Only a partial course catalog is displayed. Please log in to see the complete catalog.


Course Search Results

Found 52 courses tagged with "Think 2019".

Overview
IBM Security Identity Governance and Intelligence, or simply IGI, is an appliance-based integrated identity governance solution. This solution employs business-centric rules, activities, and processes. It empowers Line of Business managers, auditors, and risk managers to govern access and evaluate regulatory compliance across enterprise applications and services.

This lab provides a real business user experience. You imitate a day in the life of a Line of Business manager, who uses IGI to manage accesses for his team members.

Feel free to explore each of the applications in depth and work with the data in any way you like. This is a live and fully functional Identity Governance environment, with many sample user records, roles, and risk definitions.

The Identity Governance and Intelligence user interface is divided into two areas. The Administration Console is reserved for administrators, while the Service Center is where the applications for business users are contained. In this lab we use the Service Center only.

Objectives

  • Overview of the Service Center
  • Working on pending requests
    • Submitting a request
    • Evaluating, approving or rejecting requests as a user manager
    • Verifying the new role
  • Requesting roles for team members
    • Requesting a role for a team member
    • Evaluating and approving requests
    • Verifying the new role
  • Certification campaigns
    • Evaluating running certification campaigns
    • Redirecting evaluation to another reviewer
    • Tracking progresses
    • Generating certification campaign reports

In this lab course, you learn how to import structured data directly in the i2 Enterprise Intelligence Analysis Information Store.

IBM Guardium provides over 600 preconfigured reports. As well as being useful in themselves, these reports can serve as templates to create a report customized to your specific needs. This saves time and effort.

In this 30 minute course, you will clone a Guardium query. You will customize the fields and conditions of this query, then generate a report from this new query.

The Advanced Access Control (AAC) functionality of IBM Access Manager is not enabled by default. The AAC module must be purchased and activated to enable this functionality.This lab provides procedures to activate and configure the Advanced Access Control module.
Access Manager appliance has a built-in live mobile demonstration application that is useful for demonstrating the AAC use cases. This lab also covers the steps to enable the live demo application.

Course revision - 1.0

SEC9764


IBM Access Manager provides OAuth 2.0 token introspection endpoint to support functions specified in RFC7662. The OAuth clients can use this endpoint to query the OAuth authorization server and request details about the access tokens issued by the server. For example, determining if the token is still active or accessing additional information about the token.
This lab demonstrates how to configure and use the OAuth 2.0 token introspection endpoint.

Federated Directory Server (FDS) is a premium feature of the IBM Security Directory Suite. FDS enables a collection of directories and other sources of data to be combined and treated as a single hierarchical directory. The FDS console is a ready-to-use application that implements this directory. The IBM Security Directory Suite Directory Server is the default core centralized or target repository for Federated Directory Server. In this lab, you perform an initial FDS setup, and configure the FDS to use an LDIF file as a source.

Learn how to prepare Microsoft Active Directory Federation Services (ADFS) to be used as the Identity provider for the  federated SAML authentication of devices and portal administrators in MaaS360.  You configure both ADFS  and MaaS360  to use Security Assertion Markup Language (SAML)  and then test portal administrator and device enrollments using this authentication.  Microsoft ADFS is used as the Identity Provider in this lab but any Identity Provider that supports SAML 2.0 can be used to achieve federated single-sign on in MaaS360.

This lab demonstrates how to enable social login to a web application using Google credentials. You set up OpenID Connect (OIDC) Federation for this integration because Google is fully compliant with OpenID Connect and has a metadata URI. You configure Google as an OIDC Provider and IBM Access Manager as a Relying party.
The integration scenario is demonstrated using the built-in live demo application in Access Manager.

