Only a partial course catalog displayed. Please click here to log in to see the complete catalog.


Course Search Results

Found 71 courses tagged with "Think 2018".

This video and hands-on lab provide a real business user experience by guiding you through tasks typically performed by a line-of-business manager who uses BM Identity Governance and Intelligence (IGI) to manage accesses for his team members.

This course demonstrates how IBM i2 Enterprise Insight Analysis (EIA) and IBM i2 Analyst's Notebook can enrich the analysis of an IBM QRadar offense by curating and importing data from several disparate sources into the EIA Information Store. In this use case, data from multiple sources is imported into i2 Analyst's Notebook where you use link analysis to uncover connections and networks among different entities as well as behavior patterns.

Among the topics that you will cover in this course are:

  • Using the Offense Investigator app to bring a QRadar offense into i2 Analyst's Notebook (ANB) and expanding on an offense
  • Connecting to (EIA) from i2 Analyst's Notebook to  to find data using Search and Visual Search tools from the Home toolbar
  • Using Expand and Expand with Conditions to bring linked items from the EIA Information Store into an ANB chart to visualize connections
  • Using i2 Analyst's Notebook analysis tools and the Analyze toolbar features like Search, List Items, Bar Charts and Histograms, Find Connecting Network
  • Bringing data from multiple sources into one analytical investigation to shut down security breaches and to find out who is behind them and why

In this two part lab, you learn how to configure MaaS360 Cloud Extender’s Certificate Integration module to integrate with a Microsoft CA to provision identity certificates for mobile devices. After you set up the Certificate Integration module, you configure the Enterprise Gateway module to use identity certificates for authentication.

In these exercises, you configure Transport Layer Security (TLS) (also known as SSL) communication between IBM Directory Server and IBM Directory Integrator.

The Advanced Access Control (AAC) functionality of IBM Access Manager is not enabled by default. The AAC module must be purchased and activated to enable this functionality.This lab provides procedures to activate and configure the Advanced Access Control module.
Access Manager appliance has a built-in live mobile demonstration application that is useful for demonstrating the AAC use cases. This lab also covers the steps to enable the live demo application.

Course revision - 1.0

SEC9764


IBM Access Manager provides OAuth 2.0 token introspection endpoint to support functions specified in RFC7662. The OAuth clients can use this endpoint to query the OAuth authorization server and request details about the access tokens issued by the server. For example, determining if the token is still active or accessing additional information about the token.
This lab demonstrates how to configure and use the OAuth 2.0 token introspection endpoint.

Certification campaigns are a formal process that automates the periodic review of a given relationship. They enable critical access decisions by nontechnical line of business managers.
IGI supports five different certification campaign types.

  • User assignment - Review individual user entitlements
  • Organization unit assignment - Assess where entitlements are visible
  • Risk violation mitigation - Review unmitigated risk violations
  • Entitlement - Examine the contents of each entitlement
  • Account - Review account access for target applications under management

Certification campaigns are created and configured by the IGI Administrator in Access Governance Core, and then executed by reviewers, using the Service Center.
This lab lets you practice a complete and fully functional user assignment certification campaign.

This lab demonstrates steps to configure the Access Manager reverse proxy to redirect the authentication process to an EAI application.

In this lab, you configure HTTP transformation rules to modify HTTP requests and responses passing through the reverse proxy junctions.

This lab demonstrates how to configure federated single sign-on (SSO) using SAML 2.0 protocol in IBM Access Manager.


Version 1.1

IRLP code: SEC9721

In this lab, you configure Access Manager V9.0.3 to facilitate authentication to the WebSphere Liberty application using JSON Web Tokens (JWT).


This lab provides a sample configuration that enables Liberty application to authenticate and authorize against the Access Manager LDAP user registry using an LTPA cookie.

This lab provides brief introduction to IBM Access Manager V9 Platform administration. You learn how to configure and use IBM Access Manager V9.0.3 Platform module for web access management.

In this lab, you set up an Active Directory as a Federated directory. Then, you configure the Active Directory users as Basic users in Access Manager.

This lab covers how to use the user certificates issued by a trusted authority for the client certificate authentication. It also demonstrates step-up authentication using client certificate as a second level of authentication.

