IBM Security SOAR



Welcome to the IBM Security SOAR User Community
Join us to learn more from a community of collaborative experts, who will help you take full advantage of the most advanced, battle-tested SOAR technology. IBM Security SOAR is the leading technology for orchestrating and automating incident response processes. Collaborate, communicate, and contribute solutions with like-minded Resilient users right here.

As a member of this online user community, you gain:

  • Direct engagement with IBM subject matter experts
  • Tips and tricks from your industry peers
  • News, announcements, and enhancement details

You’ll also get information regarding our regional and virtual user group meetings, upcoming webinars, how-to blogs, and training. We invite you to participate and ask that you contact support@communitysite.ibm.com with any questions.




IBM Security SOAR Resources

Search Group

Latest Blogs

  • This guide shows a quick and simple way to integrate your IBM SOAR with Forcepoint SMC in order to manipulate firewall IP List objects via REST APIs. The use case chosen for this integration blocks IP artifacts on Forcepoint NGFW. This use case can be ...

    1 person recommends this.
  • Earlier this year, VirusTotal changed their license terms (https://developers.virustotal.com/reference/public-vs-premium-api). A consequence of which, is that Public API keys are now limited to 500 queries per day. As our service deals with this you ...

    3 people recommend this.
  • When developing new Playbooks you may wish to re-user the timer feature that was existing on the Workflow: This feature does not exist (yet ?) on the New Playbook design, but can be easily simulated, with a more precise timing! You need: - The Utility ...

  • Our following Python Libraries have been updated: https://pypi.org/project/resilient/43.0.2419/ https://pypi.org/project/resilient-lib/43.0.2419/ https://pypi.org/project/resilient-circuits/43.0.2419/ https://pypi.org/project/resilient-sdk/43.0.2419/ ...

    1 person recommends this.
  • We have released v42.2.2190 of our Python Libraries for IBM Security SOAR: https://pypi.org/project/resilient/42.2.2190/ https://pypi.org/project/resilient-sdk/42.2.2190/ resilient Addressed a bug fix where it was necessary to depend ...

    1 person recommends this.

Join the Discussion

  • Posted in: IBM Security SOAR

    Hi Pierre, I would recommend using the time tracking feature, there is information on how to enable it here: https://www.ibm.com/docs/en/rsoa-and-rp/42?topic=layouts-displaying-time-tracking-information-in-tab#reference_wtl_c5d_mjb Then you can create ...

  • Posted in: IBM Security SOAR

    I'm not sure there's an 'official' way to do this, but I have similar use cases, and have two different 'solutions': - Turn on time tracking for the field, which allows you to track the total time a field was in a given state. It's not a timeline (i.e., ...

  • Posted in: IBM Security SOAR

    How to integrate Resilient to Group IB Threat intel like Virus Total or Xforce etc. Please refer below links which shows for MISP & Qradar, Could you please share the method we need to follow https://github.com/Group-IB/TI_MISP_APIv1 https://github.com/Group-IB/TI_QRadar_APIv1 ...

  • Posted in: IBM Security SOAR

    Is there a specific question you have regarding the Dockerfile configuration? In general, it isn't necessary to change it. If your app needs python libraries that aren't included by default, you'll need to customize the Dockerfile to include them: # ...

  • Posted in: IBM Security SOAR

    Dears, Appreciated anyone's support if he can help me regarding custom APP host creation. As what I found regarding the steps is as follows: 1) create needed message destination, function , workflow, and rule. 2)From vm machine away off the app host ...