IBM Access Manager Version 9.0.4 provides new features and extended functions for OpenID Connect (OIDC). The configuration and management tasks for the OIDC Providers and Relying Parties are enhanced. You configure the OIDC Provider through the API Protection interface. Relying Party federations use a new federation wizard that supports capabilities that complies with the OIDC specifications.
This lab demonstrates how to set up the OpenID Connect federation using IBM Access Manager 9.0.4. The lab provides two AM appliances: iam1 and iam2. The iam1 appliance is used as an OpenID Connect Provider (OP) and the iam2 appliance acts as a Relying Party (RP). The live mobile demo application running on the Relying party appliance is used for verifying the federation capabilities.

Version 1.0

IRLP code: SEC9604

This course provides a lab setup and step-by-step instructions on how to set up the SAML 2.0 federation using IBM Access Manager. You configure one of the Access Manager appliances as a SAML 2.0 Identity Provider and another one as a SAML 2.0 Service Provider.

The built-in demo application running on the Service Provider appliance is used to verify federation.

Overview

Certification campaigns are a formal process that automates the periodic review of a relationship, and enables critical access decisions by nontechnical line-of-business managers.

Identity Governance and Intelligence (IGI) supports five different certification campaign types.
  • User assignment - review individual user entitlements
  • Organization unit assignment - assess where entitlements are visible
  • Risk violation mitigation - review unmitigated risk violations
  • Entitlement - examine the contents of each entitlement
  • Account - review account access for target applications under management

Objectives
  • Creating and running a user assignment certification campaign
    • Configuring a certification dataset
    • Creating the certification campaign
    • Starting a certification campaign
    • Running the certification campaign as a reviewer
    • Supervising a certification campaign
    • Handling exceptions in a certification campaign
  • Reviewing unmitigated risks with a certification campaign
    • Creating the certification campaign
    • Running the certification campaign
    • Understanding the effects of the unmitigated risks review

Pass-through authentication (PTA) is a feature of Directory Server, which delegates authentication of users to a different LDAP server.
In this exercise, you configure PTA so that when an authentication request is received for a user, the central Directory Server forwards that request to another Directory Server instance for validation.

IBM Access Manager supports device fingerprinting to allow tracking of a user across multiple devices and browsers.
This lab provides steps to configure Advanced Access Control policies to register a client device or browser using one-time password (OTP) sent to a user's email address.
The user is allowed access once OTP verification is complete.
The lab demonstrates silent and consent-based device registrations. It also covers how administrators and end users can manage device fingerprints.

Version 1.0

Duration: 1 hour 30 minutes

IRLP code: SEC9753

In this lab, you learn how to implement context-based access (CBA) using FORM (POST) parameters. You configure an access policy that detects high-value transactions based on a certain POST parameter in a web form and prompts for step-up authentication. The step-up authentication requires the users to provide a counter-based HMAC one-time password (HOTP).

You generate the OTP either using the OTP Generator demo application provided in the lab or by using a mobile app on your phone, for example, IBM Verify or Google Authenticator.

In this lab, you learn how to implement context-based access for a mobile application using REST (JSON) parameters. You configure an access policy that detects high-value transactions using a certain attribute in the JSON payload and prompts for step-up authentication. The step-up authentication requires the users to provide a time-based one-time password (TOTP).
You generate the OTP either using the OTP Generator demo application provided in the lab or by using a mobile app on your phone, for example, IBM Verify or Google Authenticator.

Guardium Data Security policies help flag suspicious database activity. By configuring policy rules to ignore trusted database activity, you can reduce the load on the network and Guardium managed units.

In this lab, you create a policy with rules to discard trusted activity and to flag untrusted activity.

This hands-on lab is targeted towards Guardium users and administrators who maintain database security policies. It will take approximately 30 minutes to complete.

IBM Guardium gathers a large amount of data about your database environment. Queries probe this data, while reports display this data in an easily viewable format.

In this lab, you will create a simple query and a report based on that query.

This hands-on lab is targeted towards Guardium users and administrators who create and maintain reports. It will take approximately 30 minutes to complete.


Guardium 10.1.4 provides a new group builder application which provides powerful tools for populating group members and allows you to see which resources use a given group.

In this exercise, you learn to how to build and populate the Guardium groups.

