This course guides you through the design, installation, and configuration phases of SiteProtector. You learn how to plan your installation depending on the size of your organization and the correct steps to perform a successful installation and you are also shown an overview of the SiteProtector appliance. We will show you how to begin navigating the SiteProtector Console and one of the first tasks you should perform as a Security Administrator of a new installation: organize your network assets.

This lab will provide insight into the initial deployment of a BigFix Platform infrastructure that is lacking an Internet connection, also referred to as an airgapped server, and integration with an LDAP server. As part of the installation, you will deploy the server components onto a Red Hat Enterprise Linux server, it's local supporting DB2 database server, in addition to installing two Windows clients, a SUSE client, and you will learn the basics on operator account management.

The Enterprise Gateway is a downloadable module of the MaaS360 Cloud Extender that provides secure access to behind the firewall resources from mobile devices. The Enterprise Gateway works hand in hand with the MaaS360 Secure Mobile Browser and MaaS360 SDK-enabled apps, which include the MaaS360 App itself. In this lab, you configure the Enterprise Gateway module to provide secure access to intranet sites and Windows Files Share. You configure WorkPlace Persona policies to enable the Secure Mobile Browser and Enterprise Gateway access. You also learn testing and troubleshooting techniques in this lab using the MaaS360 portal and mobile devices.

The MaaS360 Cloud Extender is a lightweight software module that you install in your environment. You use the Cloud Extender to integrate MaaS360 with your behind the firewall corporate resources. In this lab you set up the MaaS360 Cloud Extender to integrate with Active Directory (AD) using LDAP. You configure the User Authentication module to support self-service enrollment so that device users can enroll in MaaS360 using their corporate credentials. You configure the User Visibility module to import users and groups into Maas360 from AD. You can use these users and groups to assign policies and distribute corporate content. Taking advantage of an existing directory service eliminates the need for administrators to create local users and groups in Maas360. You also learn testing and troubleshooting techniques in this lab using the MaaS360 portal and mobile devices.

This learning module demonstrates the integration of IBM Guardium and IBM IGI products to support the GDPR compliance initiative on structure data. The solution provides a custom developed AssemblyLine that runs in IBM Directory Integrator (IDI), and an IBM Identity Governance and Intelligence (IGI) Custom Adapter that requires IBM Directory Server and IDI to run.

The integration goal is to identify GDPR sensitive data using a provided sample database using IBM Guardium. Guardium then exports a report that contains users who have access to tables with GDPR relevant data. Then, the IGI Custom Adapter imports these reports into IGI for further compliance and access management.

The course provides a lab environment where the integration can be tested and demonstrated.

Also, if you do not have time to run the lab, you can review the videos that demonstrate all steps in the lab.

The additional learning section provides a custom AssemblyLine and a custom IGI adapter as-is with no IBM support. You can provide feedback to the Security Learning Academy if you have any issues with the code.

In this lab, your learn how to configure MaaS360 to integrate with Google Accounts Enterprise in order to enable and manage Android for Work Profile Owner (PO) devices in MaaS360. You configure the service and deployment settings in the MaaS360 portal, review Android for Work policy configurations and approve Google work apps to be distributed through MaaS360. You also generate an enrollment request for Android for Work devices, enroll in MaaS360, and activate Android for Work PO on a device.

IBM MaaS360 is a comprehensive mobile management and security solution for devices, applications, and content. In this module, you learn how to set up a MaaS360 organization account using the MaaS360 portal. You learn to navigate the portal and use portal workflows to complete account configuration and begin managing your mobile enterprise. Duration: 3 hr 40min (Lecture), 90 min (Exercises)



In this advanced lab, you learn how to configure Advanced Laptop and Desktop management services. You manage and distribute Windows patching and app updates for Windows 7 and Windows 10 devices using MaaS360's Unified Endpoint Management capabilities powered by both MaaS360 and BigFix in the IBM Cloud. You learn how to configure settings and review collected data to ensure your devices are secured against risk, threats, and vulnerabilities.

