Verfügbarkeit: Cyber resiliency with Splunk Enterprise and IBM FlashSystem Storage Safeguarded Copy with IBM Copy Services Manager

Cyber resiliency with Splunk Enterprise and IBM FlashSystem Storage Safeguarded Copy with IBM Copy Services Manager:

The focus of this document is to highlight early threat detection by using Splunk Enterprise and proactively start a cyber resilience workflow in response to a cyberattack or malicious user action. The workflow uses IBM® Copy Services Manager (CSM) as orchestration software to invoke the IBM FlashSy...

Ausführliche Beschreibung

Gespeichert in:

Bibliographische Detailangaben
Beteiligte Personen:	Kantak, Hemant (VerfasserIn), Shingornikar, Shashank (VerfasserIn)
Format:	Elektronisch E-Book
Sprache:	Englisch
Veröffentlicht:	[Poughkeepsie, New York] IBM Redbooks [2022]
Ausgabe:	[First edition].
Schlagwörter:	Enterprise resource planning Management information systems Electronic data processing Data mining Big data Progiciels de gestion intégrés Systèmes d'information de gestion Exploration de données (Informatique) Données volumineuses
Links:	https://learning.oreilly.com/library/view/-/9780738460970/?ar
Zusammenfassung:	The focus of this document is to highlight early threat detection by using Splunk Enterprise and proactively start a cyber resilience workflow in response to a cyberattack or malicious user action. The workflow uses IBM® Copy Services Manager (CSM) as orchestration software to invoke the IBM FlashSystem® storage Safeguarded Copy function, which creates an immutable copy of the data in an air-gapped form on the same IBM FlashSystem Storage for isolation and eventual quick recovery. This document explains the steps that are required to enable and forward IBM FlashSystem audit logs and set a Splunk forwarder configuration to forward local event logs to Splunk Enterprise. This document also describes how to create various alerts in Splunk Enterprise to determine a threat, and configure and invoke an appropriate response to the detected threat in Splunk Enterprise. This document explains the lab setup configuration steps that are involved in configuring various components like Splunk Enterprise, Splunk Enterprise config files for custom apps, IBM CSM, and IBM FlashSystem Storage. The last steps in the lab setup section demonstrate the automated Safeguarded Copy creation and validation steps. This document also describes brief steps for configuring various components and integrating them. This document demonstrates a use case for protecting a Microsoft SQL database (DB) volume that is created on IBM FlashSystem Storage. When a threat is detected on the Microsoft SQL DB volume, Safeguarded Copy starts on an IBM FlashSystem Storage volume. The Safeguarded Copy creates an immutable copy of the data, and the same data volume can be recovered or restored by using IBM CSM. This publication does not describe the installation procedures for Splunk Enterprise, Splunk Forwarder for IBM CSM, th Microsoft SQL server, or the IBM FlashSystem Storage setup. It is assumed that the reader of the book has a basic understanding of system, Windows, and DB administration; storage administration; and has access to the required software and documentation that is used in this document.
Umfang:	1 Online-Ressource (42 Seiten) illustrations
ISBN:	9780738460970 0738460974