This hands-on lab is targeted for IBM Guardium users and administrators who need create and maintain groups. The lab will take approximately 30 minutes to complete.

Reports in IBM QRadar SIEM condense data to statistical views on your environment for various purposes, in particular to meet compliance requirements. In this lab, you run an a report from an existing template, then create a new report based on a saved search, and finally create a new report from a new search.

Guardium S-TAP is a lightweight software agent installed on database servers. S-TAP agents collect the data that are used by traffic reports, alerts, and visualizations. S-TAP agents also enact certain policy rules.

In this hands on exercise, you install the S-TAP agent using the Guardium Installation Manager (GIM) and the Guardium GUI.

Guardium Data Security policies help flag suspicious database activity and events.

In this lab, you create a policy with rules to flag events where a database user has failed at multiple attempts to login during a short duration of time.

This hands-on lab is targeted towards Guardium users and administrators who maintain database security policies. It will take approximately 30 minutes to complete.


Anomaly detection aims to alert to threats that are undocumented and therefore cannot be detected by methods that monitor for well defined indicators. Such threats can be detected by monitoring for an unusual volume of activities. With IBM® QRadar® SIEM, create anomaly detection rules to monitor for deviations from the baseline of expected activities.

In these exercises, you develop an anomaly detection rule of type Anomaly. It tests for the deviation of the number of events matching a grouped search from the weighted moving average. The rule fires in the exercise because the sample data spikes above the deviation percentage configured in the anomaly rule.

Device Support Modules (DSM) enable QRadar SIEM to normalize events from raw logs received from various source types. These events must be parsed, normalized, and correlated into offenses to alert you to suspicious activities. In these exercises, you use the DSM Editor to create a log source type for an unknown source of events. You also configure the new log source type to parse and normalize its properties and create unique identifiers and mappings so that QRadar SIEM can name, rate, and categorize the events from the unkown log source.

This lab demonstrates how IBM BigFix ® App for QRadar®  enhances security intelligence of managed endpoints.  You learn how endpoint information, such as vulnerabilities, patching status, software installed, and file hashes, are provided to the Security Analyst using the QRadar SIEM console. This lab contains a video that provides an overview of BigFix App for QRadar,  an installation video, and a hands-on section that gives you practice with the app's functions.


Explain the value of IBM BigFix App for QRadar during investigation and remediation
Install the BigFix App for QRadar
Use the hands-on lab environment that has BigFix Platform and  BigFix App for QRadar installed to perform the following tasks:
Manage the distribution of patches and review vulnerability data on endpoints
Incorporate endpoint data gathered by BigFix Inventory using a default fixlet named Initiate Software Scan and a custom fixlet 
Leverage endpoint compliance status information
Use X-Force Threat Intelligence data to verify the reputation of file hashes on endpoints
Enable or disable antivirus on Windows endpoints

The whose-it clause is commonly used to filter a list that is based on a specific condition.  You can use it-without-a-whose to develop simpler Relevance statements. In this course, you learn how to develop basic Relevance queries using the whose-it and it-without-a-whose clauses.

This course introduces some basic action script commands. You also learn how to use Relevance substitution within an action script.

Use basic commands and Relevance substitution in an Action Script
Develop an action script that creates text files on an endpoint
Use Relevance substitution to modify an Action Script

This cookbook provides a step-by-step hands-on lab guide to setting up an IBM Cloud Identity environment, including both Cloud Identity Connect and Cloud Identity Verify subscriptions, and exploring its capabilities. 

All steps will be performed using your preferred Web browser.




When you create Guardium policies with multiple rules, you might want to ensure that processing does not stop when one rule is triggered. 

In this hands-on lab, you investigate the Continue to Next Rule check box and how it affects policy processing.

The prerequisite for this course is basic knowledge of configuring IBM Guardium Policy.

In this lab, you learn the fundamental administrative tasks to set up a MaaS360 portal account to manage organizations bring your own device (BYOD) and corporate owned mobile devices. The first portal account that you create is a service administrator account that has all the access required to configure MaaS360 for your organization. There are also exercises to enroll devices.