IBM MaaS360 is a comprehensive mobile management and security solution for devices, applications, and content. In this module, you learn how to use MaaS360 to manage and secure the mobile apps for your enterprise.You learn how to build an enterprise app catalog using the MaaS360 portal and distribute the app catalog to mobile devices. Duration: 1hr 15min (Lecture), 1 hr (Exercises)

In this training, you learn about the Cloud Extender Certificate Integration module that you can use to integrate cloud- and on-premises-based certificate authorities with IBM MaaS360 for advanced authentication schemes.

In this training module, you learn how to integrate MaaS360 with corporate resources using the Cloud Extender’s Enterprise Gateway module.


In this training module, you learn how to integrate MaaS360 with Active Directory and LDAP based corporate directory services to leverage your existing authentication infrastructure.


In this training module, you learn how to integrate MaaS360 with Active Directory and LDAP based corporate directory services to leverage existing corporate directory users and groups for policy assignment, content, and app distributions.

IBM MaaS360 is a comprehensive mobile management and security solution for devices, applications, and content. MaaS360 supports both single-customer organization accounts and multitenant hierarchy accounts. Hierarchy accounts enable IBM Business Partners to cobrand and manage the MaaS360 service for many tenants. This module provides an introduction to the MaaS360 multitenant architecture and supported hierarchies for various delivery models that can be exploited by service providers, resellers, and distributors. You learn how to set up a multitenant hierarchy account, navigate the portal using a hierarchy account, and provision and manage your tenants. Duration: 2 hours


IBM MaaS360 Operations and Troubleshooting describes the common administration tasks that should be considered by administrators responsible for supporting the operation of an IBM MaaS360 mobile enterprise. In addition, there are troubleshooting techniques that administrators and support can use to aid in problem determination. The end user portal features are described and demonstrated to help organizations understand how users can take advantage of self- help actions to alleviate help desk and support calls. Finally, there are Frequently Asked Questions (FAQs) in the course guide. The FAQs are not recorded but they are available in the course guide because it’s expected they will be updated frequently. The module includes recorded lecture, demonstrations and a student guide.

IBM MaaS360 is a comprehensive mobile management and security solution for devices, applications, and content. This module explains MaaS360 product capabilities, architecture, and integration points. You learn how to scope, plan, and evaluate deployment strategies for your enterprise mobility implementation.

Duration: 2 hours lecture, 1 hour exercises

In this module, you learn the MaaS360 Productivity Suite features that can be used to protect your organization’s corporate content on mobile devices. You learn how to configure services and security settings in the MaaS360 portal with a focus on the WorkPlace Persona policy. You also learn how to build a Content Library and distribute content to devices. Duration: 70 min (Lecture), 60 min (Exercises)

In this course you learn how to implement MaaS360 Unified Endpoint Management (UEM) for Windows devices, using modern API management.  You learn how to configure services and enroll Windows 10 devices, configure Windows MDM policies, build and distribute a MaaS360 App catalog with Windows apps, and create  Maas360 alerts and configure compliance rules.

In this lab, you explore how to use IBM BigFix Lifecycle to manage your computers through their entire lifecycle. You use multiple Lifecycle applications during these exercises including asset discovery and inventory, software distribution, and remote desktop control.

The lab gives an overview of the available APIs that can be used to manage IBM Security Network Protection and send alerts to it.

IBM MaaS360 is a comprehensive enterprise mobility platform. With MaaS360, IT departments can deliver end-to-end security and management for applications, documents, email, and devices. It provides employees with secure access to corporate resources and information from their mobile devices, without compromising the user experience, data security, or privacy. MaaS360 simplifies the process by providing everything that you need to securely manage all your mobile assets from an on-demand, intuitive portal.

