IBM Security SOAR

View Only

Welcome to the IBM Security SOAR User Community
Join us to learn more from a community of collaborative experts, who will help you take full advantage of the most advanced, battle-tested SOAR technology. IBM Security SOAR is the leading technology for orchestrating and automating incident response processes. Collaborate, communicate, and contribute solutions with like-minded Resilient users right here.

As a member of this online user community, you gain:

Direct engagement with IBM subject matter experts
Tips and tricks from your industry peers
News, announcements, and enhancement details

You’ll also get information regarding our regional and virtual user group meetings, upcoming webinars, how-to blogs, and training. We invite you to participate and ask that you contact support@communitysite.ibm.com with any questions.

IBM Security SOAR Resources

Latest Discussions

Postgresql Replication Status: Not running, Retained ...

By: Sebastian Wong , 2 days ago

HI All, I reverted my Master and DR snapshot and saw this message when doing "sudo resDrStatus" Postgresql Replication Status: Not running, Retained transactions=33495984 bytes File Replication Status: Running (Synced) Both postgresql-9.6 and resilient-filesync ...
Sizing impact on incident creation and processing ...

By: Leonardo Kenji Shikida , 5 days ago

Hi. I have a doubt about the sizing of SOAR (CPU/Mem/etc) and its performance. I was running some very basic tests here, using jmeter, to create incidents via REST and processing a simple python script for each one. My feeling is that increasing ...
RE: Script error when setting field value

By: Ben Lurie , 9 days ago

The data context of an Email parsing script does not have a top-level object called 'incident'. This code finds the incidents you are interested in: incidents = helper.findIncidents(query) if len(incidents) == 0: log.info(u"Incident Not Found") else: ...

Release of v43.1.2656 Python Libraries to PyPi

By: Shane Curtin 3 days ago

Our following Python Libraries have been updated to version 43.1.2656 : https://pypi.org/project/resilient https://pypi.org/project/resilient-lib https://pypi.org/project/resilient-circuits https://pypi.org/project/resilient-sdk ...

1 person recommends this.
Deprecating support for free API key for VirusTotal

By: BEN WILLIAMS 12 days ago

We have previously communicated changes in VirusTotals license terms and of our intention to adhere to those terms and its impact on current public API key usage. https://community.ibm.com/community/user/security/blogs/ben-williams1/2021/11/19/threat-feed-virustotal-changes ...
Decorate Artifacts using SOAR Functions in v43

By: Sam Wang one month ago

Hi all, This post aims to share the new feature we made in the v43 version of SOAR to allow Functions to be able to publish updates to the Artifacts listed in the Incident. It provides the capability to extract a table from the built-in or custom Threat ...

4 people recommend this.
IBM SOAR Forcepoint integration

By: Alaa Elhao one month ago

This guide shows a quick and simple way to integrate your IBM SOAR with Forcepoint SMC in order to manipulate firewall IP List objects via REST APIs. The use case chosen for this integration blocks IP artifacts on Forcepoint NGFW. This use case can be ...

2 people recommend this.
Threat feed - VirusTotal changes

By: BEN WILLIAMS 2 months ago

Earlier this year, VirusTotal changed their license terms (https://developers.virustotal.com/reference/public-vs-premium-api). A consequence of which, is that Public API keys are now limited to 500 queries per day. As our service deals with this you ...

3 people recommend this.