IBM QRadar SOAR

IBM QRadar SOAR

Join this online user group to communicate across Security product users and IBM experts by sharing advice and best practices with peers and staying up to date regarding product enhancements.

 View Only

Breach Module Customization and Report

  • 1.  Breach Module Customization and Report

    Posted Mon March 31, 2025 06:10 PM

    Can I do either of the following with our Breach module:

    1. If I provide geographies and regulators (essentially my regulatory scope), can I obtain (in any manner) how SOAR will respond for all types of data, all ranges of records? Right now to see the resulting tasks I can only play the scenario game and see what is generated through test incidents. Legal wants to see all the possible tasks so they can review and customize the task description.
    2. Can I create my own tasks (provided by Legal or our internal policy, etc.) and have those custom tasks added to the playbook based on how the incident handler describes the data exposure through the breach tab?

    Also, if I augment a regulatory task with my company's specific information is there a possibility that that overridden task will be replaced during a SOAR content update?

    I see Regulatory Tasks cannot be manually added to an Active Incident even with the new release (51.0.5.0). Is this ever going to be possible?



    ------------------------------
    ken ching
    ------------------------------