In this lab session, you learn how to manage mobile devices with MaaS360 and enhance mobile user security and productivity. This lab is a basic introduction to managing Android mobile devices with MaaS360. If you are a mobile security administrator or mobile security consultant, there are several in-depth training courses on the IBM Security Learning Academy that you can take to broaden your MaaS360 skills.
Note: Download the MMS_Labfiles.zip file to your desktop and extract the files. The files are required to complete the lab.

IBM MaaS360 is a comprehensive enterprise mobility platform. With MaaS360, IT departments can deliver end-to-end security and management for applications, documents, email, and devices. It provides employees with secure access to corporate resources and information from their mobile devices, without compromising the user experience, data security, or privacy. MaaS360 simplifies the process by providing everything that you need to securely manage all your mobile assets from an on-demand, intuitive portal.

In this lab session, you learn how to manage mobile devices with MaaS360 and enhance mobile user security and productivity. This lab is a basic introduction to managing iOS mobile devices with MaaS360. If you are a mobile security administrator or mobile security consultant, there are several in-depth training courses on the IBM Security Learning Academy that you can take to broaden your MaaS360 skills.
Note: Download the MMS_Labfiles.zip file to your desktop and extract the files. The files are required to complete the lab.

In this lab, you become familiar with the Guardium interface. You also learn how to classify data in your database environment. You create a new classification policy that searches for credit card numbers and populates the Sensitive Objects group with the table name and column name for each detected incident.

IBM Security QRadar includes rules that detect a wide range of activities, including excessive firewall denies, multiple failed login attempts, and potential botnet activity. You can also create your own rules to detect unusual activity.  Custom rules customize default rules to detect this suspicious activity in your network.

Use IBM QRadar Apps to extend and enhance your current QRadar deployment with new data and ready-to-use use cases.  A QRadar app is a means to augment and enrich your current QRadar system with new data and functionality. You can download and install other shared apps that are created by IBM, its Business Partners, and other QRadar customers.

This lab walks you through exporting get_logs from:

  • QRadar SIEM's user interface, or
  • the QRadar server.
The get_logs collect logs so you can troubleshoot issues on your own or you can provide  to IBM QRadar Support for assistance with troubleshooting issues.

Overview

These labs walk you through advanced troubleshooting for the QRadar software and architecture.

In this set of labs, you will learn how to enable debug logging, and, how to obtain disk space and environment information.

Note: This is an online, interactive lab. You will download and follow the lab guide using the associated elab.


Objectives

  • Enable and disable debug logging
  • Obtain disk space and environment information

Duration
45 min

Course Revision
1.0

Overview

These labs walk you through advanced troubleshooting for the QRadar software and architecture.

In this set of labs, you will learn how to get processing statistics from the Custom Rules Engine (CRE), determine which processes are using the most QRadar resources, and, create roll up values for time series graphs.

Note: This is an online, interactive lab. You will download and follow the lab guide using the associated elab.


Objectives

  • Troubleshoot processing issues by using scripts that let you get processing statistics from the CRE and find out what process are using the most QRadar resources.
  • Troubleshoot issues with accumulated data which is used by reports and the time series graphs used in the Dashboard, Log Activity, and Network Activity for aggregated searches.

Duration
45 min

Course Revision
1.0

Overview

These labs walk you through advanced troubleshooting for the QRadar software and architecture.

In this set of labs, you will learn how to configure a Device Support Module (DSM) for an unknown log source.

Note: This is an online, interactive lab. You will download and follow the lab guide using the associated elab.


Objectives

  • Configure the DSM for an unknown log source by using the QRadar console.

Duration
60 min

Course Revision
1.0

This lab instructs you on how to discover web application security vulnerabilities using AppScan Enterprise's dynamic scanning agent.


This lab guides you through running your first scan with AppScan Source. You will learn how to configure a scan, review the results, and generate reports.


This lab guides you through running your first AppScan Standard scan. You will learn to configure your scan, read the results, and generate reports from the scan.

