The Resilient team is pleased to announce the new integration that extends the capabilities of the Resilient platform with QRadar Advisor with Watson Functions to help win the fight against the bad guys. This is the second post describing a new extension with QRadar, and the first post on QRadar Functions can be found here.

Functions Capabilities

Security analysts can use this function package to assess incidents, identify missing threats, and quickly and effectively respond to incidents. The functions will:

• Perform a Watson Search on a Resilient artifact (IP address, hostname, file hash, etc.) and retrieve suspicious observables related to it. 
  
  
• Perform an extended Watson Search, using local context from your QRadar logs, and retrieve results including a cyber threat intelligence (CTI) report in Structured Threat Information eXpression (STIX2) format.
  
  
• Perform a full analysis on a QRadar offense linked to the Resilient incident, and retrieve results including CTI data from QRadar Advisor and IBM Watson in STIX format.
  
  

These functions substantially expand the capabilities of an incident response plan. The power of Watson allows a security analyst to dive deeper into artifacts that are being tracked within Resilient and provide context surrounding these artifacts. The information and context provided by these Watson functions are valuable to the analysis and enrichment of an incident.

The Watson functions also take full advantage of the new features in Resilient v30. The new workflow features in Resilient v30 allow users to build dynamic playbooks and automation workflows that call QRadar Advisor with Watson in a completely flexible and customizable way. Below is a screenshot of the Resilient platform and the workflow that can be customized using the “Watson Search” function.

Utilizing Functions in v30

Building and designing workflows and playbooks with Watson functions is faster and easier to maintain in Resilient v30. The dynamic playbooks are more powerful and more adaptable to various needs and use cases. The Resilient workflow design tool allows you to quickly and simply thread functions together in infinite ways, passing the result of one directly to the next (or processed by a custom script).

QRadar Advisor with Watson Functions is the next step in putting smart to work. To use this integration a customer must have IBM QRadar, IBM Watson, and IBM Resilient. The integration between all three of these powerful tools will enable a security team to map out and analyze incident artifacts and form a swift and calculated response.

The newly published integration along with its documentation, can be found on the IBM Security App Exchange.

Download from the App Exchange: https://ibm.biz/BdYG4n

If you have any questions or comments about this new release, please comment here or post a new message under the Discussion tab in the Resilient Community.