Managing and configuring orchestration and automation
IBM® Security QRadar SOAR provides the tools and technology to automate and orchestrate your cybersecurity response. In this documentation, the terms cases and incidents are sometimes used interchangeably.
Overview
Your IBM Security QRadar SOAR administrator and playbook designer administer and customize the SOAR application to provide the full set of orchestration and automation capabilities to security analysts who are investigating and responding to cases. If you have apps that you want to use with IBM Security QRadar SOAR, an app developer can develop these apps.
- SOAR administrators
- IBM Security QRadar SOAR administrators can complete tasks such as setting up roles and permissions for IBM Security QRadar SOAR users, configuring inbound email connections, configuring notifications, and installing integration apps.
- Playbook designers
- Playbook designers can create custom playbooks, which drive the orchestration and automation of cybersecurity response. Playbooks are essentially dynamic templates that automatically create case tasks and determine how cases are driven from creation to resolution. Playbook designers typically create different playbooks for different case types and according to their organization's processes and tools. Playbook designers can also customize the layout and content of the Case Management application that analysts use to respond to cases.
- App developer
- App developers can develop apps for the SOAR application to access and return external data, interact or integrate with other security systems, or work as a utility that performs a specific action.
Analysts in the case management team typically do not administer the IBM Security QRadar SOAR application or create playbooks and apps, although this depends on your organization. Security analysts are primarily concerned with responding to and managing cases.
IBM Security QRadar SOAR and Case Management
