QRadar Feature Discussion IBM SECURITY SUPPORT OPEN MIC
|
|
- Lucinda Joella Golden
- 5 years ago
- Views:
Transcription
1 QRadar Feature Discussion IBM SECURITY SUPPORT OPEN MIC Reminder: You must dial-in to the phone conference to listen to the panelists. The web cast does not include audio. USA toll-free: USA toll: Participant passcode: Slides and additional dial in numbers: June 22, 2016 NOTICE: BY PARTICIPATING IN THIS CALL, YOU GIVE YOUR IRREVOCABLE CONSENT TO IBM TO RECORD ANY STATEMENTS THAT YOU MAY MAKE DURING THE CALL, AS WELL AS TO IBM S USE OF SUCH RECORDING IN ANY AND ALL MEDIA, INCLUDING FOR VIDEO POSTINGS ON YOUTUBE. IF YOU OBJECT, PLEASE DO NOT CONNECT TO THIS CALL.
2 Panelists Jeremy Mathers QRadar User Interface Team Lead Dwight Spencer Principal Solutions Architect & Co-founder of Q1 Labs Adam Frank Principal Solutions Architect Jeff Rusk Development Manager, QRadar L3 Engineering Jason Keirstead QRadar Architecture Team Greg Davis QRadar Architecture Team Joey Maher QRadar Technical Support Team Lead Ellen Pit QRadar Quality Lead Presenter: Jonathan Pechta Support Technical Writer / Support Content Lead Moderator: Jack Cam Support Manager 2 IBM Security
3 Announcements
4 QRadar Future API Changes QRadar introduces V7.0 endpoints API 4.0 will be removed APIs 5.0 and 5.1 will be marked as deprecated QRadar Support Knowledgebase A new master tech note was released that contains links to all support content currently published. As we work on new articles, this page will be refreshed to include new content. Where? 4 IBM Security
5 QRadar Protocol Changes New protocols being released by our IBM Integration team will sort certificates by protocol. New releases also include more security and restrict where administrators can keep certificates. New protocols installed make copies of existing certificates to the proper protocol directory. For example: /opt/qradar/conf/trusted_certificates/<protocol> /opt/qradar/conf/trusted_certificates/lea QRadar YUM vs RPM As of the most recent QRadar automatic update, development has added more support for YUM commands. Administrators and users will notice that our documentation examples will start using YUM commands, which are now preferred over using RPM commands to prevent patch and dependency issues. yum install DSM-BluecoatProxySG noarch.rpm yum y install DSM-BluecoatProxySG noarch.rpm This replaces rpm Uvh commands yum search WinCollect This replaces rpm qa grep WinCollect 5 IBM Security
6 Keeping up with the latest QRadar information Administrators and users who need to keep up with changes to QRadar should ensure they are signed up for the following information: 1. IBM My Notifications ( or RSS feeds for your IBM Products) - Go to: - Click the Subscribe Now button. - In the Product lookup search field, type QRadar. - Click Subscribe next to products you want information about. - Configure your delivery preferences. 2. QRadar Support Newsletter May newsletter: How to sign-up for the list: To subscribe to the QRadar Support Newsletter send an to isssprt@us.ibm.com with the subject line: snl subscribe SecIntel To unsubscribe, send an to isssprt@us.ibm.com with the subject line: snl unsubscribe SecIntel 3. QRadar Forums - Ask us questions directly. 6 IBM Security
7 Agenda
8 QRadar Feature Discussion Agenda Upgrade Instructions New to this version Offense Indexing Lazy Search Enhancement Performance Updates Custom Columns Per Log Source EPS & Reporting AQL Changes System and License Management Changes Reference Data Changes API Changes Extension / Application Framework Updates 8 IBM Security
9 Upgrading
10 Upgrade - Instructions Software Upgrade Questions (any version) QRadar (any patch level or above) is the minimum version to upgrade to QRadar This article outlines the software upgrade progression to get from QRadar version x --> y. If a customer calls with upgrade questions or cannot find the proper software to upgrade, you can direct them to this article. Patch & Upgrade Best Practices Run a configuration backup & download the file before upgrade Ensure all HA pairs have the PRIMARY system active, and the secondary is online place patch files in /store/patches/ stage the patch/upgrade file out to all managed hosts, if required Patch console first, then all managed hosts simultaneously, not using "patch all Upgrades versus ISOs Admins use SFS files to patch/upgrade a system to QRadar New installations use ISO files. HA Considerations Note, patches should not ever be run on the HA secondary, if it's the active host - you should fail back to the primary. IF the primary is offline/failed for some period of time, the upgrade for the entire deployment should be delayed. 10 IBM Security
11 Offense Indexing
12 Incident Detection and Management Offense Indexing Uses QRadar introduces the ability to index or chain offenses together using any custom property. This includes all database properties including custom properties. Custom properties that use this feature must be enabled and optimized. This expands our default 12 normalized custom properties to use any custom properties in QRadar. Values matching the custom property selected are added to the offense without extra work required from the administrator. 12 IBM Security
13 Incident Detection and Management Response Limiter New custom columns are available as a drop-down in the user interface. 13 IBM Security
14 Incident Detection and Management Response Limiter Administrators or users can also use custom properties in a response limiter to limit notifications for a reoccurring custom property. This feature ensures that null values are counted by the response limiter and do not fire notifications. 14 IBM Security
15 Incident Detection and Management Deletion Framework Custom Property Deletion When you attempt to delete custom properties, you are now notified of any dependencies, including offenses indexed by that custom property. 15 IBM Security
16 Lazy Search in QRadar 7.2.7
