IBM Security QRadar SOAR

 View Only

IBM SOAR Forcepoint integration

By Alaa Elhao posted Mon November 29, 2021 05:50 AM


This guide shows a quick and simple way to integrate your IBM SOAR with Forcepoint SMC in order to manipulate firewall IP List objects via REST APIs. The use case chosen for this integration blocks IP artifacts on Forcepoint NGFW. This use case can be modified easily to run automatically or update a different object on your Forcepoint SMC.

The workflow configured consists of four functions:

  • Authentication/Login API call to SMC
  • Fetch IP list from SMC
  • Updating IP list with IP address artifact value
  • Commit changes to the firewall engine to apply new configuration
That's it! You can now block an IP based artifact from SOAR via a single click.

You can also use this guide as a framework for possibly any API capable product once you understand the flow creating an API based workflow based on the SOAR utility function.

Video tutorial and PDF guide:

Have fun with your automation!
Alaa Elhao