Introduction

IBM Cloud Pak® for Security can connect disparate data sources—to uncover hidden threats and make better risk-based decisions — while leaving the data where it resides. By using open standards and IBM innovations, IBM Cloud Pak® for Security can securely access IBM and third-party tools to search for threat indicators across any cloud or on-premises location. Connect your workflows with a unified interface so you can respond faster to security incidents. Use IBM Cloud Pak® for Security to orchestrate and automate your security response so that you can better prioritize your team's time.

What's inside this Cloud Pak

Cloud Pak® for Security includes the following applications.

• IBM® Threat Intelligence Insights is an application that delivers unique, actionable, and timely threat intelligence. The application provides most of the functions of IBM® X-Force® Exchange.
• IBM® Security Data Explorer is a platform application that enables customers to do federated search and investigation across their hybrid, multi-cloud environment in a single interface and workflow.
• IBM® Case Management for IBM Cloud Pak for Security provides organizations with the ability to track, manage, and resolve cybersecurity incidents.
• IBM® Orchestration & Automation application is integrated on Cloud Pak for Security to provide most of the IBM Resilient Security Orchestration, Automation, and Response Platform feature set.
• IBM® QRadar® Security Intelligence Platform is offered as an on-premises solution and delivers intelligent security analytics, enabling visibility, detection, and investigation for a wide range of known and unknown threats.
• IBM® QRadar® Proxy 1.0 provides communication between IBM Cloud Pak for Security and IBM QRadar or QRadar on Cloud. This communication uses APIs to pull powerful QRadar data into the QRadar SIEM dashboards.
• IBM® QRadar® User Behavior Analytics (UBA) is a tool for detecting insider threats in your organization. UBA, used in conjunction with the existing data in your QRadar system, can help you generate new insights around users and user risk.
• IBM® Security Risk Manager provides early visibility into potential security risks by correlating insights from multiple vectors so that you can prioritize risks to take appropriate remedial actions.
• IBM® Threat Investigator is an application that automatically analyzes and investigates cases to help determine the criticality of exposure, how many systems are at risk, and the level of remediation effort that is required.
• IBM® Detection and Response Center (Beta) provides an overview of your organization’s security posture through the security use cases available from IBM QRadar and the Sigma community tools. IBM® Threat Investigator uses these security use cases in its investigations.

For more information, see IBM Documentation.

Prerequisites

Red Hat OpenShift Container Platform

Please refer to the Planning section in the IBM Documentation.

Resource capacity requirements

Note: The system disk requirements do not include the persistent storage requirements. The persistent storage requirement for IBM Cloud Pak® for Security is 3.5 TB. For more information, see Persistent storage.

Purchasing a license

Before you can install the Cloud Pak, you must purchase a license. Purchase a license, also known as an entitlement, through IBM Passport Advantage.

Installing

For installation instructions, see . The installation takes approximately 1.5 hours to complete.

Configuration

The following table lists the configurable parameters for Cloud Pak® for Security and their default values.

Documentation

Documentation for IBM Cloud Pak® for Security can be found at .