IBM Security QRadar SOAR administration

The administrator configures and maintains the administrative parts of the IBM® Security QRadar SOAR applications.

You access the administrative settings from the main menu by selecting Application settings > Case Management > Permissions and access. From the Administrator Settings page, several tabs are available to configure different parts of the application.

Only users granted Admin access to Orchestration & Automation from the platform can access the Case Management > Permissions and access settings. Some examples of administrator tasks include:

User administration: You manage users and their roles from the Users tab. From the Users tab you can assign groups, assign roles, and reassign cases and tasks. You can also create API key accounts to enable integrations or external scripts to access the Orchestration & Automation application through the REST API. When a user is granted access from the IBM Security QRadar Suite platform, the user must first log in to the Case Management application for their details to be shown on the Users tab.
Managing groups: You can create groups of predefined users to easily add the users to cases together. For example, you might have different teams who are added to a case or incident based on the case or incident type, location, or whether there is a malware component to the case. You create groups from the Groups tab.

Managing and assigning roles: A role is a specific set of permissions, which you can assign to users and groups. The Roles tab on the Administrator Settings screen enables you to define and manage roles.; When first accessing the Orchestration & Automation application, all users have a default role assigned. This role is called the Default role and provides permissions to create cases. You can view or change this role but you cannot delete it.

Note: In this guide, the terms incidents and cases are sometimes used interchangeably.