What's new in Cloud Pak for Security 1.10.0

IBM Cloud Pak® for Security 1.10.0 includes new features and enhancements to the platform and core services, and the applications.

Cloud Pak for Security platform

Single sign-on method of authentication

Use the Security Assertion Markup Language (SAML) protocol to configure the single sign-on (SSO) authentication method between IBM Cloud Pak for Security and an IBM Security Verify enterprise identity source.

New information Learn more about configuring SSO...

Red Hat® OpenShift® Container Platform 4.10.x support

You can now install Cloud Pak for Security on Red Hat OpenShift Container Platform 4.10.x.

Important:
  • If you are upgrading Cloud Pak for Security to 1.10 and Red Hat OpenShift Container Platform to 4.10.x, you must upgrade Cloud Pak for Security first because earlier versions of Cloud Pak for Security are not supported on Red Hat OpenShift Container Platform 4.10.x.
  • When you upgrade to Red Hat OpenShift Container Platform 4.10.x, you might encounter a warning that the ingresses.v1beta1.extensions API call is deprecated. Acknowledge this warning and proceed with the upgrade.
WalkMe is disabled

In Cloud Pak for Security version 1.10, WalkMe is disabled. In previous versions, the WalkMe tool was enabled to provide guided tours to new users.

Simplified air-gapped environment installation
Installation in an air-gapped environment now requires fewer CLI tools, and doesn't require you to mirror packages from the Red Hat operator catalog that aren't needed.
New information Learn more about installing Cloud Pak for Security in an air-gapped environment...

IBM Security QRadar® SOAR Case Management and Orchestration & Automation

SOAR for MSSPs
SOAR for Managed Security Service Providers (MSSP) provides managed security service providers with the ability to manage multiple customers' cases from a single dashboard. Customer case data is stored separately, but can be viewed and accessed from one dashboard. Review the known issues for SOAR for MSSP described in Known issues in Cloud Pak for Security 1.10.0.
New information Learn more about SOAR for MSSPs...
Important: SOAR for Managed Security Service Providers (MSSP) replaces the Global Case Management (Beta) application that was available in previous versions of Cloud Pak for Security.
Email and system notifications

Administrators can configure the application to send system and email notifications when specific conditions occur, for example, if a user is added to a case.

New information Learn more about notifications...

New informationLearn more about creating email and system notifications...

New informationLearn more about SMTP configuration for notifications...

Playbooks features and enhancements
The Playbooks feature includes several enhancements:
  • Playbooks import and export. For more information, see Exporting and importing Playbooks.
  • Playbook designers can add sub-playbooks to a playbook. Playbook designers can create sub-playbooks to define repeatable activities to use within other playbooks. For more information, see Sub-playbooks.
  • Playbook designers can cancel the running instances of a playbook. For more information, see Canceling a running playbook.
  • Playbook designers can configure the automatic cancellation of playbooks whose activation conditions are no longer true.
  • Playbook designers can design an activation form for manually triggered playbooks where analysts can enter data when they activate the playbook. For more information, see Activation form.
  • Only scripts with object types that are compatible with the playbook's object type are shown in the library.
SOAR search
You can search through all of the SOAR application data for the Cloud Pak for Security account.
New informationLearn more about SOAR search...
Artifacts sidebar view
There is a new artifacts sidebar view from the case Overview tab.
New informationLearn more about the artifacts sidebar...
Edge Gateway

The App Host component has been renamed and re branded to Edge Gateway and the management of the component is from the General settings > Connections > Edge gateways page in Cloud Pak for Security.

Privacy updates
The Privacy module includes several new updates.
New information Learn more about the Privacy updates...

IBM Detection and Response Center (Beta)

MITRE enhancements

Support was added to upgrade from MITRE 9.0 to MITRE v10.1, which updates Techniques, Groups, and Software for Enterprise, Mobile, and ICS. Version 10 deprecates the Scheduled Task/Job: Launchd sub-technique. As a result, Detection and Response Center (Beta) redirects that mapping to the parent technique instead. For more information, see Updates - October 2021.

New information Learn more about MITRE mapping and visualization ...