I look forward to co-presenting along with my colleague, Md Saroer-E Azam, at IBM TechXchange Conference 2023 at the MGM Grand in Las Vegas. We will be running a hands-on-lab on STIX-Shifter, an open-source project under the Open Cybersecurity Alliance. This is a Python library that uses STIX patterning to search across multiple security products and data stores, returning results as STIX Observations. STIX-Shifter connectors facilitate federated search in the IBM Security QRadar Suite platform. This allows customers to use their existing security products, keep their data in place, and search it using a unified query and results format.
This comprehensive session explores the main classes and structure of STIX-Shifter, the process of mapping STIX properties to target data source fields, translation of STIX patterns into native queries, and converting query results into STIX objects. Further, it examines the API-based communication between a connector and the data source, along with illustrating the usage of STIX-Shifter's CLI commands for connector testing. Finally, we will dive into the process of building a custom data connector.
Here are some more details on our lab:
Session Title: A Deep Dive into IBM QRadar Suite with Custom Federated Search Connectors
Session ID: 1647
Topic: Threat Management
Date / Time: Mon, September 11th, 10:15 AM - 11:45 AM PDT
Location: MGM Grand Las Vegas, Boulevard 168, Level 1
What you will learn:
1. Learn how STIX-Shifter uses data-mapping to enable federated search in IBM QRadar Suite.
2. Get hands-on experience with the STIX-Shifter CLI tools for running searches against external data sources.
3. Try your hand at building you own custom connector.
Make sure you register for the: TechXchange Conference from Sept 11-Sept 14th in Las Vegas.