Minimum system requirements
System requirement | Description |
---|---|
QRadar |
You must have QRadar 7.5.0 UP7 installed to use the IBM QRadar SOAR Plug-in 5.x app. If you are using earlier versions of QRadar, search the IBM Security App Exchange to find a compatible version of the IBM QRadar SOAR Plug-in. Earlier versions of the app are not available in IBM QRadar Assistant. You must download them from the IBM Security App Exchange. |
SOAR Platform |
You must have SOAR Platform v46 or later installed. QRadar SOAR Plug-in 5.x does not support multi-tenant configurations. If your deployment is configured for multi-tenancy, do not upgrade the app. |
Content pack |
New in 5.0 The IBM QRadar SOAR Plug-in 5.x content pack contains the rules that are used to send events to SOAR inbound destinations. Download the content pack from IBM Security App Exchange and use the Extension Management tool to install it. |
Port access |
QRadar must have access to
the following ports:
|
QRadar memory |
Ensure that QRadar has at least 800 MB of memory available to run the app. Restriction: The combined memory requirements of all apps that are installed on a QRadar Console cannot exceed 10 percent of
the total available memory. If you exceed the 10 percent memory allocation, the apps do not run.
If your QRadar Console does not have enough memory available to install the app, you can install it on an App Host. For more information, see App Hosts in the QRadar Administration Guide. For more information about how to calculate the amount of memory that is used by apps that are installed on the QRadar Console, see the Apps and Resource Limitation technote (https://www.ibm.com/support/pages/qradar-apps-and-memory-resource-limitation). |
SOAR Platform User Account |
You must have a dedicated SOAR Platform account. You must know the account username and password. The account must have permissions to create cases, and view and modify administrator and customization settings. If you are using the MSSP add-on, the account must also have permissions to access the configuration, global dashboard, and all child organizations. Tip: If you change your SOAR Platform account, make sure that the new
account has the same permissions.
If you are using SOAR for IBM Cloud Pak® for Security, click to create the API key. |
SOAR API key account |
You must have a dedicated SOAR API key account. The account must have the following permissions:
|
API key accounts in an MSSP configuration
If SOAR is configured for Managed Security Service Providers (MSSP), the API key account must have access to ALL of the child organizations. If you change the API key permissions, you must push the configuration to all child organizations.
You can push the API key permissions to the child organizations from the SOAR product interface.
- Go to the configuration organization, which is identified by the icon.
- Select Push Configuration.
Wait a few minutes for the configuration push to complete. You can view the status of the configuration push in the table. Clicking the Status column provides details about the state of the push for each organization.
and click