IBM Security QRadar SOAR

 View Only

Remediate user incidents with the IBM Cloud Identity integration with Resilient

By STEPHANIE TORTO posted Wed May 20, 2020 09:26 AM


There is a new integration between IBM Security Resilient and IBM Cloud Identity, IBM’s cloud-based identity and access management solution that helps control user access to applications both on-premise and in the cloud. As companies rapidly adopt Cloud applications, a simple and secure way to manage user access – and removal – is critical. Doing so in the context of investigating and responding to a security incident makes it even more important.

The integration between IBM Cloud Identity and Resilient allows analysts investigating and responding to an incident to act on user status as part of Resilient workflows and add the results to the incident status. User status can be managed manually or automatically.

These new functions allow you to:

  • Customize playbooks to incorporate Cloud Identity workflows
  • Remediate user incidents via playbooks by managing users, groups, and entitlements
  • Disable user access, reset account access, and remove entitlements to applications as part of incident containment and remediation

You can download the integration in the App Exchange here.


There are 6 Cloud Identity functions, as shown below, as part of this integration:

  1. Add user entitlement
  2. Add user to group
  3. Remove use entitlement
  4. Remove user from group
  5. Reset user password
  6. Disable user

These functions can be executed, automatically or manually, as part of the workflow within a playbook.

Below are two examples of workflows – one for adding a user entitlement and another for resetting the password. As shown, the process is straightforward: the access token is received, and the user entitlement is added to the application.


A similar workflow is used for resetting a password.


To integrate IBM Cloud Identity functions with the Resilient platform, visit the IBM App Exchange to download the app. You can also view documentation, system requirements, and guides there. Please be sure to visit the IBM Security Resilient Community Forums if you have any feedback.