IBM Security SOAR

Posted: 15th April 2022

Product Overview

IBM Security SOAR, a Security Orchestration, Automation, and Response (SOAR) platform, is designed to help your security team respond to cyber-threats with confidence, automate with intelligence, and collaborate with consistency. It captures and codifies your established incident response processes into dynamic playbooks to guide and empower your team with knowledge to resolve incidents. It helps your team accelerate and orchestrate their response by automating actions with intelligence and integrating with other security tools. It also allows your team to visualize and understand security incidents to prioritize and take action.

Challenges Overcome Through Integration

IBM Security SOAR helps you minimize the duration and impact of a cyber attack by automating manual tasks, therefore allowing your team to focus on high-value investigations. Augmenting investigations with external threat data from Recorded Future allows analysts to resolve incidents faster and validate risk assigned to artifacts while reducing risk to the environment.

The integration between IBM Security SOAR and Recorded Future allows security responders to

  • Enrich incident artifacts with Recorded Future intelligence to reduce time to verdict
  • Detect and gain context on threat incidents to help reduce risk in the environment

Integration Description

The Recorded Future integration for IBM Security SOAR automatically enriches artifacts added to incidents.

When an incident responder captures an artifact in SOAR, the integration automates a request to Recorded Future to bring in the latest external threat data for the artifact in question. The enrichment lookup happens as a background task, and the artifact is flagged to the analyst in IBM Security SOAR. Recorded Future also integrates alerts into IBM Security SOAR as new incidents, with additional context on related IOCs including Insikt Notes, for a more complete and confident understanding of potential risks.