Hi Jared,
Thanks for the feedback. Its great to hear and keep it coming !
1 : You're the second person to mention this, and we know we've had requests in the past to filter notes by different mechanisms, so definitely something we'll consider.
2 : We're adding support for scanning attachments in the imminent 1.1 update which will also include
- Incident Q&A in multiple languages – English, French, German, Portuguese and Spanish.
- Attachments can now be scanned via pre-built action and are also included in Incident Q&A context.
- Enhanced file type support for scanning or Incident Q&A – PDF, Word, Excel, email, images, python, HTML, etc.
- Quality improvements and updated model support
- Guardrails to reject non security requests.
3 : Its worth noting that while we currently only support watsonx, within our playbooks you can select granite, llama or mistral as your LLM of choice.
That aside, any observations on how we're handling custom fields in responses ?
This is the big unknown for us and we're keen to get feedback on this point (that applies to anyone reading this :-), email me direct if thats easier.
------------------------------
Martin Feeney
Product Manager, IBM Security QRadar SOAR
martin.feeney@ie.ibm.com------------------------------
Original Message:
Sent: Thu April 03, 2025 08:37 PM
From: Jared Fagel
Subject: Announcing watsonx app for SOAR - Feedback wanted
Hi Martin,
This is great. I have come to share 3 suggestions/comments:
- I believe notes can get messy, so I'd like to see some way to organize notes on an incident into spaces where Generative AI chat could be in one of those spaces. See more: https://ideas.ibm.com/ideas/RIRP-I-1568
- An extremely common use case is referencing an attachment with a Generative AI chat. For example, I may have an obfuscated script I would like decoded or broken down by AI. In order to do this, it would be great if there was some way to associate an attachment with a note -- then in our functions we could have that sucked into the LLM. Only some genAI models support sending attachments via API today, but that list is growing.
- WatsonX is supported. Cool! I expect other generative AI integrations will follow from the community and/or IBM, as all organizations have their own standards and policies around which models are authorized and supported internally.
Good work, look forward to continued innovation.
------------------------------
Jared Fagel
Cyber Security Analyst
ALLETE Inc.
Original Message:
Sent: Tue December 03, 2024 03:11 PM
From: Martin Feeney
Subject: Announcing watsonx app for SOAR - Feedback wanted
Hi Everyone,
Today we've published our first ever AI app for QRadar SOAR where we bring watsonx powered Artifact analysis and Incident Question-and-Answers to SOAR.
Please check out the watsonx.ai for SOAR Analysts
The approach we're taking;
- Deliver as an app, so you have no new deployment footprint to deal with.
- No core UX changes so easy to adopt in existing analyst workflows.
- Support for custom fields so its ready to respond to your data
- Documented watsonx trial onboarding to simplify getting started.
- Later on, bring your own watsonx license for production use, similar to threat intel feeds.
What we're delivering;
- Notes based @watsonx Q&A which understands the context of the current incident
- Pre-built playbooks with fine tuned prompts and pre-selected models for quality and performance.
- Summarize incidents in seconds
- Understand what complex scripts do in a fraction of the time it takes today
- Clearly identifiable watsonx responses to allow your analysts make their own decisions.
- Powered by playbooks so easy to customise to your needs.
While every effort has been made to ensure we deliver value to you in this first release, we do appreciate that you each have your own unique data models and workflows. Therefore we have released this first version as "early access" in order to solicit feedback from you on how the app performs in your environments. Please provide feedback in the Ideas Portal, or else directly through your IBM contacts such as Customer Success Managers, sales people, expert labs engagements, lab advocates, etc.
------------------------------
Martin Feeney
Product Manager, IBM Security QRadar SOAR
martin.feeney@ie.ibm.com
------------------------------