IBM Security QRadar SOAR

Randori + QRadar SOAR

Randori was acquired by IBM in June 2022 to further enhance our threat detection and response portfolio. Now, we’re happy to announce that a Randori Recon integration for QRadar SOAR is now available on the IBM App Exchange.

Randori is a leading attack surface management (ASM) solution that helps clients to continuously identify external facing assets, both on-premise or in the cloud, that are visible to attackers. The real value of Randori is how it positions vulnerability management from the perspective of an attacker and assigns a temptation score to each target. Through continuous asset discovery and issue prioritization, Randori can uncover blind spots, misconfigurations, and process failures that would otherwise be missed.

Integrating Randori Recon with QRadar SOAR empowers analysts with bi-directional synchronization between solutions, enabling queries of Randori Targets and the ability to create and update corresponding cases in QRadar SOAR. Analysts can facilitate the enrichment of Randori Target artifacts, action on Shadow IT, and remediate misconfigured assets.

Available functions and playbooks

With this new integration, we support the following Functions within QRadar SOAR :

• Query Randori for new Targets in real-time and create a corresponding case in QRadar SOAR for each Target

• Update an existing Randori case in QRadar SOAR when the Target Temptation Score is updated in Randori

• Populate Randori SOAR cases with Target details that require further investigation including Service information, location, Discovery Path, and artifacts

• Include Randori Priority and Temptation scoring with a link back to categorical Guidance to help with remediation and mitigation activities

• Sync Randori Targets to QRadar SOAR cases via user-defined filter criteria

• Sync Randori Target comments to Notes in QRadar SOAR

• Set the Target Impact Score + Target Status in Randori from QRadar SOAR

• List the Discovery Path of a Target with links back to Randori

• List the Detections of a Target in QRadar SOAR

• Add Detection data as artifacts in QRadar SOAR for the following types:

• DNS Name

• File Path

• IP Address

• Port

• Service
  
  

In addition, a wide array of Playbooks are available within the Randori integration to be used with our Playbook Designer to accelerate automations created with Randori (automatic and/or manual):

• Update the Randori Target data as custom fields in a SOAR case

• Update Target comments in a SOAR case

• Update the Detections data table in a SOAR case

• Add Artifacts to the SOAR case from Target detections data

• Update the Discovery Path data table in a SOAR case

• Update the Target Status in Randori Target from a SOAR case (manual only)

• Update the Target Impact Score in Randori from a SOAR case (manual only)

• Send a SOAR note to Randori as a Target comment (manual only)

• When a Randori case is closed in QRadar SOAR, set status and post comment(s) to Randori Target (automatic only)

We look forward to continued investments in QRadar SOAR integrations as we move into 2023, and would appreciate any feedback on both the Randori integration or any of the other SOAR apps available on our IBM App Exchange.