Architecture
Changed in 5.0 The
architecture of the IBM
QRadar SOAR Plug-in 5.0 app
incorporates a closer integration between IBM Security QRadar SIEM and IBM Security SOAR, including SOAR for IBM Cloud Pak® for
Security. This new architecture allows
near real-time escalation of offense data to cases.
Instead of using a poller to pull offenses from QRadar, the app now relies on QRadar to push the offense candidates to an internal SOAR queue for case creation.
The new architecture results in the following improvements:
- Provides greater reliability to ensure that all offenses that are intended for case creation are queued and processed.
- Provides near real-time case creation.
- Provides more fault tolerance when network outages occur between your IBM Security QRadar SIEM and IBM Security SOAR deployments.
To benefit from the improved architecture, you must have current versions of the QRadar SIEM and SOAR platform installed. For more information, see Minimum system requirements.