Cyberattacks are likely to remain a significant risk for the foreseeable future. Attacks on organizations can be external and internal. Investing in technology and processes to prevent these cyberattacks is the highest priority for these organizations. Organizations need well-designed procedures and processes to recover from attacks.
The focus of this document is to demonstrate how the IBM® Unified Data Foundation (UDF) infrastructure plays an important role in delivering the persistence storage (PV) to containerized applications, such as IBM Cloud® Pak for Security (CP4S), with IBM Spectrum® Scale Container Native Storage Access (CNSA) that is deployed with IBM Spectrum scale CSI driver and IBM FlashSystem® storage with IBM Block storage driver with CSI driver. Also demonstrated is how this UDF infrastructure can be used as a preferred storage class to create back-end persistent storage for CP4S deployments.
We also highlight how the file I/O events are captured in IBM QRadar® and offenses are generated based on predefined rules. After the offenses are generated, we show how the cases are automatically generated in IBM Cloud Pak® for Security by using the IBM QRadar SOAR Plugin, with a manually automated method to log a case in IBM Cloud Pak for Security.
This document also describes the processes that are required for the configuration and integration of the components in this solution, such as:
Finally, this document shows the use of IBM Spectrum Scale CNSA and IBM FlashSystem storage that uses IBM block CSI driver to provision persistent volumes for CP4S deployment. All models of IBM FlashSystem family are supported by this document, including:
About this document
Unified Data Foundation overview
Configuring LDAP for CP4S users
Configuring domain name for CP4S
Configuring required TLS certificates for CP4S
Configuring CP4S on IBM Spectrum SCALE CNSA, StorageClass
Configuring QRadar with LDAP
Integrating IBM CP4S with IBM QRadar
Integrating IBM CP4S with IBM QRadar, Proxy
Enabling IBM Spectrum Scale logs forwarding
Configuring IBM Spectrum Scale log source in QRadar
Configuring IBM QRadar SOAR Plugin
Defining a reference set in QRadar
Defining rules in QRadar
Demonstration use case