17 Search Enhancements Lazy Search - Use Lazy Search is a new Quick Filter capability introduced in QRadar that is optimized for more tactical use cases such as the threat hunting or IOC searching. Retrieves the first (up to) 1000 results matching the filter criteria and returns those immediately to the user along with a time series graph showing the distribution of the results over the search timeframe. Reduces impact on the deployment by restricting the search to just the indices and not the events/flows themselves. Reduces impact on the network by only return a subset of the results until the analyst make the decision that the entire result is necessary. A Quick Filter search will utilize the Lazy Search functionality when the following conditions are met: The only filter is the Quick Filter The search is on a time range (not real-time or Last Minute) 17 IBM Security
18 Search Enhancements How do I adjust a lazy search time frame? Lazy Search is a new Quick Filter capability introduced in QRadar that is optimized for more tactical use cases such as the threat hunting or IOC searching. Retrieves the first (up to) 1000 results matching the filter criteria and returns those immediately to the user along with a time series graph showing the distribution of the results over the search timeframe. Reduces impact on the deployment by restricting the search to just the indices and not the events/flows themselves. Reduces impact on the network by only return a subset of the results until the analyst make the decision that the entire result is necessary. A Quick Filter search will utilize the Lazy Search functionality when the following conditions are met: The only filter is the Quick Filter The search is on a time range (not real-time or Last Minute) 18 IBM Security
19 Performance Changes in QRadar 7.2.7
20 New Disk Compression* All QRadar versions and forward utilize our new, highly efficient compression mechanism for all stored data. No more compress/decompress cycles Data is always compressed on disk and all decompression occurs in memory with no rewrite to disk. Up to 10X faster search Overall reduction in IO due to data always being compressed. This means searching on compressed data in is even faster than uncompressed data in 7.2.6! Better overall system performance Reduced disk reads and writes, lower CPU load leads to more consistent system resource utilization with less spikes. Faster data rebalancing with Data nodes Simplifies retention planning User no longer need to consider compression when setting up retention. In fact, the option is no longer even available. Users simply decide how long to keep data and when it can be deleted 20 IBM Security
21 Disk Compression Retention Interface Updates The event and flow retention interface has been updated to remove compression options from the user interface as new installations of QRadar include continuous / always on data compression. 21 IBM Security
22 Other performance updates to QRadar A number of general performance improvements across various aspects of the platform are also included in QRadar 7.2.7: Hardware Optimization QRadar auto tunes to the hardware platform and doesn t simply match platform to our xx05 or xx28 profile. QRadar can now leverage hardware even larger than our own xx28 platform Accumulator Global Views (GVs) Increased QRadar can now track up to 300 global views, up from the 130 prior to Directly translates to increased anomalous and behavioral threat detection capabilities Pipeline Stability and Performance 10% reduction in CPU load compared to Burst handling will no longer report false positives of event rate over license 22 IBM Security
23 Custom Columns in QRadar 7.2.7
24 Log & Network Activity Enhancements - Custom Columns In 7.2.7, we have continued our efforts to optimize a number of activities performed by our users day in and day out. In this release, we have focused on the manipulation of the columns in the Log Activity & Network Activity tabs. The addition of a quick access screen to add/remove columns means that users no longer have to defer to the Search->Edit Search screens to adjust the columns present in their search. The ability to save a column layout and recall it later with a single click. 24 IBM Security
25 Search Enhancements Custom Columns - Use When editing the column layout of a search, you now have the option to save the layout. The Save Column Layout button only displays when you add, remove, or change the order of the Columns fields in the user interface IBM Security
26 Search Enhancements Delecting Custom Columns After saving the column layout, you can delete it by selecting the layout and clicking the Delete Column Layout button 26 IBM Security
27 EPS Per Log Source UI & Reporting in QRadar 7.2.7
28 Per Log Source EPS Reporting Log Source EPS Reporting lists the average EPS for each log source on both the Log Source screen as well as in our Log Source reports, allowing users/administrators to quickly identify noisy or expensive log sources as well as highlight potential configuration issues with log sources that are failing to report 28 IBM Security
29 AQL Changes in QRadar 7.2.7
30 Search Enhancements AQL - Use Two forms of conditional logic have been added to AQL statements in QRadar 7.2.7: - IF/THEN/ELSE - CASE The first form, IF/THEN/ELSE, allows users to perform simple conditional evaluation based on the condition contained within the IF. 30 IBM Security Example: User wants to query the user associated with all events but realizes that the events may not contain the necessary user information so they decide to leverage the Asset database to fill in the gaps if possible. select sourceip, if username is NULL then ASSETUSER(sourceip) else username as username from events group by username last 2 DAYS The second form, CASE, allows users to perform similar logic to IF/THAN/ELSE except with more conditional comparisons. Example: User may want to expand the response code from a set of Blue Coat Proxy Logs select case BCReponseCode when 200 then OK when 404 then Not Found when 401 then Not Authorized else N/A end from events where LOGSOURCETYPENAME(devicetype) ilike %bluecoat% last 2 days See Conditional logic in AQL queries for more information.
