Enhanced Cyber Security with IBM Spectrum Scale and IBM QRadar

An IBM Redpaper publication

Published 23 September 2019

cover image

ISBN-10: 0738458015
ISBN-13: 9780738458014
IBM Form #: REDP-5560-00
(44 pages)

More options

Rate and comment

Authors: Boudhayan Chakrabarty, Praphullachandra Sharad Mujumdar, Smita J. Raut, Sandeep R. Patil

Abstract

Having appropriate storage for hosting business-critical data and advanced Security Information and Event Management software for deep inspection, detection, and prioritization of threats has become a necessity of any business. This IBM® Redpaper publication explains how the storage features of IBM Spectrum® Scale, combined with the log analysis, deep inspection, and detection of threats provided by IBM QRadar®, helps reduce the impact of incidents on business data. Such integration provides an excellent platform for hosting unstructured business data that is subject to regulatory compliance requirements.

This paper describes how IBM Spectrum Scale file audit logging can be integrated with IBM QRadar. Using QRadar, an administrator can monitor, inspect, detect, and derive insights for identifying potential threats to the data stored on IBM Spectrum Scale. When the threats are identified, you can quickly act on them to mitigate or reduce the impact of incidents.

This paper is intended for chief technology officers, solution engineers, security architects, and systems administrators.

NOTE: This paper assumes a basic understanding of IBM Spectrum Scale, IBM QRadar, and their administration.

Table of contents

IBM Spectrum Scale and IBM QRadar
Introduction to IBM Spectrum Scale
Introduction to IBM QRadar
IBM QRadar with IBM Spectrum Scale: Identify threats to data and take action on potential incidents
Environment
Setup
IBM Spectrum Scale cluster configuration
Configure IBM Spectrum Scale File Audit Logging
Understanding file audit logging: log file layout and log entries
Sending file audit logging events to IBM QRadar
Configure IBM QRadar to process IBM Spectrum Scale File Audit Log events
Creating the rules in IBM QRadar
Rule 1
Rule 2
Rule 3
Conclusion
Related Publications
Authors
Now you can become a published author, too
Stay connected to IBM Redbooks

Follow IBM Redbooks

Follow IBM Redbooks