In the newly released v32 of Resilient there have been a number of important additions and changes. Visually, you are starting to see the transformation of the platform’s UI to IBM Studio’s Carbon styling. Additionally, we’ve improved on our existing email experience by delivering a new in-product email capability with an initial focus on inbound email and usability.

Email ingestion of security alerts is an integral part of responding to incidents. The new in-product inbound email feature in v32 of Resilient has been made available during a time where email-driven phishing attacks are one of the most common investigations for security teams.

These features improve on the existing email connector by simplifying the setup, maintenance, and processing of email alerts ingested into the Resilient platform. This is accomplished by bringing all aspects of the email processing into the main platform UI. Our goal was to reduce the time and effort in email processing and remove any impediments for a fully integrated response.

Introducing the Improved Features of the In-Product Email Connector in Resilient:

Emails are now integrated objects within an incident and can be found under their own “email” tab within an incident. The email tab contains the email that generated the incident and populated the incident with the artifacts: 

To make the setup easier, email connections can be defined and tested within the UI. If testing new connections generates certificate errors, there is the ability to add and upload new certificates on that page. There is also the ability to add more than one connection, so you can add multiple inbound connections per organization: 

 Emails will now be directly referenceable within UI contexts, such as rules and scripts. And the new triage inbox highlights emails that haven’t been associated with an incident by automatic processing. The rules take a new object type of “email message” that the script is being run off of. This is new for v32 of Resilient when it comes to object types: 

 The updates in the v32 release also enhance the integrated response capabilities within Resilient. The generic email parsing script that is available on the IBM Security App Exchange is also being delivered in combination with the In-Product email feature. This generic script will kickstart customers who are working to get this feature up and running. It will create or update incidents, and it will also create artifacts. It is designed to customize your environment and provide more realistic response scenarios.

This first release focuses on inbound email and triage inbox, subsequent releases will enhance initial capabilities as well as adding support for outbound emails.

The triage inbox is there for emails that fail to get automatically processed and associated with an incident. The email ID is provided to help with debugging in the script editor which can help with troubleshooting. There is the option to download the email to view offline or the option to delete the email. These are permission controlled as well: 

 The Ongoing UI Refresh of Resilient

From the screenshots above you may have noticed some aesthetic changes to the platform UI.  Along with the new email updates in v32, the Resilient platform has received a makeover to map to IBM Design Studio’s Carbon styling. The IBM Design Studio provides a full library of HTML and SCSS to get a consistent look and behavior across IBM Security products.

This will be an ongoing area of improvement with the upcoming releases, but this first phase allows for enhanced viewing on the full-width screens that are frequently used in the SOC. There are also slight layout changes like moving the Incident Details sidebar to the right for better navigation and visibility across panes: 

To watch a replay of the full webinar on v32 of Resilient that highlights all of the updates and new features, please click here. The slides from this webinar can be found here. This webinar also features Monica Dubeau, Privacy Program Manager, who highlights the significant updates to the Privacy module to support new global regulations.