31 System & License Management Changes in QRadar 7.2.7
32 Bonded Network Interface - Use Administrators can now perform simple interface bonding as well as provide more advanced configuration capabilities without utilizing third party tools. Where do I find this feature? Admin tab > System and License Management > Double-click an appliance > Network Interfaces 32 IBM Security
33 Get logs Collect Application Extension Logs Getlogs now has the ability to collect log data for our Applications. Where? System and License Management > Actions > Collect Log Files NOTE: Administrators who want to leverage application extensions on their Console should be using QRadar Patch 4 or later. 33 IBM Security
34 Reference Data Changes in QRadar 7.2.7
35 Remove from Reference Data Collections Administrators can now configure a rule response to remove items from reference data collections. Rules can be configured to delete from: Reference Set Reference Map Reference Map of Sets Reference Map of Maps Reference Table 35 IBM Security
36 API Changes in QRadar 7.2.7
37 API Updates introduces QRadar V6.0 API endpoints The following APIs have been removed: Version 2.0, 3.0, and 3.1 endpoints. The following APIs have been added in 7.2.7: Help API endpoints Offenses API endpoints QRadar Vulnerability Manager API endpoints System API endpoints 37 IBM Security
38 API Updates Help API Endpoints The following APIs have been added in /api/help/versions Retrieves a list of version documentation objects currently in the system. /api/help/versions/{version_id} Retrieves a single version documentation object. /api/help/resources Retrieves a list of resource documentation objects currently in the system. /api/help/resources/{resource_id} Retrieves a single resource documentation object. /api/help/endpoints Retrieves a list of endpoint documentation objects that are currently in the system. /api/help/endpoints/{endpoints_id} Retrieves a single endpoint documentation object. The following endpoint has been removed /help/capabilities Lists all QRadar API capabilities. 38 IBM Security
39 API Updates Offense API Endpoints The following APIs have been added in /api/help/versions Retrieves a list of version documentation objects currently in the system. /api/help/versions/{version_id} Retrieves a single version documentation object. /api/help/resources Retrieves a list of resource documentation objects currently in the system. /api/help/resources/{resource_id} Retrieves a single resource documentation object. /api/help/endpoints Retrieves a list of endpoint documentation objects that are currently in the system. /api/help/endpoints/{endpoints_id} Retrieves a single endpoint documentation object. /help/capabilities Lists all QRadar API capabilities. 39 IBM Security
40 API Updates - Offenses API endpoints The following APIs have been added in /api/siem/offenses_types Retrieves all offense types. /api/system/servers/{server_id}/network_interfaces/ethern et Retrieves an offense type structure that describes the properties of an offense type. The following endpoints are updated: /api/siem/offenses Retrieves a list of offenses currently in the system. /api/siem/offenses/{offense_id} Updates an offense. 40 IBM Security
41 API Updates - QRadar Vulnerability Manager API endpoints The following APIs have been added in QRadar /api/qvm/saved_searches New endpoints for working with vulnerability saved searches /api/qvm/saved_searches/{saved_search_id} Retrieves a saved search. /api/qvm/saved_searches/{saved_search_id}/vuln_instances Creates the Vulnerability Instances search. /api/qvm/saved_searches/vuln_instances/{task_id}/status Retrieves the current status of a Vulnerability Instance present in the asset model. /api/qvm/saved_searches/vuln_instances/{task_id}/status Retrieves the status of a Vulnerability Instance. /api/qvm/saved_searches/vuln_instances/{task_id}/results/vuln_instances Lists the Vulnerability Instances returned from a saved search. /api/qvm/saved_searches/vuln_instances/{task_id}/results/assets Lists the Vulnerability Instances assets returned from the saved search. /api/qvm/saved_searches/vuln_instances/{task_id}/results/vulnerabilities Lists the Vulnerability Instances vulnerabilities returned from the saved search. 41 IBM Security
42 API Updates - System API endpoints The following APIs have been added in /api/system/servers/{server_id}/network_interfaces/bonded Creates a new bonded network interface. /api/system/servers/{server_id}/network_interfaces/bonded/{device_name}removes a bonded network interface. The following APIs have been updated in /api/system/servers/{server_id}/network_interfaces/bonded Retrieves a list of the bonded network interfaces based on the supplied server ID. /api/system/servers/{server_id}/network_interfaces/bonded/{device_name} Updates an existing bonded network interface. /api/system/servers/{server_id}/network_interfaces/ethernet Retrieves a list of the Ethernet network interfaces based on the supplied server ID. /api/system/servers/{server_id}/network_interfaces/ethernet/{device_name} Updates an Ethernet network interface based on the supplied server ID and device name. 42 IBM Security
43 API Updates - QRadar Vulnerability Manager API endpoints The following APIs have been removed in /api/qvm/savedsearches /api/qvm/vulninstances 43 IBM Security
44 API Resources QRadar API doc link QRADAR_CONSOLE_IP/api_doc Developer Works Forum to discuss, share and troubleshoot APIs API Samples and Examples on GitHub NOTE: Code samples for QRadar are still in validation with our quality team. These API code samples are expected to be released in two weeks. As always, administrators can use the API forums to keep up-to-date on when these code samples are posted. Code samples are published by QRadar development as a learning tool for administrators and developers to understand how to leverage features in the QRadar API. 44 IBM Security
45 Extension / Application Framework Updates in QRadar 7.2.7
46 Extension / Framework Enhancements Resource Specification Application writers can now specify the amount of RAM necessary for the applications to run. The defaults from will still exist but now apps can specify higher requirements and have higher default memory allocations. This feature is important for applications that will be performing resources intensive operations such as advanced analytics Automatic upgrade of apps when being deployed from the SDK Numerous enablement updates in preparation for the SDK Application (App for writing Apps) 46 IBM Security
47 THANK YOU FOLLOW US ON: QRadar Forums: securityintelligence.com xforce.ibmcloud.com Copyright IBM Corporation All rights reserved. The information contained in these materials is provided for informational purposes only, and is provided AS IS without warranty of any kind, express or implied. Any statement of direction represents IBM's current intent, is subject to change or withdrawal, and represent only goals and objectives. IBM, the IBM logo, and other IBM products and services are trademarks of the International Business Machines Corporation, in the United States, other countries or both. Other company, product, or service names may be trademarks or service marks of others. Statement of Good Security Practices: IT system security involves protecting systems and information through prevention, detection and response to improper access from within and outside your enterprise. Improper access can result in information being altered, destroyed, misappropriated or misused or can result in damage to or misuse of your systems, including for use in attacks on others. No IT system or product should be considered completely secure and no single product, service or security measure can be completely effective in preventing improper use or access. IBM systems, products and services are designed to be part of a lawful, comprehensive security approach, which will necessarily involve additional operational procedures, and may require other systems, products or services to be most effective. IBM does not warrant that any systems, products or services are immune from, or will make your enterprise immune from, the malicious or illegal conduct of any party.