In this lab session, you learn how to use the MaaS360 portal workflows to support a mobile enterprise.  As a help desk administrator you might have access to all MaaS360 workflows or a subset of workflows based on your access roles. In the lab, you learn how to set up and use key configurations such as security policies, compliance rules, enrollment requests, and device groups. You use workflows such as apps and docs to push content to devices, and then use device inventory and actions to manage devices.  In order to understand how users enroll and use the MaaS360 app on devices, you enroll an iOS device in MaaS360.

In this lab session, you learn how to use the MaaS360 portal workflows to support a mobile enterprise.  As a help desk administrator you might have access to all MaaS360 workflows or a subset of workflows based on your access roles. In the lab, you learn how to set up and use key configurations such as security policies, compliance rules, enrollment requests, and device groups. You use workflows such as apps and docs to push content to devices, and then use device inventory and actions to manage devices.  In order to understand how users enroll and use the MaaS360 app on devices, you enroll an Android device in MaaS360.

The IBM i2 Enterprise Insight Analysis i2 Connect capability enables analysts to search for and retrieve data from external data sources that use the Opal quick search functionality, and then analyze the results on a chart in Analyst's Notebook Premium. To use i2 Connect, you must obtain or create a custom connector to the external data source that you want to search.

The web client is licensed as a part of the IBM i2 Enterprise Insight Analysis Investigate Add On. The web client can be used to search the Information Store.

Overview
The Access Risk Controls module of IBM Identity Governance and Intelligence (IGI) enforces Segregation of Duties (also known as Separation of Duties, or SoD) checks, based on relationships established between the Business Activities layer (BA) and the Role-Based Access Controls model (RBAC).

Risk is often defined in terms of the likelihood of an event, and the cost, or impact, of the consequences if the event occurs. Segregation of Duties is the principle of organizing complex structures by dividing tasks and responsibilities between the members of an organization, to prevent any member from having complete control of any transaction from initialization to completion.

IGI defines a Segregation of Duties risk as a combination of conflicting Business Activities.

Objectives

  • Getting familiar with business activities and risks
    • Business activities, permissions, and risk relationships
    • Add new business activities
    • Map business activities to permissions
    • Map permissions to business activities
  • Define Segregation of Duties (SoD) risk and assign mitigation controls
    • Define a new Segregation of Duties risk
    • Assign a mitigation to a Segregation of Duty risk
  • Check for Segregation of Duty risk violations
    • User risk violation analysis
    • Assign a mitigation to a risk violation

Overview

IBM Security Identity Governance and Intelligence (IGI), is an appliance-based integrated identity governance solution. This solution employs business-centric rules, activities, and processes. It empowers line-of-business (LOB) managers, auditors, and risk managers to govern access and evaluate regulatory compliance across enterprise applications and services.

Objectives
This lab provides a brief tour of the available applications to help you become familiar with the IGI user interface.

  • Tour of the Administration Console
  • Tour of the Service Center
  • Access Governance Core
  • Managing the exchange of data
    • Loading data by using the Bulk Data Load tools
    • Loading data by using the Enterprise Connectors
  • Role lifecycle management
    • Exploring roles
    • Exploring role mining
  • Access risk control modeling
  • Certification campaigns
  • Reporting
  • Automating tasks
  • Tour of the Virtual Appliance console

Overview

In the IGI data model, an entitlement identifies a structured set of permissions. These permissions are assigned to a user to allow access to the resources of an organization.

Permissions, IT roles, business roles, and external roles are collectively referred to as entitlements.
Entitlements are structured in a hierarchy. This lab will teach you how roles are created and managed in IGI.

