VICTOR MAESTRE RAMIREZ - Planetary Defender on NASA's Double Asteroid Redirec...
Work Progress Report pcsmcp up lindia.docx
1. Work Progress Report
Work in Past 30 Days
Install Nessus Tool
Done Vapt
Mitigation of Vulnerability
Start installing Multiple tool For Monitoring
Configure SIEM tool
Nessus
Nessus, developed by Tenable, is a powerful vulnerability assessment tool widely used in cyber security.
Employing a plug-in-based architecture, it scans and identifies vulnerabilities in systems, networks, and
applications, providing detailed reports and supporting continuous monitoring. Users must adhere to
ethical and legal considerations, obtaining proper authorization before scanning systems.
SIEM Tool
SIEM (Security Information and Event Management) tools provide comprehensive security monitoring
and response capabilities by collecting and analyzing data from various sources. They offer log
management, real-time event correlation, alerting, and incident response features, helping
organizations detect and respond to security threats in their IT infrastructure.
Splunk
Alien Vault
Solar wind
IBM Qradar
IBM Qradar
2. IBM QRadar is a Security Information and Event Management (SIEM) solution developed by IBM.
It is designed to provide organizations with a comprehensive platform for collecting, analyzing, and
managing security data to detect and respond to cybersecurity threats. QRadar integrates various
security information and event sources, offering features such as log management, real-time event
correlation, threat intelligence integration, incident response, and customizable dashboards. It helps
security teams identify and prioritize security incidents, improving overall threat detection and response
capabilities. IBM QRadar is widely used by enterprises and organizations as part of their cybersecurity
strategy to enhance visibility and control over their IT environments.
Configuration Of IBM Qradar
System Requirements:
Ensure that your hardware and software meet the minimum system requirements for Qradar.
Verify that the network infrastructure supports the deployment.
Installation:
Install the Qradar software on the designated server(s).
Follow the installation wizard and provide the necessary information.
Configure the network settings during the installation process.
Initial Setup:
Access the QRadar console and complete the initial setup.
Set the admin password and configure basic network settings.
License and Registration:
Apply the license key to activate the software.
Register your QRadar instance with IBM to receive updates and support.
System Configuration:
Configure time settings, including NTP (Network Time Protocol) synchronization.
Set up DNS (Domain Name System) if needed.
Configure system and logging parameters based on your organization's requirements.
3. To Be Implemented
Data Source Integration:
Integrate various data sources such as firewalls, IDS/IPS, antivirus solutions, and other security devices.
Configure log sources to collect and parse data from different devices.
Use DSM (Device Support Modules) to normalize data from different sources.
Custom Rules and Offenses:
Create custom rules to detect specific security events relevant to your organization.
Configure offenses to trigger based on rule matches.
User Access Control:
Set up user accounts and assign appropriate roles and permissions.
Implement LDAP or Active Directory integration for centralized user management.
To Be Implemented
Reference Sets and Building Blocks:
Configure reference sets to define lists of items like IP addresses, usernames, or URLs for use in rules
and reports.
Use building blocks to create custom components for rule creation.
Reports and Dashboards:
Customize and create reports and dashboards based on the security information relevant to your
organization.
Schedule and export reports as needed.
Incident Response:
Set up workflows for incident response.
Integrate QRadar with other security tools and systems for a comprehensive response.
To Be Implemented
4. Tuning and Optimization:
Regularly review and tune rules and offenses to reduce false positives.
Optimize performance by adjusting retention policies and storage configurations.
Backup and Disaster Recovery:
Implement a regular backup strategy for QRadar data.
Develop a disaster recovery plan in case of system failures.
Training and Documentation:
Train the staff responsible for managing and monitoring QRadar.
Document configurations and procedures for reference and troubleshooting.
Work With Vapt team.
Remediation and Mitigation of Vulnerabilities.
Coordinate with other teams Smooth Vapt.
Engage with paper work.
Work for ISO Policies with Rahul.
Plan for Next 15 Days
Main Task for me as Cyber security Analyst is monitoring.
Try to Implement full IBM Qradar.
Work with VAPT team.
Work with Rahul on ISO Policies.