Now in its 5th year, Master Skills University is the premier event for sharpening your skills and deepening your knowledge of IBM Security solutions, through demos, lectures, and labs built and delivered by our top global cyber experts. You’ll also have opportunities to ask questions, connect with fellow power users from around the world, and engage one-to-one with the teams who develop, deploy, and support your IBM Security products every day.
Register here: https://www.ibm.com/training/events/msu2022
This is a draft agenda. Subject to change.
Monday, September 12
Solution Roadmap & Strategic Direction Update — Understand the strategic direction for IBM Security SOAR/XDR Connect
Tuesday, September 13
Data Explorer: Developing Custom Connectors — Learn how to build a custom federated search connector for IBM Cloud Pak for Security using STIX-shifter; an open source project under the Open Cybersecurity Alliance. STIX-shifter is a python library that connects and queries products that house data repositories by using STIX Patterning, and returns results as STIX Observations. This session will cover the structure and major classes of STIX-shifter, mapping fields between STIX and a target data source, translating STIX patterns into native queries, translating query results into STIX objects, how a connector communicates with the data source via APIs, and how to test a connector with STIX-shifter’s CLI commands.
SOAR: Advanced Deployment of Playbooks in IBM SOAR — Learn how to take advantage of Playbooks which suit your workflow to enrich and then contain a Case. We will delve deep into the development of Playbooks and highlight some troubleshooting tips. *It is assumed the attendee is already an expert on IBM SOAR
Wednesday, September 14
SOAR: Building Custom Integrations with the App Host — This session will focus on how to develop, validate, and deploy complex python apps on SOAR with Playbooks and functions running on App Host. The session will cover the SOAR Python tools available for developing apps, what a container is for App Host and how to build and deploy one, and much much more!
From SOAR To CP4S - How To Migrate: The Cookbook From SEL — This session covers an overview of the end to end migration steps for SaaS and non SaaS customers, and the steps used by the SEL consultant using the migration script to migrate data from SOAR to CP4S. We will also have a live demo of data migration from a non SaaS SOAR to non SaaS CP4S
SOAR: The Evolution - from Workflow to Playbook Designer — In this session, the audience will learn how the concept of the New Playbook Design, how to move existing playbooks composed of Rules, Scripts, Workflows, functions to a single Playbook, learn the advantages and the simplicity of this design that open more possibilities to organize and re-use components in a simpler way. We will also explore the new function enrichment for artifacts and the different possibilities to push results for Analyst view
Thursday, September 15
Threat Investigator: Technical Deep Dive — This session will focus on Threat Investigator application that performs automatic case investigations. This session will cover configuration, how to interpret the investigation results, and how to take action based on the findings. It will also cover how the investigation is performed and the prerequisites for an effective investigation.
Threat Intelligence Insights: Technical Deep Dive — Deep dive into creation and dissemination of threat intel from incident response to content creation, then we will demo trouble-shooting techniques with Threat Intelligence Insights (TII) app and Threat Intel Service (TIS) on the CP4S platform.
Troubleshooting Best Practices — Learn the best practices and things to look for when troubleshooting common issues and notifications on your SIEM/XDRC solution
From QRadar SIEM Offenses To SOAR Cases — This session teaches the complete steps on how to configure, set up, and troubleshoot the SOAR extension on QRadar to ingest offenses and create cases. It will also show you what configuring multiple QRadar instances could look like as well.