Deep Instinct v2.1 Extension for QRadar This scalable joint solution enables the seamless ingestion of Deep Instinct events into IBM QRadar platform, this results in higher visibility of security breaches and incidents and provids real-time response to stop APTs and 0-day attacks. The need to reduce the response time to cyber-attacks and amount of investigated incidents is increasing and becoming more urgent as cyber-attacks are becoming more sophisticated and yet targeted to attack enterprises of all sizes. Deep Instinct s Endpoint Protection provides unmatched real-time detection and prevention of unknown malware. When integrated with the alerting and event management capabilities of IBM QRadar, this achieves a more holistic and context-aware approach when responding to cyber-attacks. This solution stops attacks on a more proactive and accurate manner. Key Benefits Extends security event information by integrating Deep Instinct events with other events acquired by IBM QRadar Enhances IBM QRadar reporting and visualization capabilities with Deep Instinct s context and advanced analysis Integrates Deep Instinct administrative events using IBM QRadar, to monitor system administrative actions, which can then be correlated with all other events. Extension Download The Deep Instinct Extensions v2.1 for QRadar can be downloaded from https://exchange.xforce.ibmcloud.com/hub/extension/preview/2e6368c3ecc891bca5bf93f9a14fe1f2/2. 1.0 This extension is compatible with Deep Instinct v2.1. Extension Installation This section describes how to install the Deep Instinct extension for QRadar. 1. Login to QRadar webui 2. Go to Admin tab 3. Under System Configuration Click the Extensions Management
4. The extensions editor is opened in a new window 5. Click the Add button 6. Browse the extension file downloaded from the IBM X-Force exchange 7. Click the Add button (and make sure that the Install immediately is checked)
8. The extension will go through a short validation and then will be installed
9. Approve the installed content and make sure that the Overwrite is selected
Log source This section describes how to define Deep Instinct D-Appliance as a log source. 1. In the QRadar webui -> admin tab, click the Log Sources
2. The Log Sources is opened in a new window
3. Click the new button in the toolbar 4. Fill the D-Appliance details as follows: a. Log Source Name a name for the log source so it can be easily identified later b. Log Source Description a description for the log source c. Log Source Type set to Deep Instinct Events d. Protocol Configuration make sure it is set to Syslog e. Log Source Identifier set here the D-Appliance IP Address or host name f. Log Source Extension set to DeepInstinctEventsCustom_ext
5. Click the Save button Viewing events This section describes how to define a search so that Deep Instinct D-Appliance events will appear in an optimized way. 1. In the QRadar webui -> Log Activity tab 2. In the toolbar click Search -> New Search
3. Under the Search Parameters section a. Select the Log Source [Indexed] parameter b. Select the Equals operation c. Select the Deep Instinct log source as defined before 4. Select the columns to display as follows a. Event Name b. Log Source c. Event Count d. Start Time e. Category f. Source Host Name (custom) g. Source IP h. Source MAC i. ObjectType (custom) j. File Path (custom)
k. File Hash (custom) l. Username m. Message (custom) 5. Click the filter button 6. A search result for example:
Resources: https://www.ibm.com/support/knowledgecenter/ss42vs_7.2.8/com.ibm.qradar.doc/t_cmt_importing_ extensions.html About Deep Instinct Deep Instinct is the first company to apply deep learning to cybersecurity. Leveraging deep learning s predictive capabilities, Deep Instinct s on-device, proactive solution protects against zero-day threats and APT attacks with unmatched accuracy. Deep Instinct provides comprehensive defense that is designed to protect against the most evasive unknown malware in real-time, across an organization s endpoints, servers, and mobile devices. Deep learning s capabilities of identifying malware from any data source results in comprehensive protection on any device and operating system. For more information about Deep Instinct, visit: www.deepinstinct.com. Additional information For additional Deep Instinct information visit: https://www.deepinstinct.com