About cookies on this site Our websites require some cookies to function properly (required). In addition, other cookies may be used with your consent to analyze site usage, improve the user experience and for advertising. For more information, please review your options. By visiting our website, you agree to our processing of information as described in IBM’sprivacy statement. To provide a smooth navigation, your cookie preferences will be shared across the IBM web domains listed here.
Published on 13 August 2021, updated 15 October 2021
Read in Google Books
Share this page:
ISBN-10: 0738459879
ISBN-13: 9780738459875
IBM Form #: REDP-5655-00
Authors: IBM Storage
Abstract
The focus of this document is to demonstrate an early threat detection by using IBM® QRadar® and the Safeguarded Copy feature that is available as part of IBM FlashSystem® and IBM SAN Volume Controller. Such early detection protects and quickly recovers the data if a cyberattack occurs.
This document describes integrating IBM FlashSystem audit logs with IBM QRadar, and the configuration steps for IBM FlashSystem and IBM QRadar. It also explains how to use the IBM QRadar’s device support module (DSM) editor to normalize events and assign IBM QRadar identifier (QID) map to the events.
Post IBM QRadar configuration, we review configuring Safeguarded Copy on the application volumes by using volume groups and applying Safeguarded backup polices on the volume group.
Finally, we demonstrate the use of orchestration software IBM Copy Services Manager to start a recovery, restore operations for data restoration on online volumes, and start a backup of data volumes.
Table of Contents
Introduction
Executive summary
Scope
Introduction
Safeguarded Copy feature
IBM QRadar
Prerequisites
Solution overview
Control path use cases
Data path use case
Lab setup
Custom log source
IBM QRadar sample rules
Custom actions
Summary
Acknowledgment
Appendix A
Resources