In this lab, you will build the reverse proxy junctions and use various options to pass identity information through headers.

IBM Access Manager supports device fingerprinting to allow tracking of a user across multiple devices and browsers.
This lab provides steps to configure Advanced Access Control policies to register a client device or browser using one-time password (OTP) sent to a user's email address.
The user is allowed access once OTP verification is complete.
The lab demonstrates silent and consent-based device registrations. It also covers how administrators and end users can manage device fingerprints.

Version 1.0

Duration: 1 hour 30 minutes

IRLP code: SEC9753

In this lab, you learn how to implement context-based access (CBA) using FORM (POST) parameters. You configure an access policy that detects high-value transactions based on a certain POST parameter in a web form and prompts for step-up authentication. The step-up authentication requires the users to provide a counter-based HMAC one-time password (HOTP).

You generate the OTP either using the OTP Generator demo application provided in the lab or by using a mobile app on your phone, for example, IBM Verify or Google Authenticator.

In this lab, you learn how to implement context-based access for a mobile application using REST (JSON) parameters. You configure an access policy that detects high-value transactions using a certain attribute in the JSON payload and prompts for step-up authentication. The step-up authentication requires the users to provide a time-based one-time password (TOTP).
You generate the OTP either using the OTP Generator demo application provided in the lab or by using a mobile app on your phone, for example, IBM Verify or Google Authenticator.

In this lab you create a replication topology. You do this by creating and configuring directory server instance idspeer2 that will serve as a second master in the peer to peer replication. (first master is idspeer1. You also create and configure a standalone instance idsalone that will be a forwarder from idsrepl1 and a partial replica of the o=sample subtree.

Guardium Data Security policies help flag suspicious database activity. By configuring policy rules to ignore trusted database activity, you can reduce the load on the network and Guardium managed units.

In this lab, you create a policy with rules to discard trusted activity and to flag untrusted activity.

This hands-on lab is targeted towards Guardium users and administrators who maintain database security policies. It will take approximately 30 minutes to complete.

IBM Guardium gathers a large amount of data about your database environment. Queries probe this data, while reports display this data in an easily viewable format.

In this lab, you will create a simple query and a report based on that query.

This hands-on lab is targeted towards Guardium users and administrators who create and maintain reports. It will take approximately 30 minutes to complete.


Guardium 10.1.4 provides a new group builder application which provides powerful tools for populating group members and allows you to see which resources use a given group.

In this exercise, you learn to how to build and populate the Guardium groups.

This hands-on lab is targeted for IBM Guardium users and administrators who need create and maintain groups. The lab will take approximately 30 minutes to complete.

Guardium Data Security policies help flag suspicious database activity and events.

In this lab, you create a policy with rules to flag events where a database user has failed at multiple attempts to login during a short duration of time.

This hands-on lab is targeted towards Guardium users and administrators who maintain database security policies. It will take approximately 30 minutes to complete.


Overview

For each incoming event and flow, QRadar SIEM evaluates rules to test for indicators that suggest an attack or policy violation. In this lab, you learn how to create custom rules, building blocks, custom event properties, and a reference set to detect an example suspicious activity.


Objectives

  • Create and use custom event properties
  • Create and use a reference set
  • Add tests to new custom rules and building blocks
  • Leverage function tests
  • Configure rule actions and responses


Duration

1 hour


Course Version

1.0


SEC9766


IBM provides comprehensive data encryption capabilities to help protect your data whereever it resides—on-premises, in the cloud, in multiple clouds, or in hybrid environments. This session will focus on IBM Multi-Cloud Data Encryption, specifically for cloud and hybrid data protection. Learn how to configure policies for file and folder encryption, as well as how to deploy agents to encrypt and decrypt data.

Presented by:

  • Rinkesh Bansal, IBM

A follow up to John Adams Open Mic on Full Guardium Appliances, John spends time answering audience questions on that and other topics: Rebooting the appliance, issues with fixes, vulnerabilities, the Discovery engine, high CPU, and various other issues.

