What's new in the IBM QRadar SOAR Plug-in app

Stay up to date with the new features that are available in the IBM® QRadar® SOAR Plug-in app 5.0 so that you can respond to cyberthreats faster and more efficiently.

Minimum QRadar version

The IBM QRadar SOAR Plug-in app 5.0 works only with IBM QRadar 7.5.0 UP4 or later.

New information Learn more about the minimum system requirements...

Architecture improvements

Instead of using a poller to pull offenses from QRadar, the app now relies on QRadar to push the offense candidates to an internal SOAR queue for case creation. You might see improvements to performance and reliability as a result of this change.

New information Learn more about the architecture improvements...

New capabilities in the product interface

The following capabilities are added in QRadar SOAR Plug-in 5.0:

Inbound destinations

In QRadar SOAR Plug-in 5.0, the inbound destinations for SOAR and QRadar are created automatically.

Before you configure the app, you must copy the SOAR CA certificates to the QRadar Console to allow access to the SOAR inbound destinations.

New information Learn more about configuring access to the inbound destinations...

Authentication changes

SOAR user accounts can no longer be used for authentication. You must have an API Key Account to authenticate.

New informationLearn more about configuring API Key Account authentication...

Terminology used in this document

You can use the IBM QRadar SOAR Plug-in app with several different SOAR instances.

In SOAR for IBM Cloud Pak for Security, the term case is used to refer to an incident or event in which data or a system might be compromised. IBM Security SOAR Platform uses the term incident.

In this document, case is used throughout, but it can be used interchangeably with incident.