I look forward to co-presenting along with my colleague, Md Saroer-E Azam, at IBM TechXchange Conference 2023 at the MGM Grand in Las Vegas. We will be running a hands-on-lab on STIX-Shifter, an open-source project under the Open Cybersecurity Alliance. This is a Python library that uses STIX patterning to search across multiple security products and data stores, returning results as STIX Observations. STIX-Shifter connectors facilitate federated search in the IBM Security QRadar Suite platform. This allows customers to use their existing security products, keep their data in place, and search it using a unified query and results format.

This comprehensive session explores the main classes and structure of STIX-Shifter, the process of mapping STIX properties to target data source fields, translation of STIX patterns into native queries, and converting query results into STIX objects. Further, it examines the API-based communication between a connector and the data source, along with illustrating the usage of STIX-Shifter's CLI commands for connector testing. Finally, we will dive into the process of building a custom data connector.

Here are some more details on our lab:

Session Title: A Deep Dive into IBM QRadar Suite with Custom Federated Search Connectors

Session ID: 1647

Topic: Threat Management

Date / Time: Mon, September 11^th, 10:15 AM - 11:45 AM PDT

Location: MGM Grand Las Vegas, Boulevard 168, Level 1

What you will learn:

1.   Learn how STIX-Shifter uses data-mapping to enable federated search in IBM QRadar Suite.

2.   Get hands-on experience with the STIX-Shifter CLI tools for running searches against external data sources.

3.   Try your hand at building you own custom connector.

Make sure you register for the: TechXchange Conference from Sept 11-Sept 14th in Las Vegas.