Securing IBM Spectrum Scale with QRadar and IBM Cloud Pak for Security

Blueprint

thumbnail 

Published on 17 December 2021, updated 20 December 2021

  1. .EPUB (2.5 MB)
  2. .PDF (9.8 MB)

Apple BooksGoogle Play Books
Share this page:   

ISBN-10: 0738460141
ISBN-13: 9780738460147
IBM Form #: REDP-5666-00


Authors: IBM

    menu icon

    Abstract

    Cyberattacks are likely to remain a significant risk for the foreseeable future. Attacks on organizations can be external and internal. Investing in technology and processes to prevent these cyberattacks is the highest priority for these organizations. Organizations need well-designed procedures and processes to recover from attacks.

    The focus of this document is to demonstrate how the IBM® Unified Data Foundation (UDF) infrastructure plays an important role in delivering the persistence storage (PV) to containerized applications, such as IBM Cloud® Pak for Security (CP4S), with IBM Spectrum® Scale Container Native Storage Access (CNSA) that is deployed with IBM Spectrum scale CSI driver and IBM FlashSystem® storage with IBM Block storage driver with CSI driver. Also demonstrated is how this UDF infrastructure can be used as a preferred storage class to create back-end persistent storage for CP4S deployments.

    We also highlight how the file I/O events are captured in IBM QRadar® and offenses are generated based on predefined rules. After the offenses are generated, we show how the cases are automatically generated in IBM Cloud Pak® for Security by using the IBM QRadar SOAR Plugin, with a manually automated method to log a case in IBM Cloud Pak for Security.

    This document also describes the processes that are required for the configuration and integration of the components in this solution, such as:

    • Integration of IBM Spectrum Scale with QRadar
    • QRadar integration with IBM Cloud Pak for Security
    • Integration of the IBM QRadar SOAR Plugin to generate automated cases in CP4S.

    Finally, this document shows the use of IBM Spectrum Scale CNSA and IBM FlashSystem storage that uses IBM block CSI driver to provision persistent volumes for CP4S deployment. All models of IBM FlashSystem family are supported by this document, including:

    • FlashSystem 9100 and 9200
    • FlashSystem 7200 and FlashSystem 5000 models
    • FlashSystem 5200
    • IBM SAN Volume Controller
    • All storage that is running IBM Spectrum Virtualize software

    Table of Contents

    About this document

    Executive summary

    Scope

    Use case

    Unified Data Foundation overview

    Lab architecture

    Lab setup

    Configuring LDAP for CP4S users

    Configuring domain name for CP4S

    Configuring required TLS certificates for CP4S

    Configuring CP4S on IBM Spectrum SCALE CNSA, StorageClass

    Configuring QRadar with LDAP

    Integrating IBM CP4S with IBM QRadar

    Integrating IBM CP4S with IBM QRadar, Proxy

    Enabling IBM Spectrum Scale logs forwarding

    Configuring IBM Spectrum Scale log source in QRadar

    Configuring IBM QRadar SOAR Plugin

    Defining a reference set in QRadar

    Defining rules in QRadar

    Demonstration use case

    Summary

    Appendix A

    Appendix B

     

    Others who read this also read