IBM Security Support Open Mic
IBM Security Support Open Mic LET S TALK ABOUT QRADAR 7.2.8 FEATURES Connect to WebEx Audio by selecting an option in the Audio Connection dialog or by accessing the Communicate > Audio Connection menu
More informationLet s Talk About Threat Intelligence
Let s Talk About Threat Intelligence IBM SECURITY SUPPORT OPEN MIC #20 Slides and additional dial in numbers: http://ibm.biz/openmic20 January 26, 2017 NOTICE: BY PARTICIPATING IN THIS CALL, YOU GIVE YOUR
More informationQRadar Open Mic: Custom Properties
November 29, 2017 QRadar Open Mic: Custom Properties IBM SECURITY SUPPORT OPEN MIC To hear the WebEx audio, select an option in the Audio Connection dialog or by access the Communicate > Audio Connection
More informationDeploying BigFix Patches for Red Hat
Deploying BigFix Patches for Red Hat IBM SECURITY SUPPORT OPEN MIC Reminder: You must dial-in to the phone conference to listen to the panelists. The web cast does not include audio. USA toll-free: 866-803-2141
More informationLet s talk about QRadar 7.2.5
QRadar Open Mic Webcast #9 June 10, 2015 Let s talk about QRadar 7.2.5 Panelists Dwight Spencer Principal Solutions Architect & Co-founder of Q1 Labs Adam Frank Principal Solutions Architect Jeremy Mathews
More informationOptimizing IBM QRadar Advisor with Watson
Optimizing IBM QRadar Advisor with Watson IBM SECURITY SUPPORT OPEN MIC #25 Slides and additional dial in numbers: http://ibm.biz/openmic25 June 8, 2017 NOTICE: BY PARTICIPATING IN THIS CALL, YOU GIVE
More informationAnalyzing Hardware Inventory report and hardware scan files
Analyzing Hardware Inventory report and hardware scan files IBM LICENSE METRIC TOOL AND BIGFIX INVENTORY SUPPORT OPEN MIC To hear the WebEx audio, select an option in the Audio Connection dialog or by
More informationIBM Security Network Protection
IBM Security Network Protection XGS 5.3.3 firmware release Features and Enhancements IBM SECURITY SUPPORT OPEN MIC Reminder: You must dial-in to the phone conference to listen to the panelists. The web
More informationIBM Threat Protection System: XGS - QRadar Integration
IBM Security Network Protection Support Open Mic - Wednesday, 25 May 2016 IBM Threat Protection System: XGS - QRadar Integration Panelists Tanmay Shah - Presenter Level 2 Support Product Lead Danitza Villaran-Rokovich,
More informationMore on relevance checks in ILMT and BFI
More on relevance checks in ILMT and BFI IBM LICENSE METRIC TOOL AND BIGFIX INVENTORY SUPPORT OPEN MIC To hear the WebEx audio, select an option in the Audio Connection dialog or by accessing the Communicate
More informationWhat's new in AppScan Standard/Enterprise/Source version
What's new in AppScan Standard/Enterprise/Source version 9.0.3.4 support Open Mic Reminder: You must dial-in to the phone conference to listen to the panelists. The web cast does not include audio. USA
More informationXGS & QRadar Integration
IBM Security Support Open Mic - January 28, 2015 XGS & QRadar Integration Advanced Threat Protection Integration Options Panelists Wes Davis Advanced Threat Support Group Engineer (Presenter) Thomas Gray
More informationHow AppScan explores applications with ABE and RBE
How AppScan explores applications with ABE and RBE IBM SECURITY SUPPORT OPEN MIC To hear the WebEx audio, select an option in the Audio Connection dialog or by access the Communicate > Audio Connection
More informationIBM Security Network Protection Open Mic - Thursday, 31 March 2016
IBM Security Network Protection Open Mic - Thursday, 31 March 2016 Application Control and IP Reputation on the XGS Demystified Panelists Tanmay Shah, Presenter IPS/Network Protection Product Lead Bill
More informationIntroduction to IBM Security Network Protection Manager
Introduction to IBM Security Network Protection Manager IBM SECURITY SUPPORT OPEN MIC Slides are at: https://ibm.biz/bdscvz NOTICE: BY PARTICIPATING IN THIS CALL, YOU GIVE YOUR IRREVOCABLE CONSENT TO IBM
More informationUsing Buffer Usage Monitor Report & Sniffer must_gather for troubleshooting
Using Buffer Usage Monitor Report & Sniffer must_gather for troubleshooting IBM SECURITY SUPPORT OPEN MIC To hear the WebEx audio, select an option in the Audio Connection dialog or by access the Communicate
More informationBigFix Query Unleashed!
