IBM SOAR | Recorded Future


Product Overview

IBM Security Resilient, a Security Orchestration, Automation, and Response (SOAR) platform, is designed to help your security team respond to cyber-threats with confidence, automate with intelligence, and collaborate with consistency. It captures and codifies your established incident response processes into dynamic playbooks to guide and empower your team with knowledge to resolve incidents. It helps your team accelerate and orchestrate their response by automating actions with intelligence and integrating with other security tools. It also allows your team to visualize and understand security incidents to prioritize and take action.

Challenges Overcome Through Integration

Resilient helps you minimize the duration and impact of a cyber attack by automating manual tasks, therefore allowing your team to focus on high-value investigations. Augmenting investigations with external threat data from Recorded Future allows analysts to resolve incidents faster and validate risk assigned to artifacts while reducing risk to the environment.

The integration between IBM Security Resilient and Recorded Future allows security responders to

  • Enrich incident artifacts with Recorded Future intelligence to reduce time to verdict
  • Detect and gain context on threat incidents to help reduce risk in the environment


Integration Description

The Recorded Future integration for Resilient automatically enriches artifacts added to incidents.

When an incident responder captures an artifact in Resilient, the integration automates a request to Recorded Future to bring in the latest external threat data for the artifact in question. The enrichment lookup happens as a background task, and the artifact is flagged to the incident responder in Resilient when the enrichment is available.

Available enriched artifacts include IPs, Domains, Hashes, and Vulnerabilities (CVEs). Data from Recorded Future will continue to be automatically updated on the artifact periodically until the parent incident is closed.