This Open Mic Live session was originally broadcast from Think 2018 19-March-2018

John Adams from Guardium Technical Support delivers this Open Mic LIVE at the 2018 Think conference. Part fire extinguisher, part lifejacket, and part how to avoid getting burned in the first place, the information in this Open Mic will help keep you out of trouble and possibly rescue you in the case of full appliance issues.

Agenda:

  • Introduction
  • Detection
  • First Response
  • Getting to Root Cause
  • Questions & Answers

The IBM Security App Exchange is a collaborative platform that can help integrate and utilize the collective knowledge of security professionals through code sharing.  The App Exchange offers enhancements and integration between IBM Security products, and can include other security vendors, such as Trend Micro, Cisco, Qualys, and so on.
The majority of the security integration offerings today is available for the IBM® QRadar® product line.  The IBM Security App Exchange provides an expanded hub of QRadar content. IBM QRadar provides a RESTful API that allows access to the QRadar resources and data.

This lab guide demonstrates the tools that can help you to develop new apps for QRadar.  You can use two type of tools for your app development:

  • QRadar App Editor
  • QRadar SDK

The labs are using IBM QRadar Community Edition, or IBM QRadar CE.


This course teaches you how to take advantage of the information posted in IBM X-Force Exchange (XFE) platform by using the API, curl tool, and python language.

The course also demonstrates integration between XFE and QRadar SIEM using XFE SDK and direct integration or Threat Intelligence Application and TAXII endpoints.


Objectives

  • Learn how to leverage the X-Force Exchange API, curl tool, and python scripts to pull threat data from the X-Force Exchange platform
  • Install the Threat Intelligence app in QRadar SIEM
  • Test the API using online documentation
  • Use curl commands and the X-Force Exchange API documentation to simulate browser requests
  • Write a python script that uses X-Force Exchange API code
  • Use TAXII feeds, collections, and the QRadar Threat Intelligence app to integrate the X-Force Exchange API and QRadar SIEM
  • Configure threat data feeds to monitor and detect ransomware outbreaks

In production environments, it is not uncommon for enterprise firewall rules to be put in place that accidentally step on another team’s requirements, or for desktop clients to be updated and close ports that were once open. This exercise simulates a network change that disrupts some endpoint management services by re-enabling the Windows firewall and disabling specific rules.  It also walks you through troubleshooting methods to identify such communication outages.

In this scenario, managed clients that are successfully registered and managed are no longer updating in the Console. In this lab, you will force the environment to fail, generate updates for the endpoints, diagnose why the clients are not updating, and remediate the issue.

In this lab, a patch is deployed to a client but fails on a specific client. Once investigated, it appears that the file used by the patch exists in the download cache on the server, but is corrupted You will replace the corrupted patch and verify that BigFix applies it.

In this lab, you use the IBM BigFix Patch content to assess the number and types of patches that are required in the enterprise. You apply a Windows security patch and then roll back that patch.

In this scenario, it is determined from practical use that the BigFix server that has license updates, subscribed sites, and content within those sites is no longer able to update content. You check various aspects of the server and its connectivity to determine the root cause.

This lab demonstrates bidirectional integration of IBM® QRadar® SIEM and IBM® Guardium®.  QRadar SIEM collects the logs from various devices in enterprise networks.  The logs are received through connectors called Device Support Module (DSM).  QRadar has a DSM for Guardium. That DSM enables QRadar to receive and process logs from Guardium.

Alternatively, Guardium has an API that provides an option for QRadar to react to certain events detected by QRadar, and send Guardium those commands to adjust the database policy to properly react to the event.  For example, if QRadar detects that the source IP from an internal network is communicating with an IP address classified as the Botnet Server, it can send a command to Guardium to block any access to the database from the same IP address.  The call from QRadar to Guardium can be done using the Custom Actions feature of QRadar or using IBM Security Directory Integrator® (IDI) that acts as the proxy; transforming various events from QRadar into Guardium API calls.

This IDI solution uses custom developed code that IBM provides as-is without any support and maintenance commitments. You can download the code from the Security Learning Academy in the Additional Resources section of this course.


This Open Mic session was broadcast live from Think on 19-Mar-2018

Chris Weber from the IBM Support team delivered the "IBM Security Identity Governance and Administration Data Integrator (ISIGADI) Tips and Troubleshooting" Open Mic LIVE at the 2018 Think conference.

