Early Threat Detection and Safeguarding Data with IBM QRadar and IBM Copy Services Manager on IBM DS8000

Blueprint

thumbnail 

Published on 04 March 2022, updated 21 April 2022

  1. .EPUB (1.6 MB)
  2. .PDF (4.5 MB)

Apple BooksGoogle Play Books
Share this page:   

ISBN-10: 0738460400
ISBN-13: 9780738460406
IBM Form #: REDP-5677-00


Authors: IBM

    menu icon

    Abstract

    The focus of this blueprint is to highlight early threat detection by IBM® QRadar® and to proactively start a cyber resilience workflow in response to a cyberattack or malicious user actions.

    The workflow uses IBM Copy Services Manager (CSM) as orchestration software to start IBM DS8000® Safeguarded Copy functions. The Safeguarded Copy creates an immutable copy of the data in an air-gapped form on the same DS8000 system for isolation and eventual quick recovery.

    This document also explains the steps that are involved to enable and forward IBM DS8000 audit logs to IBM QRadar.

    It also discusses how to use create various rules to determine a threat, and configure and start a suitable response to the detected threat in IBM QRadar.

    Finally, this document explains how to register a storage system and create a Scheduled Task by using CSM.

    Table of Contents

    Executive summary

    Scope

    Introduction

    Prerequisites

    Solution overview

    Lab setup

    Summary

    Appendix A

     

    Others who read this also read