🧑‍💻

Lecture on IBM Security Curam Platform Overview

Jun 22, 2024

Lecture on IBM Security Curam Platform Overview

Introduction

  • Speaker: PR
  • Focus: Back-end CLI and UI of IBM's security platform

Back-End CLI Overview

Operating System

  • Uses Red Hat Enterprise Linux server release 7.9
  • Custom partition layout created for software installation via a downloadable file from IBM Fix Central
  • Automatic partition creation if using a UHA file on an ESX server

SSL Certificate Generation

  • Command: S Rec for Certificate request
  • Requires sudo access
  • Fully Qualified Domain Name: example.com
  • Subject Alternative Name (SAN): IP address of the lab machine (192.168.0.1)
  • Generates Certificate Signing Request (CSR)
  • CSR stored in a specified location; can be accessed via OpenSSL command
  • Adding SANs can avoid hostname or IP address mismatch during integrations
  • Mandatory fields for the CSR include company name and organizational unit

User Creation

  • Commands use the utility R util
  • Requires sudo permission
  • Use help command with grep for specific tasks
  • new user command for creating users and organizations
  • Parameters include: organization flag, email, first name, last name

UI Overview

Dashboard

  • Product name and host information linked to the UI
  • Landing page: Activity Dashboard with Newsfeed
  • Filters for specific activities (e.g., attachments, modifications)
  • Direct links to IBM documentation and API tools

User Tasks and Incidents

  • Tasks are generated for incidents in different phases (e.g., detect, analyze)
  • Tasks can be assigned to individuals or groups
  • Filtering and managing tasks
  • Inbox for creating cases from emails
  • Artifacts: DNS names, email addresses, etc., found during investigations

Incident Management

  • Incident tab to view all incidents with filters for status, type, etc.
  • Filter customization
  • Presets for saved searches
  • Create incident from UI

Notifications and Playbooks

  • Customizable notifications
  • Playbooks for automation and integrations
  • No playbooks enabled by default
  • Dedicated sessions for creating playbooks

Administrator Settings

  • Sessions for detailed understanding of user groups, rules, workspaces
  • Organizations: Details and editing commands
  • Session timeout customization
  • New incident wizard and incident tab customization
  • Rules & Workflows vs. Playbook Designer

Search Functionality

  • Customizable search filters across incidents, tasks, artifacts, nodes, attachments
  • Search results are quick-filtered and can jump directly to details

Conclusion

  • Summary of UI and CLI features
  • Details on hands-on sessions for deeper understanding
  • Notes on which sections are deliberately left for upcoming sessions

Full transcript