Agenda:

  • Logs and logging settings
  • IGI SDK
  • Creating new IGI admin ID
  • Verify assembly line
  • ISIGtoISIM assembly line
  • Delta assembly line
  • Validate assembly line
  • ISIM person attribute mapping

In this course, you will learn about ingesting data into the i2 Analyze Information Store.  This covers how to populate staging tables, how to create a mapping file, as well as, how to run the data ingestion command.

Data that is stored within IBM i2 Analyze is secured on a need to know basis. The security model allows you to determine the type of access groups of users will get.

An IBM i2 Enterprise Insight Analysis (EIA) system comprises of a number of components that you must configure before data can be ingested. Staging tables have to be created and mapping files will need to be defined in order to ingested data into the Information Store. EIA comes with example files and data to assist with these tasks as well as ingestion commands to get data into the Information Store. 

This is a standalone lab, that will walk you through exercises needed to manually import data into iBase and search for that data via the Base Connector.

i2 Enterprise Insight Analysis (EIA) is an enterprise intelligence analysis solution that facilitates information sharing and intelligence production. This course will cover the deployment of an EIA product, specifically the process of updating and deploying a custom schema.

You will also learn how to edit or update an existing schema using the Schema Designer. This course will also walk you through the process of ingesting data in the EIA Information Store from an external data source.

In this course, you will deploy IBM i2 Analyze, which is part of the Enterprise Insight Analysis (EIA) solution. i2 Analyze provides the collaboration and search services in EIA.  You will create an example Opal deployment that includes the Information Store that is connected to use the i2 Analyze Opal services. After you deploy the Information Store, you can access the data that it contains by using Analyst's Notebook Premium (ANBP).  You will also learn to configure Quick Search and Visual Query.

i2 Enterprise Insight Analysis (EIA) is an enterprise intelligence analysis solution that facilitates information sharing and intelligence production. This course will walk students through an example implementation on how data from an external source, in this case QRadar,  data can be extracted, transformed, and loaded in the i2 Enterprise Insight Analysis (EIA).

This course is intended for users who want to programmatically extract data on-demand from the QRadar ariel database and add it to the i2 EIA Information Store. 

As part of an IBM i2 Analyze deployment, an iBase connector provides a mechanism for providing users with access to an IBM i2 iBase database. The database becomes available in the Intelligence Portal as a data source that users can select and interact with.

There are two reasons for integrating iBase with a deployment of i2 Analyze. One reason is that you already have an iBase deployment, and you want to retain your data and your data model as you upgrade or migrate to i2 Analyze. The other reason is that you already have a deployment of i2 Analyze 4.1, and you want to use iBase as a way to ingest data from other data sources.

Note: This is an online, interactive lab. You will download and follow the lab guide using the associated elab. The elab will be available for 4 hours of runtime so be sure to set aside enough time to complete the lab in one setting. You will only have access to the lab for a 5 day period from when you start the lab.

SEC9765

Identity Governance and Intelligence enforces segregation of duties (SoD) checks, based on relationships established between the Business Activities (BA) layer and the Role-Based Access Control (RBAC) model.

Companies invest in roles to better model “who-can-do-what”, while auditors do not trust roles; they trust user permissions and assignments. Except for simple scenarios, the number of permission and role combinations to review becomes unmanageable quickly. In this scenario, it is difficult to conduct SoD analysis using roles.

This video and lab demonstrate how Identity Governance and Intelligence enforces segregation of duties (SoD) checks, based on relationships established between the Business Activities (BA) layer and the Role-Based Access Control (RBAC) model.

IBM Identity Governance and Intelligence (IGI) is a network appliance-based integrated identity governance solution. This solution employs business-centric rules, activities, and processes. It empowers line-of-business managers, auditors, and risk managers to govern access and evaluate regulatory compliance across enterprise applications and services.

IGI has a robust and intuitive user interface, divided into two areas. Administration Console is reserved for administrators. Service Center is where the applications for business users are contained.

