IBM Security QRadar SOAR

 View Only
Expand all | Collapse all

Email connection for Resilient in the cloud

  • 1.  Email connection for Resilient in the cloud

    Posted Wed February 17, 2021 02:18 PM
    Hi everyone,
    We use Resilient in the cloud (Saas platform) V39
    When you configure an email connection for a Resilient in the cloud platform, is the mail server accessed from the platform in the cloud or is it accessed through the integration server that is on-premise?
    In the first case, this would mean the mail server needs to be availabe from the Internet, right?

    ------------------------------
    Pierre Dufresne
    ------------------------------


  • 2.  RE: Email connection for Resilient in the cloud

    IBM Champion
    Posted Wed February 17, 2021 06:32 PM
    If you plan to use an email box with Resilient, and not just the API, then you'll need an internet facing mailbox for the cloud to ingest emails from, yes. At one time, Resilient allowed hosting inboxes for customers, so you could have an internal mailbox that just acted as a forwarder to a Resilient-hosted mailbox. I'm unsure if they still offer this or not. If not, then you'd need to have a on-prem mailbox accessible to the internet.

    Again, the above is assuming you aren't relying on the API for incident creation. If you use the API solely, then you wouldn't need an email box. For example, you could develop a standalone script and have it run on your integration server (not supported by Resilient) that reads internal emails from one or more mailboxes and converts them to incidents via the API. If you wanted to go that direction, you could probably pull chunks from the Exchange integration and Resilient Utilities. This would take more time for development and require some Python skill, but could solve the challenge of wanting the cloud UI with on-prem airgapped mailbox.

    ------------------------------
    Jared Fagel
    Cyber Security Analyst I
    Public Utility
    ------------------------------