Internformat

MARC


LEADER	00000cam a22000002 4500
001	ZDB-30-ORH-083658696
003	DE-627-1
005	20240228121857.0
007	cr uuu---uuuuu
008	230111s2022 xx \|\|\|\|\|o 00\| \|\|eng c
020			\|a 9780738460970 \|c electronic bk. \|9 978-0-7384-6097-0
020			\|a 0738460974 \|c electronic bk. \|9 0-7384-6097-4
035			\|a (DE-627-1)083658696
035			\|a (DE-599)KEP083658696
035			\|a (ORHE)9780738460970
035			\|a (DE-627-1)083658696
040			\|a DE-627 \|b ger \|c DE-627 \|e rda
041			\|a eng
082	0		\|a 658.4/038011 \|2 23/eng/20221220
100	1		\|a Kantak, Hemant \|e VerfasserIn \|4 aut
245	1	0	\|a Cyber resiliency with Splunk Enterprise and IBM FlashSystem Storage Safeguarded Copy with IBM Copy Services Manager \|c by Hemant Kantak, Shashank Shingornikar
250			\|a [First edition].
264		1	\|a [Poughkeepsie, New York] \|b IBM Redbooks \|c [2022]
300			\|a 1 Online-Ressource (42 Seiten) \|b illustrations
336			\|a Text \|b txt \|2 rdacontent
337			\|a Computermedien \|b c \|2 rdamedia
338			\|a Online-Ressource \|b cr \|2 rdacarrier
520			\|a The focus of this document is to highlight early threat detection by using Splunk Enterprise and proactively start a cyber resilience workflow in response to a cyberattack or malicious user action. The workflow uses IBM® Copy Services Manager (CSM) as orchestration software to invoke the IBM FlashSystem® storage Safeguarded Copy function, which creates an immutable copy of the data in an air-gapped form on the same IBM FlashSystem Storage for isolation and eventual quick recovery. This document explains the steps that are required to enable and forward IBM FlashSystem audit logs and set a Splunk forwarder configuration to forward local event logs to Splunk Enterprise. This document also describes how to create various alerts in Splunk Enterprise to determine a threat, and configure and invoke an appropriate response to the detected threat in Splunk Enterprise. This document explains the lab setup configuration steps that are involved in configuring various components like Splunk Enterprise, Splunk Enterprise config files for custom apps, IBM CSM, and IBM FlashSystem Storage. The last steps in the lab setup section demonstrate the automated Safeguarded Copy creation and validation steps. This document also describes brief steps for configuring various components and integrating them. This document demonstrates a use case for protecting a Microsoft SQL database (DB) volume that is created on IBM FlashSystem Storage. When a threat is detected on the Microsoft SQL DB volume, Safeguarded Copy starts on an IBM FlashSystem Storage volume. The Safeguarded Copy creates an immutable copy of the data, and the same data volume can be recovered or restored by using IBM CSM. This publication does not describe the installation procedures for Splunk Enterprise, Splunk Forwarder for IBM CSM, th Microsoft SQL server, or the IBM FlashSystem Storage setup. It is assumed that the reader of the book has a basic understanding of system, Windows, and DB administration; storage administration; and has access to the required software and documentation that is used in this document.
650		0	\|a Enterprise resource planning
650		0	\|a Management information systems
650		0	\|a Electronic data processing
650		0	\|a Data mining
650		0	\|a Big data
650		4	\|a Progiciels de gestion intégrés
650		4	\|a Systèmes d'information de gestion
650		4	\|a Exploration de données (Informatique)
650		4	\|a Données volumineuses
650		4	\|a Big data
650		4	\|a Data mining
650		4	\|a Electronic data processing
650		4	\|a Enterprise resource planning
650		4	\|a Management information systems
700	1		\|a Shingornikar, Shashank \|e VerfasserIn \|4 aut
966	4	0	\|l DE-91 \|p ZDB-30-ORH \|q TUM_PDA_ORH \|u https://learning.oreilly.com/library/view/-/9780738460970/?ar \|m X:ORHE \|x Aggregator \|z lizenzpflichtig \|3 Volltext
912			\|a ZDB-30-ORH
912			\|a ZDB-30-ORH
951			\|a BO
912			\|a ZDB-30-ORH
049			\|a DE-91

