Security Orchestration, Automation & Response Platform

Security Orchestration, Automation & Response Platform

SOFTWARE INSTALLATION GUIDE v33

Licensed Materials ¨C Property of IBM

? Copyright IBM Corp. 2010, 2019. All Rights Reserved.

US Government Users Restricted Rights: Use, duplication or disclosure restricted by GSA ADP Schedule

Contract with IBM Corp. acknowledgment

Resilient Security Orchestration, Automation and Response Platform

Software Installation Guide

Platform

Version

33.0

Publication

June 2019

Notes

Initial publication.

Contents

Chapter 1. Introduction.........................................................................................1

MSSP add-on............................................................................................................................................... 1

Chapter 2. Prerequisites........................................................................................3

Chapter 3. Deployment......................................................................................... 5

Importing the Resilient license...................................................................................................................6

Chapter 4. Setting the time zone........................................................................... 9

Chapter 5. SSL certi?cate....................................................................................11

Creating and submitting the certi?cate request...................................................................................... 11

Importing the signed certi?cate............................................................................................................... 12

Chapter 6. Accounts and additional con?guration................................................ 13

Accounts and groups.................................................................................................................................13

Creating the initial Resilient user account............................................................................................... 13

LDAP authentication..................................................................................................................................14

SAML authentication................................................................................................................................. 17

Two-factor authentication.........................................................................................................................20

Add additional user accounts................................................................................................................... 22

Importing untrusted certi?cates...............................................................................................................22

Chapter 7. Network con?guration........................................................................25

Chapter 8. Log ?le con?guration..........................................................................27

Chapter 9. Email con?guration............................................................................ 29

Email security ¨C defanging URLs........................................................................................................... 30

Chapter 10. Changing ciphers and protocols........................................................ 31

Chapter 11. Manage Resilient services................................................................ 33

Chapter 12. KeyVaults.........................................................................................35

Storage format, location and key............................................................................................................. 35

Con?guration options................................................................................................................................ 35

Encrypting the KeyVault password...........................................................................................................36

KeyVault backup........................................................................................................................................ 38

Secrets....................................................................................................................................................... 39

Chapter 13. Con?guring maximum image size..................................................... 41

Chapter 14. Resilient audit logs...........................................................................43

Con?guring syslog..................................................................................................................................... 44

Con?guring audit logging.......................................................................................................................... 45

Chapter 15. Backup and restore.......................................................................... 47

iii

Chapter 16. Upgrade Procedure...........................................................................49

iv

Chapter 1. Introduction

Based on a knowledgebase of incident response best practices, industry standard frameworks, and

regulatory requirements, the Resilient SOAR Platform makes incident response ef?cient and compliant.

There are three variations of the Resilient platform:

? Standalone installed on a Red Hat Enterprise Linux (RHEL) server (this package)

? Standalone installed on a FIPS compliant RHEL server

? VMware package installed on a RHEL host

You cannot upgrade from one variation to another, or install different variations on the same system.

MSSP add-on

The Resilient for Managed Security Service Providers (MSSP) add-on, licensed separately, is an optional

feature that allows you to manage multiple Resilient child organizations from a single global dashboard.

Each child organization can be assigned to a different group, division, or company to meet their incident

response requirements.

Many of the administrative procedures remain the same; however, you manage the administrative

settings in the con?guration organization. If you have the MSSP add-on, you need to use the MSSP Add-on

Con?guration Guide to con?gure and manage the MSSP add-on components.

Important: If you are con?guring Resilient for an MSSP deployment, you not need to create a regular

Resilient organization, as described in this guide. In addition, do not con?gure LDAP, as it is not currently

supported for Resilient for MSSP.

Use the Resilient for MSSPs add-on deployment overview for a description of how to install and con?gure

Resilient for MSSP.

?

Copyright IBM Corp. 2019

1

 ................
................

In order to avoid copyright disputes, this page is only a partial summary.

Google Online Preview   Download