BigFix Query Unleashed! Lee Wei IBM SECURITY SUPPORT OPEN MIC To hear the WebEx audio, select an option in the Audio Connection dialog or by accessing the Communicate > Audio Connection menu option. To
More informationIntegrated, Intelligence driven Cyber Threat Hunting
Integrated, Intelligence driven Cyber Threat Hunting THREAT INVESTIGATION AND RESPONSE PLATFORM Zsolt Kocsis IBM Security Technical Executive, CEE zsolt.kocsis@hu.ibm.com 6th Nov 2018 Build an integrated
More informationDisk Space Management of ISAM Appliance
IBM Security Access Manager Tuesday, 5/3/16 Disk Space Management of ISAM Appliance Panelists David Shen Level 2 Support Engineer Steve Hughes Level 2 Support Engineer Nicholas Hasten Level 2 Support Engineer
More informationIBM BigFix Client Reporting: Process, Configuration, and Troubleshooting
IBM BigFix Client Reporting: Process, Configuration, and Troubleshooting IBM SECURITY SUPPORT OPEN MIC To hear the WebEx audio, select an option in the Audio Connection dialog or by access the Communicate
More informationInterpreting relevance conditions in commonly used ILMT/BFI fixlets
Interpreting relevance conditions in commonly used ILMT/BFI fixlets IBM LICENSE METRIC TOOL AND BIGFIX INVENTORY SUPPORT OPEN MIC To hear the WebEx audio, select an option in the Audio Connection dialog
More informationSecurity Support Open Mic Build Your Own POC Setup
IBM Security Access Manager 08/25/2015 Security Support Open Mic Build Your Own POC Setup Panelists Reagan Knowles Level II Engineer Nick Lloyd Level II Support Engineer Kathy Hansen Level II Support Manager
More informationXGS Administration - Post Deployment Tasks
IBM Security Network Protection Support Open Mic - 18 November 2015 XGS Administration - Post Deployment Tasks Panelists Tanmay Shah XGS Product Lead, L2 Support (Presenter) Thomas Gray L2 Support Manager
More informationIBM Security Identity Manager New Features in 6.0 and 7.0
IBM Security Identity Manager New Features in 6.0 and 7.0 IBM SECURITY SUPPORT OPEN MIC To hear the WebEx audio, select an option in the Audio Connection dialog or by access the Communicate > Audio Connection
More informationHTTP Transformation Rules with IBM Security Access Manager
HTTP Transformation Rules with IBM Security Access Manager IBM SECURITY SUPPORT OPEN MIC To hear the WebEx audio, select an option in the Audio Connection dialog or by access the Communicate > Audio Connection
More informationConfiguring zsecure To Send Data to QRadar
Configuring zsecure To Send Data to QRadar CONFIGURATION, SETUP, AND EXAMPLES Reminder: You must dial-in to the phone conference to listen to the panelists. The web cast does not include audio. USA toll-free:
More informationWhat's new in AppScan Standard version
What's new in AppScan Standard version 9.0.3.5 IBM Audio Security Connection support dialog by Open access Mic the Slides and more information: http://www.ibm.com/support/docview.wss?uid=swg27049311 February
More informationIBM Security Access Manager v8.x Kerberos Part 1 Desktop Single Sign-on Solutions
IBM Security Access Manager open mic webcast July 14, 2015 IBM Security Access Manager v8.x Kerberos Part 1 Desktop Single Sign-on Solutions Panelists Gianluca Gargaro L2 Support Engineer Darren Pond L2
More informationConfiguring your policy to prevent appliance problems
Configuring your policy to prevent appliance problems IBM Security Guardium IBM SECURITY SUPPORT OPEN MIC To hear the WebEx audio, select an option in the Audio Connection dialog or by access the Communicate
More informationUnderstanding scan coverage in AppScan Standard
IBM Security AppScan Standard Open Mic Webcast January 27, 2015 Understanding scan coverage in AppScan Standard Panelists Shahar Sperling Software Architect at Application Security AppScan Tal Rabinovitch
More informationSecurity Support Open Mic: ISNP High Availability and Bypass
Panelists Ed Leisure Knowledge Engineer, Presenter Andrew Sallaway SWAT Consultant Kenji Hamahata L2 Engineer (Japan) Maxime Turlot Product Lead Arthur Testa Product Lead Jeff Dicostanzo Advanced Value
More informationXGS: Making use of Logs and Captures
IBM Security Network Protection XGS Open Mic webcast #6 June 24, 2015 XGS: Making use of Logs and Captures Panelists Bill Klauke (Presenter) Product Lead L2 Support Maxime Turlot Product Lead L2 Support
More informationSecuring global enterprise with innovation
IBM Cybersecurity Securing global enterprise with innovation Shamla Naidoo VP, IBM Global CISO August 2018 Topics 01 02 03 Securing Large Complex Enterprise Accelerating With Artificial Intelligence And
More informationIBM Security Access Manager Single Sign-on with Federation
IBM Security Access Manager Single Sign-on with Federation IBM SECURITY SUPPORT OPEN MIC To hear the WebEx audio, select an option in the Audio Connection dialog or by access the Communicate > Audio Connection
More informationMay the (IBM) X-Force Be With You
Ann Arbor, Michigan July 23-25 May the (IBM) X-Force Be With You A QUICK PEEK INTO ONE OF THE MOST RENOWNED SECURITY TEAMS IN THE WORLD Marlon Machado Worldwide Standardization Leader, Application Security
More informationIBM BigFix Relays Part 1
IBM BigFix Relays Part 1 IBM SECURITY SUPPORT OPEN MIC November 19, 2015 Revised March 2, 2018 NOTICE: BY PARTICIPATING IN THIS CALL, YOU GIVE YOUR IRREVOCABLE CONSENT TO IBM TO RECORD ANY STATEMENTS THAT
More informationLet's talk about QRadar Apps: Development & Troubleshooting IBM SECURITY SUPPORT OPEN MIC
Let's talk about QRadar Apps: Development & Troubleshooting IBM SECURITY SUPPORT OPEN MIC Slides and additional dial in numbers: http://ibm.biz/joinqradaropenmic August 23, 2017 NOTICE: BY PARTICIPATING
More informationIBM Security Guardium: : Sniffer restart & High CPU correlation alerts
IBM Security Guardium: : Sniffer restart & High CPU correlation alerts IBM SECURITY SUPPORT OPEN MIC, presented by Lisette Contreras, Guardium Support To hear the WebEx audio, select an option in the Audio
More informationRemote Syslog Shipping IBM Security Guardium
Remote Syslog Shipping IBM Security Guardium IBM Security support Open Mic To hear the WebEx audio, select an option in the Audio Connection dialog or by access the Communicate > Audio Connection menu
More informationISAM Advanced Access Control
ISAM Advanced Access Control CONFIGURING TIME-BASED ONE TIME PASSWORD Nicholas J. Hasten ISAM L2 Support Tuesday, November 1, 2016 One Time Password OTP is a password that is valid for only one login session
More informationSecurity Support Open Mic Client Certificate Authentication
IBM Security Access Manager, Tuesday, December 8, 2015 Security Support Open Mic Client Certificate Authentication Panelists Jack Yarborough ISAM Level II Nick Lloyd ISAM Level II Scott Stough ISAM Level
More informationIBM Security Access Manager v8.x Kerberos Part 2
IBM Security Access Manager open mic webcast - Oct 27, 2015 IBM Security Access Manager v8.x Kerberos Part 2 Kerberos Single Sign On using Constrained Delegation Panelists Gianluca Gargaro L2 Support Engineer
More informationIBM Security Network Protection v Enhancements
IBM Security Network Protection v5.3.3.1 Enhancements IBM SECURITY SUPPORT OPEN MIC To hear the WebEx audio, select an option in the Audio Connection dialog or by access the Communicate > Audio Connection
More informationJunction SSL Debugging With Wireshark
Junction SSL Debugging With Wireshark IBM SECURITY SUPPORT OPEN MIC To hear the WebEx audio, select an option in the Audio Connection dialog or by access the Communicate > Audio Connection menu option.