Datensatz im Suchindex

DE-BY-TUM_katkey	ZDB-30-ORH-083658696
_version_	1821494816378191872
adam_text
any_adam_object
author	Kantak, Hemant Shingornikar, Shashank
author_facet	Kantak, Hemant Shingornikar, Shashank
author_role	aut aut
author_sort	Kantak, Hemant
author_variant	h k hk s s ss
building	Verbundindex
bvnumber	localTUM
collection	ZDB-30-ORH
ctrlnum	(DE-627-1)083658696 (DE-599)KEP083658696 (ORHE)9780738460970
dewey-full	658.4/038011
dewey-hundreds	600 - Technology (Applied sciences)
dewey-ones	658 - General management
dewey-raw	658.4/038011
dewey-search	658.4/038011
dewey-sort	3658.4 538011
dewey-tens	650 - Management and auxiliary services
discipline	Wirtschaftswissenschaften
edition	[First edition].
format	Electronic eBook
fullrecord	<?xml version="1.0" encoding="UTF-8"?><collection xmlns="http://www.loc.gov/MARC21/slim"><record><leader>03994cam a22005292 4500</leader><controlfield tag="001">ZDB-30-ORH-083658696</controlfield><controlfield tag="003">DE-627-1</controlfield><controlfield tag="005">20240228121857.0</controlfield><controlfield tag="007">cr uuu---uuuuu</controlfield><controlfield tag="008">230111s2022 xx \|\|\|\|\|o 00\| \|\|eng c</controlfield><datafield tag="020" ind1=" " ind2=" "><subfield code="a">9780738460970</subfield><subfield code="c">electronic bk.</subfield><subfield code="9">978-0-7384-6097-0</subfield></datafield><datafield tag="020" ind1=" " ind2=" "><subfield code="a">0738460974</subfield><subfield code="c">electronic bk.</subfield><subfield code="9">0-7384-6097-4</subfield></datafield><datafield tag="035" ind1=" " ind2=" "><subfield code="a">(DE-627-1)083658696</subfield></datafield><datafield tag="035" ind1=" " ind2=" "><subfield code="a">(DE-599)KEP083658696</subfield></datafield><datafield tag="035" ind1=" " ind2=" "><subfield code="a">(ORHE)9780738460970</subfield></datafield><datafield tag="035" ind1=" " ind2=" "><subfield code="a">(DE-627-1)083658696</subfield></datafield><datafield tag="040" ind1=" " ind2=" "><subfield code="a">DE-627</subfield><subfield code="b">ger</subfield><subfield code="c">DE-627</subfield><subfield code="e">rda</subfield></datafield><datafield tag="041" ind1=" " ind2=" "><subfield code="a">eng</subfield></datafield><datafield tag="082" ind1="0" ind2=" "><subfield code="a">658.4/038011</subfield><subfield code="2">23/eng/20221220</subfield></datafield><datafield tag="100" ind1="1" ind2=" "><subfield code="a">Kantak, Hemant</subfield><subfield code="e">VerfasserIn</subfield><subfield code="4">aut</subfield></datafield><datafield tag="245" ind1="1" ind2="0"><subfield code="a">Cyber resiliency with Splunk Enterprise and IBM FlashSystem Storage Safeguarded Copy with IBM Copy Services Manager</subfield><subfield code="c">by Hemant Kantak, Shashank Shingornikar</subfield></datafield><datafield tag="250" ind1=" " ind2=" "><subfield code="a">[First edition].</subfield></datafield><datafield tag="264" ind1=" " ind2="1"><subfield code="a">[Poughkeepsie, New York]</subfield><subfield code="b">IBM Redbooks</subfield><subfield code="c">[2022]</subfield></datafield><datafield tag="300" ind1=" " ind2=" "><subfield code="a">1 Online-Ressource (42 Seiten)</subfield><subfield code="b">illustrations</subfield></datafield><datafield tag="336" ind1=" " ind2=" "><subfield code="a">Text</subfield><subfield code="b">txt</subfield><subfield code="2">rdacontent</subfield></datafield><datafield tag="337" ind1=" " ind2=" "><subfield code="a">Computermedien</subfield><subfield code="b">c</subfield><subfield code="2">rdamedia</subfield></datafield><datafield tag="338" ind1=" " ind2=" "><subfield code="a">Online-Ressource</subfield><subfield code="b">cr</subfield><subfield code="2">rdacarrier</subfield></datafield><datafield tag="520" ind1=" " ind2=" "><subfield code="a">The focus of this document is to highlight early threat detection by using Splunk Enterprise and proactively start a cyber resilience workflow in response to a cyberattack or malicious user action. The workflow uses IBM® Copy Services Manager (CSM) as orchestration software to invoke the IBM FlashSystem® storage Safeguarded Copy function, which creates an immutable copy of the data in an air-gapped form on the same IBM FlashSystem Storage for isolation and eventual quick recovery. This document explains the steps that are required to enable and forward IBM FlashSystem audit logs and set a Splunk forwarder configuration to forward local event logs to Splunk Enterprise. This document also describes how to create various alerts in Splunk Enterprise to determine a threat, and configure and invoke an appropriate response to the detected threat in