What's New in earlier versions of the QRadar SOAR Plug-in app

Review the features and enhancements that were introduced in earlier versions of the QRadar® SOAR Plug-in app.

Version 4.1.0

  • Added multi-tenancy support.
  • Added support for organization names in MSSP configuration, in IBM Cloud Pak® for Security 1.10 and later.
  • Added more choices for offense fields when you configure automatic rules.
  • Increased the limit of the message destination name from 25 to 50 characters.

Version 4.0.7

The following updates apply to MSSP configurations:
  • Resolved issue when you configure the organization mappings.
  • Resolved errors when you use Ariel queries to access organizations.

Version 4.0.6

  • Added support for QRadar Analyst Workflow.
  • Display the case fragment on the Offense Summary page. The fragment contains a link to the corresponding case in IBM® QRadar SOAR Plug-in platform.
  • Refreshed Python package dependencies.

Version 4.0.5

  • The following updates apply to IBM Cloud Pak for Security (CP4S) mode:
    • Removed the prefix logic for the cases-rest endpoint.
    • Allow for fully customizable cases-rest and cases-stomp endpoints.
  • Ability to select the default QRadar domain in an MSSP configuration.

Version 4.0.3

  • Updated the resilient_circuits service to restart after STOMP connection errors.
  • QRadar plug-in password information is now encrypted.
  • Added the QRadar SOAR Plug-in app UD to the message destination name.
  • Resolved an issue with case-sensitive message destinations.
  • Resolved an issue with template field conversion.
  • Resolved an issue with MSSP configuration for connecting to the same organization with overlapping domains and offense IDs.

Version 4.0.0

  • On confirmation of an upgrade, the actions to complete are displayed on the Admin page.
  • Support for API key accounts with MSSP organizations on SOAR platforms V38 and later.
  • Support for multiple IBM QRadar SOAR plug-in integrations synchronizing with a single SOAR platform.
  • Support for IBM Cloud Pak for Security (CP4S) and escalating offenses as cases.
  • One message destination can be used to support both manual and automatic actions.
  • Rules are created for each instance of the SOAR integration app that is configured for the SOAR platform appliance.

Version 3.5.2

  • Fixed a bug for MSSP add-on where offenses might be escalated to incorrect organization.
  • Fixed a bug where duplicate escalations might occur during high load on the integration.
  • cafile in app.config is not reset on configuration change.

Version 3.5

  • Support for API key accounts, except when configured for MSSP.
  • Status of the background poller is shown in a new Poller status tab and as a dashboard item.
  • Updated the QRadar SDK.
  • Timeouts apply to all requests made to the SOAR platform.
  • Default memory increased to 500 Mb.
  • Dynamic Additional Artifacts in templates.
  • Offenses automatically escalated in chronological order.
  • Proper placeholders used in automatic escalation’s rule creation form.
  • Extra conditions are added to automatically created rules in the SOAR platform.
  • Renaming, uploading, and creating templates cannot overwrite existing templates.
  • Template renaming does not create a duplicate.
  • Fixed a memory accumulation issue.
  • loglevel in app.config is not reset on every configuration change.