Objectives
  • Role definition
    • Creating a new role
    • Adding entitlements to a role
    • Publish the new role
    • Add scope to the new role
    • Assign the role to a user
    • Verify success
  • Role consolidation
    • Observing and consolidating existing entitlements
    • Analyze the new role for impact and risk
    • Publish the new role
    • Add scope to the new role
    • Consolidate the new role
    • Verify success
  • Role mining
    • Prepare for the role mining process
    • Create a data snapshot for data exploration
    • Review the analysis for potential roles
    • Use role mining to discover a new role
    • Analyze the discovered roles
    • Release the role to Access Governance Core
    • Publish the new role

The MaaS360 Cloud Extender is a lightweight software module that you install in your environment. You use the Cloud Extender to integrate MaaS360 with your behind the firewall corporate resources. In this lab you set up the MaaS360 Cloud Extender to integrate with Active Directory (AD) using LDAP. You configure the User Authentication module to support self-service enrollment so that device users can enroll in MaaS360 using their corporate credentials. You configure the User Visibility module to import users and groups into Maas360 from AD. You can use these users and groups to assign policies and distribute corporate content. Taking advantage of an existing directory service eliminates the need for administrators to create local users and groups in Maas360. You also learn testing and troubleshooting techniques in this lab using the MaaS360 portal and mobile devices.

Attach scripts to custom rules to do specific actions in response to network events. Use the Custom Action window to manage custom action scripts. Use custom actions to select or define the value that is passed to the script and the resulting action.


In this lab, you learn how to use the User Behavior Analytics for QRadar (UBA) application to detect anomalous or malicious behavior. The lab comes with UBA already installed and configured. You learn to use the QRadar UBA Dashboard and how the application can help you detect malicious user behavior.  The lab also walks you through the investigation process and demonstrates the integration with QRadar Advisor with Watson. The QRadar Advisor with Watson app is also already installed and configured in the lab. To learn more about QRadar Advisor with Watson, visit the dedicated section in the Security Learning Academy, where you can run the lab that is focused on QRadar Advisor with Watson. Finally, the lab walks you through tuning the rules for user risky behavior by configuring the senseValue parameter.

UBA leverages the Machine Learning (ML) app to analyze risky user behavior.  Because the Machine Learning part of the lab requires at least one week of historical data to properly analyze user behavior, it is not possible to demonstrate that feature in the lab that runs only about an hour. The machine learning part of QRadar UBA is covered in video training on the Security Leaning Academy.



In this lab, you learn how to configure and use the QRadar Advisor with Watson (Watson Advisor) app in a QRadar offense investigation. You can download QRadar Advisor with Watson from the IBM Security App Exchange, but you must have a valid subscription to configure and run the app. In this lab, you can use the app without activating your paid subscription or enrolling in a 30-day free trial. You learn to use regular expressions to extract QRadar custom properties and configure reference sets, rules, network hierarchy, and assets. The lab also walks you through the investigation process and you learn how to interpret QRadar Advisor Knowledge graphs.


License keys entitle you to use specific IBM QRadar products and control the event and flow capacity for your QRadar deployment. You can add licenses to your deployment to activate other QRadar products, such as QRadar Vulnerability Manager.

This self-paced course provides you the foundations of license management, their components, and explain how they are managed within QRadar.

Course Objectives

  • Define ways to upload and maintain license keys in the QRadar SIEM console.
  • Obtain hands-on experience with viewing license details, uploading a license key, allocating a license key to a host, deleting licenses, and exporting license information.

IBM MaaS360 is a comprehensive enterprise mobility platform. With MaaS360, IT departments can deliver end-to-end security and management for applications, documents, email, and devices. It provides employees with secure access to corporate resources and information from their mobile devices, without compromising the user experience, data security, or privacy. MaaS360 simplifies the process by providing everything that you need to securely manage all your mobile assets from an on-demand, intuitive portal.

In this lab session, you learn how to manage mobile devices with MaaS360 and enhance mobile user security and productivity. This lab is a basic introduction to managing Android mobile devices with MaaS360. If you are a mobile security administrator or mobile security consultant, there are several in-depth training courses on the IBM Security Learning Academy that you can take to broaden your MaaS360 skills.