Splunk Enterprise. This document explains the lab setup configuration steps that are involved in configuring various components like Splunk Enterprise, Splunk Enterprise config files for custom apps, IBM CSM, and IBM FlashSystem Storage. The last steps in the lab setup section demonstrate the automated Safeguarded Copy creation and validation steps. This document also describes brief steps for configuring various components and integrating them. This document demonstrates a use case for protecting a Microsoft SQL database (DB) volume that is created on IBM FlashSystem Storage. When a threat is detected on the Microsoft SQL DB volume, Safeguarded Copy starts on an IBM FlashSystem Storage volume. The Safeguarded Copy creates an immutable copy of the data, and the same data volume can be recovered or restored by using IBM CSM. This publication does not describe the installation procedures for Splunk Enterprise, Splunk Forwarder for IBM CSM, th Microsoft SQL server, or the IBM FlashSystem Storage setup. It is assumed that the reader of the book has a basic understanding of system, Windows, and DB administration; storage administration; and has access to the required software and documentation that is used in this document.</subfield></datafield><datafield tag="650" ind1=" " ind2="0"><subfield code="a">Enterprise resource planning</subfield></datafield><datafield tag="650" ind1=" " ind2="0"><subfield code="a">Management information systems</subfield></datafield><datafield tag="650" ind1=" " ind2="0"><subfield code="a">Electronic data processing</subfield></datafield><datafield tag="650" ind1=" " ind2="0"><subfield code="a">Data mining</subfield></datafield><datafield tag="650" ind1=" " ind2="0"><subfield code="a">Big data</subfield></datafield><datafield tag="650" ind1=" " ind2="4"><subfield code="a">Progiciels de gestion intégrés</subfield></datafield><datafield tag="650" ind1=" " ind2="4"><subfield code="a">Systèmes d'information de gestion</subfield></datafield><datafield tag="650" ind1=" " ind2="4"><subfield code="a">Exploration de données (Informatique)</subfield></datafield><datafield tag="650" ind1=" " ind2="4"><subfield code="a">Données volumineuses</subfield></datafield><datafield tag="650" ind1=" " ind2="4"><subfield code="a">Big data</subfield></datafield><datafield tag="650" ind1=" " ind2="4"><subfield code="a">Data mining</subfield></datafield><datafield tag="650" ind1=" " ind2="4"><subfield code="a">Electronic data processing</subfield></datafield><datafield tag="650" ind1=" " ind2="4"><subfield code="a">Enterprise resource planning</subfield></datafield><datafield tag="650" ind1=" " ind2="4"><subfield code="a">Management information systems</subfield></datafield><datafield tag="700" ind1="1" ind2=" "><subfield code="a">Shingornikar, Shashank</subfield><subfield code="e">VerfasserIn</subfield><subfield code="4">aut</subfield></datafield><datafield tag="966" ind1="4" ind2="0"><subfield code="l">DE-91</subfield><subfield code="p">ZDB-30-ORH</subfield><subfield code="q">TUM_PDA_ORH</subfield><subfield code="u">https://learning.oreilly.com/library/view/-/9780738460970/?ar</subfield><subfield code="m">X:ORHE</subfield><subfield code="x">Aggregator</subfield><subfield code="z">lizenzpflichtig</subfield><subfield code="3">Volltext</subfield></datafield><datafield tag="912" ind1=" " ind2=" "><subfield code="a">ZDB-30-ORH</subfield></datafield><datafield tag="912" ind1=" " ind2=" "><subfield code="a">ZDB-30-ORH</subfield></datafield><datafield tag="951" ind1=" " ind2=" "><subfield code="a">BO</subfield></datafield><datafield tag="912" ind1=" " ind2=" "><subfield code="a">ZDB-30-ORH</subfield></datafield><datafield tag="049" ind1=" " ind2=" "><subfield code="a">DE-91</subfield></datafield></record></collection>
id	ZDB-30-ORH-083658696
illustrated	Illustrated
indexdate	2025-01-17T11:20:23Z
institution	BVB
isbn	9780738460970 0738460974
language	English
open_access_boolean
owner	DE-91 DE-BY-TUM
owner_facet	DE-91 DE-BY-TUM
physical	1 Online-Ressource (42 Seiten) illustrations
psigel	ZDB-30-ORH TUM_PDA_ORH ZDB-30-ORH
publishDate	2022
publishDateSearch	2022
publishDateSort	2022
publisher	IBM Redbooks
record_format	marc
