IBM QRadar SOAR

 View Only

IBM SOAR Forcepoint integration

By Alaa Elhao posted Mon November 29, 2021 05:50 AM

  

This guide shows a quick and simple way to integrate your IBM SOAR with Forcepoint SMC in order to manipulate firewall IP List objects via REST APIs. The use case chosen for this integration blocks IP artifacts on Forcepoint NGFW. This use case can be modified easily to run automatically or update a different object on your Forcepoint SMC.

The workflow configured consists of four functions:

  • Authentication/Login API call to SMC
  • Fetch IP list from SMC
  • Updating IP list with IP address artifact value
  • Commit changes to the firewall engine to apply new configuration

That's it! You can now block an IP based artifact from SOAR via a single click.

You can also use this guide as a framework for possibly any API capable product once you understand the flow creating an API based workflow based on the SOAR utility function.

Video tutorial and PDF guide: https://ibm.box.com/s/lmpz5ero0uz40cxzeixnsuhpjp6h13w8

Have fun with your automation!
Alaa Elhao

      3 comments
      57 views

      Permalink

      Comments

      Ahmed Shalaby
      Thu February 23, 2023 06:39 AM

      Thanks @Alaa Elhao for fast response 

      Alaa Elhao
      Wed February 22, 2023 09:12 AM

      @Ahmed Shalaby  link has been updated. Feel free to comment or send me a message, if you have questions.

      Ahmed Shalaby
      Wed February 22, 2023 08:48 AM

      Thank you for the post, can you please share the PDF or tutorial again, the link did not work