What's new

Stay up to date with the new features that are available in the IBM QRadar SOAR Plug-in app 5.x so that you can respond to cyberthreats faster and more efficiently.

Version 5.5.0

  • Resolved application UI tab focus issue.
  • Improved retry case create logic for automatic offense escalation failure.
  • Updated manual escalation to use same architecture as automatic escalation.
  • Improved error message on CONFLICT status during app configuration for better diagnosis.
  • Updated Python package dependencies to newer versions to mitigate security vulnerabilities.
  • Addressed offense note duplication issue when SOAR plugin app and Enhanced Data Migration (a SOAR app) is used together.

Version 5.4.0

  • Enabled multi-tenancy support to create multiple plug-in app instances.
  • Updated Python package dependencies to newer versions to mitigate security vulnerabilities.
  • Updated automatic escalation condition rules with integer values.
  • Clarified offense notes originating from SOAR.
  • In multi-tenanted instances, the mapping tab restricts domain mapping to only those domains that are assigned to the security profile of an instance.

Version 5.3.1

  • Resolved installation conflict with IBM QRadar 7.5.x UP7.
  • Improved escalation reliability during network outage.
  • Removed the ability to adjust the number of worker threads from the user interface as it is less relevant with the new architecture.
  • Addressed security vulnerabilities. These updates impact template naming conventions. For more information, see Upgrading the app.
  • Added resiliency when connection errors occur, queuing the case action for reprocessing when the connection error is resolved.
  • Added deduplication of artifact creation for faster case processing.
  • Added logic to avoid creating duplicate cases for the same offense.

Version 5.0.3

  • Addressed security vulnerabilities.
  • Bugs fixes for automatic escalations and templates.

Version 5.0.0

  • Multi-tenancy is disabled.
  • Updated architecture. New information Learn more about the architecture improvements...
  • New features in the product interface to enable DEBUG logging level, SOAR Configuration Push from the Plug-in app UI, and ability to download log and configuration files from the user interface.
  • SOAR user accounts can no longer be used for authentication. You must have an API Key Account to authenticate.

Minimum QRadar version

The IBM QRadar SOAR Plug-in app 5.0 works only with IBM QRadar 7.5.x UP7 or later.

New information Learn more about the minimum system requirements...

Architecture improvements

Instead of using a poller to pull offenses from QRadar, the app now relies on QRadar to push the offense candidates to an internal SOAR queue for case creation. You might see improvements to performance and reliability as a result of this change.

New information Learn more about the architecture improvements...

New capabilities in the product interface

The following capabilities are added in QRadar SOAR Plug-in 5.0:

Inbound destinations

In QRadar SOAR Plug-in 5.x, the inbound destinations for SOAR and QRadar are created automatically.

Before you configure the app, you must copy the SOAR CA certificates to the QRadar Console to allow access to the SOAR inbound destinations.

New information Learn more about configuring access to the inbound destinations...

Authentication changes

SOAR user accounts can no longer be used for authentication. You must have an API Key Account to authenticate.

New informationLearn more about configuring API Key Account authentication...

Terminology used in this document

You can use the IBM QRadar SOAR Plug-in app with several different SOAR instances.

In SOAR for IBM Cloud Pak for Security, the term case is used to refer to an incident or event in which data or a system might be compromised. IBM Security SOAR Platform uses the term incident.

In this document, case is used throughout, but it can be used interchangeably with incident.