This lab covers the following three main OAuth 2.0 workflows supported by IBM Access Manager: Authorization code, Implicit grant, and Resource owner password credentials (ROPC).

In this lab you learn how to manage and secure Windows 10 devices using MaaS360 Unified Endpoint Management capabilities and MDM APIs.

In this lab, you use ACLs, POPs, and authorization rules to control access to the web content.

This lab covers the cluster setup configuration for IBM Access Manager. In this lab, you learn how to set up a cluster environment for IBM Access Manager, including these tasks:

• Configure the system runtime environment on the machines in the cluster

• Configure reverse proxy settings on the machines in the cluster

• Configure the cluster settings


This lab demonstrates how to set up management authentication and authorization for IBM Access Manager. You learn how to configure external authentication and authorization using LDAP. You also verify that the different user groups can authenticate with Access Manager and then test the user’s authorizations.


Version: 1.1

IRLP Code: SEC9742

IBM Privileged Identity Manager (PIM) is a software solution that you use to centrally manage, audit, and control shared identities across your enterprise. Shared identities are accounts that are used by multiple people. Many shared identities are powerful administrative accounts with elevated privileges. Those shared accounts are often called privileged identities. PIM is able to manage all types of shared and privileged identities.

In this lab, you learn how to configure, use, and monitor shared privileged accounts using PIM V2.1. You first set up shared credentials, credential pools, and shared access policies. Then, you use the shared credentials and the privileged session recorder playback console.


The tasks in these exercises explain how the appliance uses the TLS/SSL protocol when traffic is encrypted to enforce network access rules and perform deep packet inspection. The appliance decrypts traffic going from a user-controlled network to the Internet (outbound SSL connection) differently from the traffic coming in from the Internet into a user-controlled network.

The majority of the policies are managed by SiteProtector, except a few where you must use the XGS browser interface called the local management interface (LMI).

Advanced persistent threat (APT) attacks are in the news because, by using advanced sophisticated techniques, attackers stay stealthy after the initial break-in and usually steal millions of confidential and personal sensitive information. These videos describe the anatomy of APT attacks and where in the attack process XGS can be helpful.

In this lab, you learn how to use IBM BigFix Patch to apply patches to Linux based systems across the enterprise through practical, end-to-end, hands-on experience. The exercises in this lab session demonstrate how to leverage the BigFix Patch offering on Linux clients.

In these exercises, you use the IBM BigFix Patch content to assess the number and types of patches that are required in the enterprise. You apply a Windows security patch and then roll back that patch. You also learn how to create patch constraints and offers.

This lab provides a brief introduction to IBM Identity Manager (IIM) 7.0.1.3 administration. You learn how to configure and use IBM Identity Manager for access management. It is suitable for system administrators who manage Identity Manager in an organization.

The lab has three parts. The first part includes administrative tasks such as managing organizational structure, roles, users, services, policies, and approvals. The second part teaches you how to use IIM as an end user to request access and approve the request as a manager. The third part contains Active Directory integration exercises.


The Ariel Query Language (AQL) is a structured query language that you use to communicate with the Ariel databases. You can use AQL to extract, filter, and perform actions on event and flow data that you extract from the Ariel database in IBM Security QRadar. AQL is used for advanced searches to get data that might not be easily accessible from the user interface. This provides extended functionality to QRadar's search and filtering capabilities. In this lab you learn how to utilize AQL for some advanced search tactics inside QRadar SIEM.

Organizations that use IBM Guardium for data security and compliance can take advantage of a rich set of APIs to automate processes and maintain the system in a more efficient manner.

In this unit, you learn how Guardium APIs can speed deployment and automate repetitive tasks such as creating a datasource, updating users, or modifying groups.

File activity monitoring (FAM) includes two major components: the first component discovers and classifies files stored in the file system and the second component is the activity monitor. It extracts the security policy from the appliance and enforces it on file activity in real time.

