IBM Security SOAR

Manage threats proactively with the Artifacts Management View, IBM Security SOAR’s new aggregated view of artifacts across your organization

By Elisa Miranda Gonzalez posted Mon November 23, 2020 12:17 PM


We are pleased to announce the general availability of the Artifacts Management, IBM Security SOAR’s new artifacts-centric view that allows your security team to triage, investigate, and remediate incidents faster. This new aggregated view provides your team with an efficient way to track artifacts across your organization, share historical knowledge, and maximize your existing integrations with threat intelligence feeds.

Artifacts, or indicators of compromise (IoCs), can offer valuable insights into how attackers operate, thus enabling your team to respond to a threat quickly and effectively, but also to take a proactive artifacts management approach to protect your organization. The new artifacts enhancements and the Artifacts Management view in Resilient can help your team manage threats efficiently and proactively through:

  • Access to detailed artifacts information in an intuitive format for faster decision making

New enhancements to the Artifacts tab provide security analysts with information at-a-glance to make decisions fast. Analysts can see if there are hits against threat intelligence sources associated with an artifact, the type of threat source, and the number of cases related to the artifact under investigation. This information can quickly help them determine the scale and potential severity of the attack. Additionally, SOAR now deduplicates artifacts relates artifacts of different types based off their value.

Caption: Enhancements such as number of hits, related incidents and threat source provide analysts with comprehensive view to investigate further.


  • Understand incident relationships and access historical information for better triaging

Security analysts can now triage and remediate cases faster by referring to the notes of analysts that encountered or took action on the particular artifact under investigation. It could be that an artifact is associated with other cases in the organization, so Resilient compiles all the historical information in one place to give the analyst a starting point to inspect associated cases if necessary, assuming they have the right permissions to view those cases.

Caption: See all the historical information of the artifact from the first to last time the artifact was seen, across one or multiple incidents.


  • Mitigate risk by proactively managing artifacts and taking preventive actions from the UI

A centralized view of artifacts across your organizations allows your analysts to carefully analyze artifacts and relevant contextual information to determine the risk that they pose to your organization and take action, such as blocking a known malicious IP address associated with known cyberattacks in your industry.

Caption: New Artifacts Management View, a centralized view of the artifacts, or IoCs, across your organization.


In addition to this, as part of the v39 release, Resilient also upgraded and expanded the in-product scripting engine to support a wider variety of use cases from complex scripted automations to data transformations to keep your security analysts focused on the most important tasks.

The expanded capabilities include:

  • Native support for Python 3 to enable modern scripting practices and to support more data types natively for quick and easy script writing.
  • Over a dozen out-of-the-box scripting libraries to boost your playbooks by transforming, manipulating, and displaying information to accelerate analyst decision making.
  • Time efficiencies to help security engineers focus on higher-value work by writing scripts faster, in a fourth of the time, and testing and debugging load in half the time.

This functionality is now available through Resilient SaaS and on-premise deployment (VM), IBM SOAR for Cloud Pak for Security.

To learn more about v39:

  • Read documentation: v39 release
  • Register for the v39 release webinar on December 2nd at 11am, in which the Resilient Offering Team will take a deeper dive into the newest features and capabilities, including a demo of the Artifacts Management View.