IBM Security QRadar

 View Only

TechXchange Conference 2023 Security Track - Labs for Threat Management

By Wendy Batten posted Thu July 06, 2023 01:05 PM

  

TechXchange Conference 2023 Security Track - Labs for Threat Management

We know that you’ve been eagerly awaiting on more details on the technical content planned for the upcoming IBM TechXchange Conference 2023, happening in Las Vegas September 11-14. Here is a preview of some of the labs we are planning. Please note that the titles and lab descriptions are still being refined, but this gives you a sense of what is coming. 


Register today for the first TechXchange event for technologists using IBM products and solutions. Also, save $300 with early bird pricing if you register before July 21st. See you there!


Track: Labs – Security Threat Management Advanced

Lab Title Abstract
Integrating and Monitoring Cloud Platforms and Services using QRadar Securing the cloud environment is becoming a bigger challenge to every security team. Walk through integrating a cloud platform and services into the IBM Security QRadar Suite in order to gain unprecedented visibility across both on prem and cloud environments all in one pain of glass.
Security with NTA/NDR QRadar Network Insights provides in-depth analysis of both network metadata and application content to detect suspicious activity hidden among normal traffic and extract content to provide QRadar with visibility into network threat activity.
Advanced Log Handling using Rsyslog Experience  how rsyslog  addresses issues with syslog log sources commonly seen with QRadar SIEM and now QRadar Log Insights deployments. The issues covered in this lab will enable participants to filter out unwanted events, fix broken syslog headers, rewrite and modify events, and route events to multiple destinations, optionally with rate limiting.
IBM QRadar Advanced tuning A well-tuned system improves efficiency and ensures the focus is on what’s important. Learn how to  improve your Network Hierarchy, minimize false positives using network host definitions and add an assets. Learn how to  investigate and tune a noisy rule. Finally, add an index to improve how the QRadar Deployment Intelligence app monitors your system health
Performing Your Threat Hunting with Kestrel In this lab, you will learn how to leverage our platforms ability to traverse across your entire infrastrcture using a single unified language of our User Analyst Experience for the purposes of going from defense to offense.
"SOAR: Calling Your First Ansible Script from a SOAR Playbook" In this lab, you will learn just how possible it is to bring your organizational silos together under the guise that security is everyone's responsibility. You will learn to call your first Ansible playbook from within the SOAR platform giving your IT Operations tools security context.
Track: Labs – Security Threat Management Intermediate
Lab Title Abstract
Building UAX Federated Search Connectors in QRadar Suite Learn how to build a custom federated search connector for IBM Security QRadar Suite using STIX-shifter; an open source project under the Open Cybersecurity Alliance. STIX-shifter is a python library that connects and queries products that house data repositories by using STIX Patterning, and returns results as STIX Observations. This session will cover the structure and major classes of STIX-shifter, mapping fields between STIX and a target data source, translating STIX patterns into native queries, translating query results into STIX objects, how a connector communicates with the data source via APIs, and how to test a connector with STIX-shifter’s CLI commands.
Understanding the Fundamentals of Playbook Building New to building Playbooks? Still using the old Workflows? This lab will help establish the similarities and differences of the old Workflows and the new Playbooks model. We will discuss how to make complex SOP style and simple automation style playbooks so that you will be ready to establish new or start the conversion of your playbooks. Quickly build new scripts, utilize functions, and add tasks for your analysts to complete and more as we work to build the fundamental knowledge of automations.
"SOAR: Configuring The QRadar SOAR Plugin" Now that you have all of telemetry and visibility of your threat and its behavior, you ever stopped to ask yourself the question: "what do I do about it?" Well in this session we will help you configure the very connected tissue that brings our SIEM and SOAR together, allowing you to complete the life cycle of your incident response triage from end to end.
Better Together: QRadar SIEM + SOAR + EDR End To End In this lab, you will learn how to  bring our portfolio together in a very simple yet wholistic way, allowing you to unlock the endless posibilities for solving threats from end to end when we are better together.
How to Fight Fraud Trustboard - How to fight fraud with offline investigation - How to fight fraud in real time (web, mobile) - SOAR integration - how to automate the response
Mobile Threat Mgmt and Mobile Threat Defense (Qradar & Zscaler Integration) In this instructor-led lab you will learn best practices for Deploying iOS, Android and Windows devices, Distributing applications, Enforcing policy compliance, and Protecting devices from advanced mobile threats"

Make sure you register: TechXchange Conference from Sept 11-Sept 14th in Las Vegas.

0 comments
88 views

Permalink