More informationMSS VSOC Portal Single Sign-On Using IBM id IBM Corporation
MSS VSOC Portal Single Sign-On Using IBM id Changes to VSOC Portal Sign In Page Users can continue to use the existing Client Sign In on the left and enter their existing Portal username and password.
More informationISAM Federation STANDARDS AND MAPPINGS. Gabriel Bell IBM Security L2 Support Jack Yarborough IBM Security L2 Support.
ISAM Federation STANDARDS AND MAPPINGS Gabriel Bell IBM Security L2 Support Jack Yarborough IBM Security L2 Support July 19, 2017 Agenda ISAM Federation Introduction Standards and Protocols Attribute Sources
More informationIBM Security Guardium: Troubleshooting No Traffic Issues
IBM Security Guardium: Troubleshooting No Traffic Issues IBM SECURITY SUPPORT OPEN MIC To hear the WebEx audio, select an option in the Audio Connection dialog or by access the Communicate > Audio Connection
More informationThreat Intelligence to enhance Cyber Resiliency KEVIN ALBANO GLOBAL THREAT INTELLIGENCE LEAD IBM X-FORCE INCIDENT RESPONSE AND INTELLIGENCE SERVICES
Threat Intelligence to enhance Cyber Resiliency KEVIN ALBANO GLOBAL THREAT INTELLIGENCE LEAD IBM X-FORCE INCIDENT RESPONSE AND INTELLIGENCE SERVICES Agenda Welcome Threat Intelligence EcoSystem Cyber Resiliency
More informationIBM Security technology and services for GDPR programs GIULIA CALIARI SECURITY ARCHITECT
IBM Security technology and services for GDPR programs GIULIA CALIARI SECURITY ARCHITECT NOTICE Clients are responsible for ensuring their own compliance with various laws and regulations, including the
More informationIBM Security QRadar Version 7 Release 3. Community Edition IBM
IBM Security QRadar Version 7 Release 3 Community Edition IBM Note Before you use this information and the product that it supports, read the information in Notices on page 7. Product information This
More informationHow to properly deploy, configure and upgrade the NAB
Panelists Jeff DiCostanzo, Presenter AVP Team Lead Bill Klauke - Level 2 Product Lead Maxime Turlot - Level 2 Product Lead Ryan Andersen - Level 2 Senior Engineer Edward A Romero - Level 3 Network Security
More informationIBM Security QRadar Version Architecture and Deployment Guide IBM
IBM Security QRadar Version 7.3.1 Architecture and Deployment Guide IBM Note Before you use this information and the product that it supports, read the information in Notices on page 41. Product information
More informationCybersecurity. You have been breached; What Happens Next THE CHALLENGE FOR THE FINANCIAL SERVICES INDUSTRY
Cybersecurity THE CHALLENGE FOR THE FINANCIAL SERVICES INDUSTRY Gary Meshell World Wide Leader Financial Services Industry IBM Security March 21 2019 You have been breached; What Happens Next 2 IBM Security
More informationIBM Guardium Data Encryption
IBM Guardium Data Encryption RELEASE TAXONOMY FOR LINUX/AIX/WINDOWS 10-October-2018 GDE Taxonomy Version V.0.0.0 Major V.R.0.0 Mod V.R.M.0 SSE V.R.M.F Fixpack V.R.M.F Cadence 36-48 Months 12-15 Months
More informationJuniper Secure Analytics Patch Release Notes
Juniper Secure Analytics Patch Release Notes 2014.8 October 2017 2014.8.r11.20171013131303 patch resolves several known issues in Juniper Secure Analytics (JSA). Contents Installing 2014.8.r11 Patch..............................................
More informationIBM Security QRadar Deployment Intelligence app IBM
IBM Security QRadar Deployment Intelligence app IBM ii IBM Security QRadar Deployment Intelligence app Contents QRadar Deployment Intelligence app.. 1 Installing the QRadar Deployment Intelligence app.