This lab provides a brief tour of the available applications to help you become familiar with the IGI user interface. Feel free to explore each of the applications in depth and work with the data in any way you like. This is a live and fully functional copy of IGI with more than 2300 sample user records.

In the IBM Identity Governance (IGI) and Intelligence data model, an entitlement identifies a structured set of permissions. Permissions grant to users accesses the resources of an organization. Permissions often have obscure names that make it difficult to understand what they really represent. For these reasons, permissions are grouped into named roles in IGI.

IBM Identity Governance and Intelligence offers a number of approaches for role management, role definition, role consolidation and role mining.

In the role definition approach, the administrator defines a role upon existing knowledge of what that role should contain, simply by adding permissions and other roles. In a role consolidation, you replace a set of common entitlements with a more easily understood role. In role mining, you search for prospect roles in the business organization by seeing what entitlements have already been assigned to users in similar roles leveraging the advanced role mining features of Identity Governance and Intelligence.

This video and lab guides you to discovering the approaches that IGI offers for role management.

In this session presented live at Think 2018, we review the framework built to leverage IBM Security Access Manager (ISAM) REST APIs using Python/Ansible to fully automate all changes to ISAM. This provides an overview for new customers and assists those who are already leveraging this approach.

This Open Mic was presented LIVE at Think 2018 and covered use of the REST APIs with IBM Security Identity Manager.

IBM Security Identity Manager (ISIM) product experts answered client questions about identity and governance during this Security Learning Academy Live session at Think 2018, 19 March 2018.

IBM Cloud Identity Connect is a non-disruptive IDaaS solution that bridges on-premise Identity and Access Management to the cloud. This instructor-led, hands-on lab will take you on a deep-dive technical tour of IBM Cloud Identity Connect. You will start by creating your own IBM Cloud Identity tenant, and then implement SAML Single Sign-On to a popular SaaS application. You will then explore delegated administration, user and group management, and creation of a hybrid solution with on-premise integration. Finally, you will see how password-free SaaS access from mobile devices can be achieved via integration with IBM MaaS360.

Presented by

  • Jon Harry, IBM
  • Dinesh Jain, IBM

In this lab, you will learn how to deploy a test environment that integrates IBM MaaS360 and IBM Cloud Identity Essentials with a third-party SaaS (cloud) application.

This learning module demonstrates the integration of IBM Guardium and IBM IGI products to support the GDPR compliance initiative on structure data. The solution provides a custom developed AssemblyLine that runs in IBM Directory Integrator (IDI), and an IBM Identity Governance and Intelligence (IGI) Custom Adapter that requires IBM Directory Server and IDI to run.

The integration goal is to identify GDPR sensitive data using a provided sample database using IBM Guardium. Guardium then exports a report that contains users who have access to tables with GDPR relevant data. Then, the IGI Custom Adapter imports these reports into IGI for further compliance and access management.

The course provides a lab environment where the integration can be tested and demonstrated.

Also, if you do not have time to run the lab, you can review the videos that demonstrate all steps in the lab.

The additional learning section provides a custom AssemblyLine and a custom IGI adapter as-is with no IBM support. You can provide feedback to the Security Learning Academy if you have any issues with the code.

In this advanced lab, you learn how to configure Advanced Laptop and Desktop management services. You manage and distribute Windows patching and app updates for Windows 7 and Windows 10 devices using MaaS360's Unified Endpoint Management capabilities powered by both MaaS360 and BigFix in the IBM Cloud. You learn how to configure settings and review collected data to ensure your devices are secured against risk, threats, and vulnerabilities.

IBM Security QRadar includes rules that detect a wide range of activities, including excessive firewall denies, multiple failed login attempts, and potential botnet activity. You can also create your own rules to detect unusual activity.  Custom rules customize default rules to detect this suspicious activity in your network.

Use IBM QRadar Apps to extend and enhance your current QRadar deployment with new data and ready-to-use use cases.  A QRadar app is a means to augment and enrich your current QRadar system with new data and functionality. You can download and install other shared apps that are created by IBM, its Business Partners, and other QRadar customers.

This lab walks you through exporting get_logs from:

  • QRadar SIEM's user interface, or
  • the QRadar server.
The get_logs collect logs so you can troubleshoot issues on your own or you can provide  to IBM QRadar Support for assistance with troubleshooting issues.