In this lab, you view the settings necessary to perform file access monitoring, create a dashboard and add a file entitlement report, and then perform some file operations to view how the FAM functionality reacts to changes.

IBM Guardium  provides tools to discover, classify, and build policies for files. 

In this lab, you will use the quick search GUI window to find files that contain sensitive information, select a set of these files, and create a policy that monitors attempts to access these files.

This hands-on lab is targeted to IBM Guardium users and administrators who need to create policies to control access to files which contain sensitive information.

This lab provides a use case describing how companies can use Security Identity Manager self-service to request access to the Internet. The access is controlled with IBM Security Network Protection and Security Directory Integrator is used as the glue to manage user and group membership on the IBM Security Network Protection appliance from the Security Identity Manager.

Course Code: SEC9882

Attacks and policy violations leave their footprints in log messages and network flows of your IT systems. In this lab you learn how QRadar SIEM helps you to minimize the time gap between when a suspicious activity occurs and when you detect it.

To prevent security breaches, QRadar Vulnerability Manager helps your organization detect and evaluate vulnerabilities of your IT systems. In this lab, you learn how to scan for vulnerabilities and how to investigate detected vulnerabilities.

This course demonstrates how IBM X-Force PAM engine works in IBM Security Access Manager (ISAM) appliance. The course is the how-to lab guide with the set of virtual machines that students can explore on they own time.

This video explains how the IBM XGS product enhances the protection of enterprise networks by leveraging research information from IBM X-Force about IP reputation and geolocation. In part, the demonstration shows how those features can be demonstrated in lab setups that use private IP addresses.

In this lab, you configure IBM Access Manager to generate and use JSON Web Tokens (JWTs) as OAuth Access Tokens rather than the standard opaque random string tokens that the OAuth server uses by default. JWTs are self-contained strings signed with a secret key. They contain a set of claims that assert an identity and a scope of access, reducing the need to go back and forth to the OAuth server to retrieve this information.

In this lab, you build an AssemblyLine that reads LDAP group management members, uses the Attribute Loop component to iterate through managers, gathers more information using an additional LDAP lookup, and writes a report.

In this exercise, you learn how to use Switch/Case components in IBM Directory Integrator AssemblyLine.

The user interface (UI) for IBM Identity Manager (IIM), called the Identity Service Center (ISC), is designed to be an easy-to-use interface for managers and end users who might not necessarily have a strong technical background.

You can use the Identity Service Center console to request access, approve access, manage your profile, delegate your activities, view your requests, change passwords, and reset your forgotten password. The Identity Service Center console is highly customizable. You can customize the graphics, icons, and tasks to meet the needs of your organization.

This lab has two parts. The exercises in the first part describe how to use the Identity Service Center console in IBM Identity Manager V7.0.1.3. The second part teaches you how to customize the Identity Service Center console.


Distributed directories are essential to the successful deployment of IBM Directory Server (IDS). IDS provides a robust set of replication options you can use. In this course, you learn how to create two server instances and configure and test a simple replication.

The lab includes the following exercises:


Prerequisites

  • Intermediate / Advanced working knowledge of Directory Server
  • Experience using Linux

Duration: 1hr 30m


Course version: 1.0

In this lab, you create an AssemblyLine with File Management connector that reads image files from one directory (jpg, png or gif), and based on the type of the file move them to the appropriate folder.

A Denial-of-Service (DoS) attack is an attempt to make a machine or network resource unavailable to its users. It causes a network connectivity loss by bandwidth consumption or an overload of the victim's computer resources. There are many kinds of DoS attacks and they operate mostly at layers 3, 4 and 7 of the OSI model. IBM Security Network Protection (XGS), through its Protocol Analysis Module (PAM), is able to detect many of these attacks by parsing the protocols and monitoring the traffic as it passes through its inspection ports. Based on the behavior of the protocols and traffic, PAM is able to detect a specific event associated to these types of attacks and block it by dropping the offending packets and quarantining the attacker.


Course Code: SEC9860