More informationIBM BigFix Relays Part 2
IBM BigFix Relays Part 2 IBM SECURITY SUPPORT OPEN MIC December 17, 2015 NOTICE: BY PARTICIPATING IN THIS CALL, YOU GIVE YOUR IRREVOCABLE CONSENT TO IBM TO RECORD ANY STATEMENTS THAT YOU MAY MAKE DURING
More informationIBM Security Access Manager What s in the box : InfoMap Authentication Mechanism IBM SECURITY SUPPORT OPEN MIC. 13 Dec 2017
IBM Security Access Manager What s in the box : InfoMap Authentication Mechanism IBM SECURITY SUPPORT OPEN MIC 13 Dec 2017 IBM Security Learning Academy www.securitylearningacademy.com New content published
More informationFabrizio Patriarca. Come creare valore dalla GDPR
Fabrizio Patriarca Come creare valore dalla GDPR Disclaimer Notice: Clients are responsible for ensuring their own compliance with various laws and regulations, including the European Union General Data
More informationThe New Era of Cognitive Security
The New Era of Cognitive Security IBM WATSON SUMMIT KANOKSAK RATCHAPAT Senior Technical Sales 1 Today s security challenges ACTORS TARGETS VECTORS REALITY Organized Crime Healthcare Ransomware Cloud, mobile,
More informationIBM Security Directory Server: Utilizing the Audit.log
IBM Security Directory Server Open Mic Webcast #1 November 4, 2014 IBM Security Directory Server: Utilizing the Audit.log Panelists Roy Spencer L2LDAP Technical Lead Ram Reddy L2LDAP Senior Engineer Benjamin
More informationBe effective in protecting against the cybercrime
Be effective in protecting against the cybercrime INTEGRATED SECURITY FOR A NEW ERA Domenico Raguseo Domenico Scardicchio Luca Bizzotto Simone Riccetti Technical Sales Manager, Europe Software Procdut
More informationIdentity Governance Troubleshooting
Identity Governance Troubleshooting Chris Weber Level 2 support, IBM Security May 16, 2017 Identity Governance Troubleshooting Support Files contents Accessing different logs and other files though the
More informationQRadar Support 101: WinCollect Troubleshooting
QRadar Support 101: WinCollect Troubleshooting A discussion about WinCollect, troubleshooting, when to contact support, tips and other helpful information. https://ibm.biz/joinqradaropenmic September 21
More informationJuniper Secure Analytics Patch Release Notes
Juniper Secure Analytics Patch Release Notes 2014.5 June 2015 2014.5.r1.20150605140117 patch resolves several known issues in Juniper Secure Analytics (JSA). Contents Installing 2014.5.r1 Patch..............................................
More informationIBM Security Identity Governance and Intelligence Clustering and High Availability
IBM Security Identity Governance and Intelligence Clustering and High Availability IBM SECURITY SUPPORT Luigi Lombardi: luigi.lombardi@it.ibm.com Gianluca Gargaro: g.gargaro@it.ibm.com Raffaele Sperandeo:
More informationGX vs XGS: An administrator s comparison of the two products
: An administrator s comparison of the two products Panelists Bill Klauke IPS Product Lead, Level 2 Support Matthew Elsner XGS Development Yuceer (Banu) Ilgen XGS Development Jeff Dicostanzo AVP Support
More informationIBM MaaS360 Kiosk Mode Settings
IBM MaaS360 Kiosk Mode Settings Configuration Settings for Kiosk Mode Operation IBM Security September 2017 Android Kiosk Mode IBM MaaS360 provides a range of Android device management including Samsung
More informationIBM Security. Endpoint Manager- BigFix. Daniel Joksch Security Sales IBM Corporation
IBM Security Endpoint Manager- BigFix Daniel Joksch Security Sales Establish security as an immune system Malware protection Incident and threat management Identity management Device management Data monitoring
More informationBigFix 101- Server Pricing
BigFix 101- Server Pricing Licensing in a Nutshell BigFix is included with AIX Enterprise Edition (AIX EE). If you have AIX EE on a system, all the cores on that system are covered and any LPAR running
More informationIBM Security QRadar. WinCollect User Guide V7.2.7 IBM
IBM Security QRadar WinCollect User Guide V7.2.7 IBM Note Before using this information and the product that it supports, read the information in Notices on page 67. Product information Copyright IBM Corporation
More informationIBM Cloud IBM Cloud for VMware Solutions Zeb Ahmed Senior Offering Manager and BCDR Leader VMware on IBM Cloud VMworld 2017 Content: Not for publicati
LHC2432BU IBM Cloud for VMware Solutions Zeb Ahmed Senior Offering Manager and BCDR Leader VMware on IBM Cloud #VMworld IBM Cloud IBM Cloud for VMware Solutions Zeb Ahmed Senior Offering Manager and BCDR
More informationIBM Security QRadar SIEM Version Getting Started Guide
IBM Security QRadar SIEM Version 7.2.0 Getting Started Guide Note: Before using this information and the product that it supports, read the information in Notices and Trademarks on page 35. Copyright IBM
More informationSWD & SSA Updates 2018
SWD & SSA Updates 2018 Stephen Hull STSM, BigFix Development 04/09/2018 Latest SWD & SSA features What s shiny and new? SWD Support multiple tasks for a software pkg Install, Update, Uninstall, etc Export/Import
More informationOpen Mic #13: Log Source Protocols
IBM Security QRadar April 28, 2016 Open Mic #13: Log Source Protocols Panelists Colin Hay QRadar Ecosystem Team Lead Chris Collins Integration Team Lead L3/Maintenance Randika Upathilake Integration Team
More informationIBM Security QRadar Version Community Edition IBM
IBM Security QRadar Version 7.3.1 Community Edition IBM Note Before you use this information and the product that it supports, read the information in Notices on page 7. Product information This document
More informationCarbon Black QRadar App User Guide
Carbon Black QRadar App User Guide Table of Contents Carbon Black QRadar App User Guide... 1 Cb Event Forwarder... 2 Overview...2 Requirements...2 Install Cb Event Forwarder RPM...2 Configure Cb Event
More informationJuniper Secure Analytics Patch Release Notes
Juniper Secure Analytics Patch Release Notes 2014.8 January 2018 2014.8.r12.20171213225424 patch resolves several known issues in Juniper Secure Analytics (JSA). Contents Installing 2014.8.r12 Patch.............................................
More informationBlackBerry Developer Summit. A02: Rapid Development Leveraging BEMS Services and the AppKinetics Framework
BlackBerry Developer Summit A02: Rapid Development Leveraging BEMS Services and the AppKinetics Framework Page 2 of 21 Table of Contents 1. Workbook Scope... 4 2. Compatibility... 4 3. Source code download
More informationQLean for IBM Security QRadar SIEM: Admin Guide QLEAN FOR IBM SECURITY QRADAR SIEM ADMIN GUIDE ScienceSoft Page 1 from 18
www.scnsoft.com QLEAN FOR IBM SECURITY QRADAR SIEM ADMIN GUIDE 2018 ScienceSoft Page 1 from 18 Table of Contents Overview... 3 QLean Installation... 4 Download QLean... 4 Install QLean... 4 Request license
More informationHow to Secure Your Cloud with...a Cloud?
