IBM Security SOAR

 View Only



Welcome to the IBM Security SOAR User Community
Join us to learn more from a community of collaborative experts, who will help you take full advantage of the most advanced, battle-tested SOAR technology. IBM Security SOAR is the leading technology for orchestrating and automating incident response processes. Collaborate, communicate, and contribute solutions with like-minded Resilient users right here.

As a member of this online user community, you gain:

  • Direct engagement with IBM subject matter experts
  • Tips and tricks from your industry peers
  • News, announcements, and enhancement details

You’ll also get information regarding our regional and virtual user group meetings, upcoming webinars, how-to blogs, and training. We invite you to participate and ask that you contact support@communitysite.ibm.com with any questions.




IBM Security SOAR Resources

Latest Discussions

  • HI All, I reverted my Master and DR snapshot and saw this message when doing "sudo resDrStatus" Postgresql Replication Status: Not running, Retained transactions=33495984 bytes File Replication Status: Running (Synced) Both postgresql-9.6 and resilient-filesync ...

  • Hi. I have a doubt about the sizing of SOAR (CPU/Mem/etc) and its performance. I was running some very basic tests here, using jmeter, to create incidents via REST and processing a simple python script for each one. My feeling is that increasing ...

  • The data context of an Email parsing script does not have a top-level object called 'incident'. This code finds the incidents you are interested in: incidents = helper.findIncidents(query) if len(incidents) == 0: log.info(u"Incident Not Found") else: ...

Latest Blogs

  • Our following Python Libraries have been updated to version 43.1.2656 : https://pypi.org/project/resilient https://pypi.org/project/resilient-lib https://pypi.org/project/resilient-circuits https://pypi.org/project/resilient-sdk ...

    1 person recommends this.
  • We have previously communicated changes in VirusTotals license terms and of our intention to adhere to those terms and its impact on current public API key usage. https://community.ibm.com/community/user/security/blogs/ben-williams1/2021/11/19/threat-feed-virustotal-changes ...

  • Hi all, This post aims to share the new feature we made in the v43 version of SOAR to allow Functions to be able to publish updates to the Artifacts listed in the Incident. It provides the capability to extract a table from the built-in or custom Threat ...

    4 people recommend this.
  • This guide shows a quick and simple way to integrate your IBM SOAR with Forcepoint SMC in order to manipulate firewall IP List objects via REST APIs. The use case chosen for this integration blocks IP artifacts on Forcepoint NGFW. This use case can be ...

    2 people recommend this.
  • Earlier this year, VirusTotal changed their license terms (https://developers.virustotal.com/reference/public-vs-premium-api). A consequence of which, is that Public API keys are now limited to 500 queries per day. As our service deals with this you ...

    3 people recommend this.