Enhanced Cyber Resilience Threat Detection with IBM FlashSystem Safeguarded Copy and IBM QRadar

Blueprint

thumbnail 

Published on August 13, 2021, updated October 15, 2021

  1. .EPUB (1.2 MB)
  2. .PDF (1.9 MB)

Apple BooksGoogle Play Books
Share this page:   

ISBN-10: 0738459879
ISBN-13: 9780738459875
IBM Form #: REDP-5655-00


Authors: IBM Storage

    menu icon

    Abstract

    The focus of this document is to demonstrate an early threat detection by using IBM® QRadar® and the Safeguarded Copy feature that is available as part of IBM FlashSystem® and IBM SAN Volume Controller. Such early detection protects and quickly recovers the data if a cyberattack occurs.

    This document describes integrating IBM FlashSystem audit logs with IBM QRadar, and the configuration steps for IBM FlashSystem and IBM QRadar. It also explains how to use the IBM QRadar’s device support module (DSM) editor to normalize events and assign IBM QRadar identifier (QID) map to the events.

    Post IBM QRadar configuration, we review configuring Safeguarded Copy on the application volumes by using volume groups and applying Safeguarded backup polices on the volume group.

    Finally, we demonstrate the use of orchestration software IBM Copy Services Manager to start a recovery, restore operations for data restoration on online volumes, and start a backup of data volumes.

    Table of Contents

    Introduction

    Executive summary

    Scope

    Introduction

    Safeguarded Copy feature

    IBM QRadar

    Prerequisites

    Solution overview

    Control path use cases

    Data path use case

    Lab setup

    Custom log source

    IBM QRadar sample rules

    Custom actions

    Summary

    Acknowledgment

    Appendix A

    Resources

     

    Others who read this also read