A New Era of Thinking How to Secure Your Cloud with...a Cloud? Eitan Worcel Offering Manager - Application Security on Cloud IBM Security 1 2016 IBM Corporation 1 A New Era of Thinking Agenda IBM Cloud
More informationIBM Security QRadar Version What's new IBM
IBM Security QRadar Version 7.3.1 What's new IBM Note Before you use this information and the product that it supports, read the information in Notices on page 17. Product information This document applies
More informationManaged Security Services - Endpoint Managed Security on Cloud
Services Description Managed Security Services - Endpoint Managed Security on Cloud The services described herein are governed by the terms and conditions of the agreement specified in the Order Document
More informationJuniper Secure Analytics Virtual Appliance Installation Guide
Juniper Secure Analytics Virtual Appliance Installation Guide Release 7.3.0 Modified: 2017-09- Juniper Networks, Inc. 1133 Innovation Way Sunnyvale, California 9089 USA 08-75-2000 www.juniper.net Copyright
More informationIBM Security QRadar Version Hardware Guide SC
IBM Security QRadar Version 7.2.3 Hardware Guide SC27-6534-00 Note Before you use this information and the product that it supports, read the information in Notices on page 27. Copyright IBM Corporation
More informationForeScout Extended Module for Carbon Black
ForeScout Extended Module for Carbon Black Version 1.0 Table of Contents About the Carbon Black Integration... 4 Advanced Threat Detection with the IOC Scanner Plugin... 4 Use Cases... 5 Carbon Black Agent
More informationIBM QRadar User Behavior Analytics (UBA) app Version 2 Release 7. User Guide IBM
IBM QRadar User Behavior Analytics (UBA) app Version 2 Release 7 User Guide IBM Note Before you use this information and the product that it supports, read the information in Notices on page 149. Product
More informationIBM IBM Security QRadar SIEM V7.1 Implementation.
IBM 000-196 IBM Security QRadar SIEM V7.1 Implementation http://killexams.com/exam-detail/000-196 QUESTION: 52 Vulnerability assessment functionality uses vulnerability scan data to build and populate
More informationThe McGill University Health Centre (MUHC)
The McGill University Health Centre (MUHC) Strengthening its security posture with in- depth global intelligence Overview The need MUHC security staff wanted to more quickly identify and assess potential
More informationSTRM Getting Started Guide. Release Security Threat Response Manager. Juniper Networks, Inc.
Security Threat Response Manager STRM Getting Started Guide Release 2013.2 Juniper Networks, Inc. 1194 North Mathilda Avenue Sunnyvale, CA 94089 USA 408-745-2000 www.juniper.net Published: 2013-09-16 Copyright
More informationForescout. eyeextend for IBM BigFix. Configuration Guide. Version 1.2
Forescout Version 1.2 Contact Information Forescout Technologies, Inc. 190 West Tasman Drive San Jose, CA 95134 USA https://www.forescout.com/support/ Toll-Free (US): 1.866.377.8771 Tel (Intl): 1.408.213.3191
More informationIBM Security QRadar. Vulnerability Assessment Configuration Guide. January 2019 IBM
IBM Security QRadar Vulnerability Assessment Configuration Guide January 2019 IBM Note Before using this information and the product that it supports, read the information in Notices on page 89. Product
More informationForescout. eyeextend for Palo Alto Networks Wildfire. Configuration Guide. Version 2.2
Forescout Version 2.2 Contact Information Forescout Technologies, Inc. 190 West Tasman Drive San Jose, CA 95134 USA https://www.forescout.com/support/ Toll-Free (US): 1.866.377.8771 Tel (Intl): 1.408.213.3191
More informationIBM Security QRadar SIEM Version Getting Started Guide IBM
IBM Security QRadar SIEM Version 7.3.1 Getting Started Guide IBM Note Before you use this information and the product that it supports, read the information in Notices on page 21. Product information This
More informationJuniper Secure Analytics Patch Release Notes
Juniper Secure Analytics Patch Release Notes 7.3.0 January 2018 7.3.0.20171205025101 patch resolves several known issues in Juniper Secure Analytics (JSA). Contents Administrator Notes..................................................
More informationIBM Application Security on Cloud
April, 2017 IBM Application Security on Cloud Service Overview Security has and will always be about understanding, managing, and mitigating the risk to an organization s most critical assets. - Dr. Eric
More informationContent for Sophos- Theory and lab session
Content for Sophos- Theory and lab session Module 1 : Enduser Protection deployment scenarios Review of Enduser Protection features and components Factors to consider when designing solutions Single site
More informationNotice on Names and Logos Used in This Presentation
Notice on Names and Logos Used in This Presentation NON-IBM PRODUCT AND SERVICE NAMES, LOGOS, AND BRANDS ARE PROPERTY OF THEIR RESPECTIVE OWNERS. ALL COMPANY, PRODUCT AND SERVICE NAMES USED IN THIS WEBSITE
More informationPredators are lurking in the Dark Web - is your network vulnerable?
Predators are lurking in the Dark Web - is your network vulnerable? Venkatesh Sadayappan (Venky) Security Portfolio Marketing Leader IBM Security - Central & Eastern Europe Venky.iss@cz.ibm.com @IBMSecurityCEE
More informationDetector Service Delivery System (SDS) Version 3.0
Detector Service Delivery System (SDS) Version 3.0 Detecting and Responding to IT Security Policy Violations Quick Start Guide 2018 RapidFire Tools, Inc. All rights reserved. V20180112 Contents Overview
More information