spelling	Kantak, Hemant VerfasserIn aut Cyber resiliency with Splunk Enterprise and IBM FlashSystem Storage Safeguarded Copy with IBM Copy Services Manager by Hemant Kantak, Shashank Shingornikar [First edition]. [Poughkeepsie, New York] IBM Redbooks [2022] 1 Online-Ressource (42 Seiten) illustrations Text txt rdacontent Computermedien c rdamedia Online-Ressource cr rdacarrier The focus of this document is to highlight early threat detection by using Splunk Enterprise and proactively start a cyber resilience workflow in response to a cyberattack or malicious user action. The workflow uses IBM® Copy Services Manager (CSM) as orchestration software to invoke the IBM FlashSystem® storage Safeguarded Copy function, which creates an immutable copy of the data in an air-gapped form on the same IBM FlashSystem Storage for isolation and eventual quick recovery. This document explains the steps that are required to enable and forward IBM FlashSystem audit logs and set a Splunk forwarder configuration to forward local event logs to Splunk Enterprise. This document also describes how to create various alerts in Splunk Enterprise to determine a threat, and configure and invoke an appropriate response to the detected threat in Splunk Enterprise. This document explains the lab setup configuration steps that are involved in configuring various components like Splunk Enterprise, Splunk Enterprise config files for custom apps, IBM CSM, and IBM FlashSystem Storage. The last steps in the lab setup section demonstrate the automated Safeguarded Copy creation and validation steps. This document also describes brief steps for configuring various components and integrating them. This document demonstrates a use case for protecting a Microsoft SQL database (DB) volume that is created on IBM FlashSystem Storage. When a threat is detected on the Microsoft SQL DB volume, Safeguarded Copy starts on an IBM FlashSystem Storage volume. The Safeguarded Copy creates an immutable copy of the data, and the same data volume can be recovered or restored by using IBM CSM. This publication does not describe the installation procedures for Splunk Enterprise, Splunk Forwarder for IBM CSM, th Microsoft SQL server, or the IBM FlashSystem Storage setup. It is assumed that the reader of the book has a basic understanding of system, Windows, and DB administration; storage administration; and has access to the required software and documentation that is used in this document. Enterprise resource planning Management information systems Electronic data processing Data mining Big data Progiciels de gestion intégrés Systèmes d'information de gestion Exploration de données (Informatique) Données volumineuses Shingornikar, Shashank VerfasserIn aut
spellingShingle	Kantak, Hemant Shingornikar, Shashank Cyber resiliency with Splunk Enterprise and IBM FlashSystem Storage Safeguarded Copy with IBM Copy Services Manager Enterprise resource planning Management information systems Electronic data processing Data mining Big data Progiciels de gestion intégrés Systèmes d'information de gestion Exploration de données (Informatique) Données volumineuses
title	Cyber resiliency with Splunk Enterprise and IBM FlashSystem Storage Safeguarded Copy with IBM Copy Services Manager
title_auth	Cyber resiliency with Splunk Enterprise and IBM FlashSystem Storage Safeguarded Copy with IBM Copy Services Manager
title_exact_search	Cyber resiliency with Splunk Enterprise and IBM FlashSystem Storage Safeguarded Copy with IBM Copy Services Manager
title_full	Cyber resiliency with Splunk Enterprise and IBM FlashSystem Storage Safeguarded Copy with IBM Copy Services Manager by Hemant Kantak, Shashank Shingornikar
title_fullStr	Cyber resiliency with Splunk Enterprise and IBM FlashSystem Storage Safeguarded Copy with IBM Copy Services Manager by Hemant Kantak, Shashank Shingornikar
title_full_unstemmed	Cyber resiliency with Splunk Enterprise and IBM FlashSystem Storage Safeguarded Copy with IBM Copy Services Manager by Hemant Kantak, Shashank Shingornikar
title_short	Cyber resiliency with Splunk Enterprise and IBM FlashSystem Storage Safeguarded Copy with IBM Copy Services Manager
title_sort	cyber resiliency with splunk enterprise and ibm flashsystem storage safeguarded copy with ibm copy services manager
topic	Enterprise resource planning Management information systems Electronic data processing Data mining Big data Progiciels de gestion intégrés Systèmes d'information de gestion Exploration de données (Informatique) Données volumineuses
topic_facet	Enterprise resource planning Management information systems Electronic data processing Data mining Big data Progiciels de gestion intégrés Systèmes d'information de gestion Exploration de données (Informatique) Données volumineuses
work_keys_str_mv	AT kantakhemant cyberresiliencywithsplunkenterpriseandibmflashsystemstoragesafeguardedcopywithibmcopyservicesmanager AT shingornikarshashank cyberresiliencywithsplunkenterpriseandibmflashsystemstoragesafeguardedcopywithibmcopyservicesmanager

Verfügbarkeit

‌

Online lesen