Overview

These labs walk you through advanced troubleshooting for the QRadar software and architecture.

In this set of labs, you will learn how to enable debug logging, and, how to obtain disk space and environment information.

Note: This is an online, interactive lab. You will download and follow the lab guide using the associated elab.


Objectives

  • Enable and disable debug logging
  • Obtain disk space and environment information

Duration
45 min

Course Revision
1.0

Overview

These labs walk you through advanced troubleshooting for the QRadar software and architecture.

In this set of labs, you will learn how to get processing statistics from the Custom Rules Engine (CRE), determine which processes are using the most QRadar resources, and, create roll up values for time series graphs.

Note: This is an online, interactive lab. You will download and follow the lab guide using the associated elab.


Objectives

  • Troubleshoot processing issues by using scripts that let you get processing statistics from the CRE and find out what process are using the most QRadar resources.
  • Troubleshoot issues with accumulated data which is used by reports and the time series graphs used in the Dashboard, Log Activity, and Network Activity for aggregated searches.

Duration
45 min

Course Revision
1.0

Overview

These labs walk you through advanced troubleshooting for the QRadar software and architecture.

In this set of labs, you will learn how to configure a Device Support Module (DSM) for an unknown log source.

Note: This is an online, interactive lab. You will download and follow the lab guide using the associated elab.


Objectives

  • Configure the DSM for an unknown log source by using the QRadar console.

Duration
60 min

Course Revision
1.0

This lab covers the following three main OAuth 2.0 workflows supported by IBM Access Manager: Authorization code, Implicit grant, and Resource owner password credentials (ROPC).

In this lab you learn how to manage and secure Windows 10 devices using MaaS360 Unified Endpoint Management capabilities and MDM APIs.

In this lab, you use ACLs, POPs, and authorization rules to control access to the web content.

This lab demonstrates how to set up management authentication and authorization for IBM Access Manager. You learn how to configure external authentication and authorization using LDAP. You also verify that the different user groups can authenticate with Access Manager and then test the user’s authorizations.


Version: 1.1

IRLP Code: SEC9742

This Open Mic Live session was originally broadcast from Think 2018 19-March-2018.

Nick Lloyd and Steven Hughes from Access Manager Technical Support deliver this Open Mic LIVE at the 2018 Think conference. 

This session covers IBM Security Access Manager appliance networking.


This Open Mic Live session was originally broadcast from Think 2018 19-March-2018.

Nick Lloyd and Thomas Ermis from Access Manager Technical Support deliver this Open Mic LIVE at the 2018 Think conference.

This session covers an overview of Docker and IBM Security Access Manager for Docker.

IBM Guardium  provides tools to discover, classify, and build policies for files. 

In this lab, you will use the quick search GUI window to find files that contain sensitive information, select a set of these files, and create a policy that monitors attempts to access these files.

This hands-on lab is targeted to IBM Guardium users and administrators who need to create policies to control access to files which contain sensitive information.

In this lab, you configure IBM Access Manager to generate and use JSON Web Tokens (JWTs) as OAuth Access Tokens rather than the standard opaque random string tokens that the OAuth server uses by default. JWTs are self-contained strings signed with a secret key. They contain a set of claims that assert an identity and a scope of access, reducing the need to go back and forth to the OAuth server to retrieve this information.

In this exercise, you learn how to use Switch/Case components in IBM Directory Integrator AssemblyLine.

In this course you learn to plan and construct complex, distributed IBM Directory Server (IDS) environments using several methods.
This course is designed for personnel who are responsible for the deployment, troubleshooting, and ongoing performance maintenance of IBM Directory Server distributed environments.
Intermediate to advanced knowledge of IBM Directory Server is required.

Distributed directories are essential to the successful deployment of IBM Directory Server (IDS). IDS provides a robust set of replication options you can use. In this course, you learn how to create two server instances and configure and test a simple replication.

The lab includes the following exercises:


Prerequisites

  • Intermediate / Advanced working knowledge of Directory Server
  • Experience using Linux

Duration: 1hr 30m


Course version: 1.0