IBM Security Join our 16,000+ members as we work together to overcome the toughest challenges of cybersecurity. Join the Community
Hello, I am currently studying SOAR.SOAR - It is linked with SIEM, and I want to close the SIEM offence using SOAR, but I don't have much information.If you have a playbook or a way, please share it
If your SOAR is linked to QRadar SIEM, you or the QRadar sysadmin must have installed the "IBM QRadar SOAR Plugin" for QRadar.
You can configure this plugin to automatically close an offense when it is closed in SOAR,
On the QRadar console, access the IBM QRadar SOAR Plugin configuration. On the "Preferences" tab check the "Close Offense when Case closes" checkbox.