Note: Download the MMS_Labfiles.zip file to your desktop and extract the files. The files are required to complete the lab.

IBM MaaS360 is a comprehensive enterprise mobility platform. With MaaS360, IT departments can deliver end-to-end security and management for applications, documents, email, and devices. It provides employees with secure access to corporate resources and information from their mobile devices, without compromising the user experience, data security, or privacy. MaaS360 simplifies the process by providing everything that you need to securely manage all your mobile assets from an on-demand, intuitive portal.

In this lab session, you learn how to manage mobile devices with MaaS360 and enhance mobile user security and productivity. This lab is a basic introduction to managing iOS mobile devices with MaaS360. If you are a mobile security administrator or mobile security consultant, there are several in-depth training courses on the IBM Security Learning Academy that you can take to broaden your MaaS360 skills.

Note: Download the MMS_Labfiles.zip file to your desktop and extract the files. The files are required to complete the lab.
Course revision 2.0

This lab provides step-by-step instructions for configuring a basic identity federation deployment between IBM Access Manager and Salesforce.com using SAML 2.0.
In this lab, you first obtain a Salesforce Developer Edition instance and configure it for SAML Single Sign-On from IBM Access Manager. Access Manager acts as a SAML 2.0 Identity Provider (IdP) and Salesforce acts as a Service Provider (SP).

This lab covers the following three main OAuth 2.0 workflows supported by IBM Access Manager: Authorization code, Implicit grant, and Resource owner password credentials (ROPC).

In this lab you learn how to manage and secure Windows 10 devices using MaaS360 Unified Endpoint Management capabilities and MDM APIs.

This lab demonstrates how to set up management authentication and authorization for IBM Access Manager. You learn how to configure external authentication and authorization using LDAP. You also verify that the different user groups can authenticate with Access Manager and then test the user’s authorizations.


Version: 1.1

IRLP Code: SEC9742

Starting with version 10.6, IBM Guardium has a new query and report builder. This builder incorporates many of the 10.x design features, including a format that presents configuration options as sections, as well as an intuitive, step-by-step guide to create and configure the query and report. The report is automatically generated from the query. If the query is modified, the report is automatically regenerated when the query is saved.

In these exercises, you create a query and report that shows SQL commands. Then you generate data to test the report and view the results.

IBM Guardium  provides tools to discover, classify, and build policies for files. 

In this lab, you will use the quick search GUI window to find files that contain sensitive information, select a set of these files, and create a policy that monitors attempts to access these files.

This hands-on lab is targeted to IBM Guardium users and administrators who need to create policies to control access to files which contain sensitive information.

IBM Guardium provides powerful functions to monitor and control database access. IBM Guardium can terminate sessions performing suspicious database access commands, and even quarantine suspicious users.

In this lab, you will explore the session termination and quarantine functionality.

IBM QRadar SIEM enables you to minimize the time gap between when a suspicious activity occurs and when you detect it. Attacks and policy violations leave their footprints in log events and network flows of your IT systems. QRadar SIEM connects the dots and provides you insight by performing the following tasks:

  • Alerts to suspected attacks and policy violations in the IT environment
  • Provides deep visibility into network, user, and application activity
  • Puts security-relevant data from various sources in context of each other
  • Provides reporting templates to meet operational and compliance requirements
  • Provides reliable, tamper-proof log storage for forensic investigations and evidentiary use


Objective

The exercises in this lab provide a broad introduction into the features of QRadar SIEM. The exercises cover the following topics:

  • Navigating the web interface
  • Investigating a suspicious activity
  • Creating a report
  • Managing the network hierarchy

In this lab, you configure IBM Access Manager to generate and use JSON Web Tokens (JWTs) as OAuth Access Tokens rather than the standard opaque random string tokens that the OAuth server uses by default. JWTs are self-contained strings signed with a secret key. They contain a set of claims that assert an identity and a scope of access, reducing the need to go back and forth to the OAuth server to retrieve this information.