How to use IBM Cloud Pak System logs, in real-time, to alert your Security Operation Center in case of security incident?

Posted byJean-Christophe MarcandellaPosted inIBM Cloud Pak SystemTags:,

Is your Security Operation Center already asked you to be alerted in real-time in case of security incident on your IBM Cloud Pak System machine?

If yes, you probably answered to this request by giving access to Events web page on IBM Cloud Pak System console, like on picture below:

Usually, it’s not the answer expected by your Security Operation Center because it cannot be included into their monitoring tool.

IBM Expert Labs developed a real-time solution based on IBM Cloud Pak System logs, with a generic part – to collect logs – and a specific part – the smart processing of logs – to answer to Security Operation Center requirements.

You can implement the generic part – based on following article https://community.ibm.com/community/user/storage/blogs/jean-christophe-marcandella/2021/08/23/how-to-split-ibm-cloud-pak-system-logs – on your IBM Cloud Pak System.

For the specific part, please free to develop yourself or to contact your IBM Expert Labs representative.

Leave a comment

This site uses Akismet to reduce spam. Learn how your comment data is processed.

Design a site like this with WordPress.com
Get started