IBM Security Advisor

Integrating with IBM Security Advisor

SUSE® Security Integrates with IBM Security Advisor on IBM Cloud.

To generate the registration URL required, please log into the SUSE® Security console as an administrator and go to Settings → Configuration.

  1. Enable "Integrate with IBM Security Advisor" → Submit

  2. Click "Get URL" → Copy to clipboard

ibmconfigure

Then return to the IBM Security Advisor console, and under "Enter the SUSE® Security setup URL", type in "https://{SUSE® Security controller hostname/ip}:{port}" and paste what is copied in from the steps above. For the port, use the exposed SUSE® Security REST API port (default is 10443). For multi-cluster environments this is also the 'fed-worker' service which exposes this port.

IBM Security Advisor will communicate with your SUSE® Security cluster controller thru the provided hostname or IP. Note: This may need to be exposed as a service for access from outside the Kubernetes cluster, similar to how the REST API is exposed as a service.

Verifying the Connection

When the connection is successfully created between IBM Security Advisor & SUSE® Security, you will see the green "Connected at {date, time}" icon next to "Integrate with IBM Security Advisor" in the SUSE® Security Console.

connected

Reviewing Security Events in IBM Security Advisor

A summary card with security event information is displayed.

threats

Each security event can be investigated in more detail, as shown below:

findings

Removing the Integration

If you delete a SUSE® Security integration connection in your IBM Cloud account, remember to also disable the "IBM SA integration" for that SUSE® Security cluster in Settings → Configuration.