What's new
Check for new and updates features and enhancements for IBM® Security QRadar® SOAR. Updates are ordered chronologically.
July 2024
- Add functions to SOAR playbooks with low code or no code
-
From the playbook designer canvas, you can add the functions to your playbooks from a new Functions > Connectors tab, without deploying apps to Edge Gateway.
Currently, only OpenAPI Spec 3.0 is supported for importing connector functions. Exporting or importing playbooks with connector functions is not supported currently. Also, connector functions do not work in MSSP organizations currently.
For more information, see Connectors and functions.
April 2024
- Add indicators for enriched data formats on your dashboards
-
Add indicators to tabular, big number, pie, bar, and geographic charts in your dashboard search results. Select an indicator to open a Threat Intelligence Insights panel that provides enriched information about the selected field.
The previously mentioned chart types have a Drilldown tab option to open the Threat Intelligence Insights panel. To use this feature, click .
For tabular and big number charts, you can see the enriched information directly in the charts. For pie, bar, and geographic charts, you can click parts of the chart and see enriched data format indicators in the panel.
December 2023
- Native JSON support for incident fields and data tables
- Native JSON field support is added for fields in incidents and data tables, which enables you to edit and validate JSON data and view details as a JSON tree view.
November 2023
- Machine learning enrichments
- A new machine learning service provides enrichments to alerts from all alert ingestion sources. This service is currently in preview mode.
- Easier way to manage dashboard parameters
- Improved how you manage dashboard parameters in the Manage Parameters window. You can now add labels for a parameter when it’s displayed in the Parameters card on a dashboard. For example, a label might provide more details about how to use the parameter or suggest a use case. You can also add a parameter description to provide more context, if required.
October 2023
- Case severity details and explanation
- There are significant enhancements to consistently and clearly show how the case severity is determined. Cases automatically correlated now include a case severity of one of the following: Critical, High, Medium, Low, and Benign. You can now click the case severity to open a sideview showing comprehensive information that was used to determine the case severity. You can see a complete list of findings, enrichments, and artifacts that contributed to the case severity score. The severities of each of the findings, enrichments, and artifacts is also shown.
September 2023
- Timerange selector in time-based dashboards
- Added the ability to select a timerange to display in time-based charts on the dashboard. The dashboard must include at least one widget that uses a time system variable for the time selector to appear. For more information, see Timerange selector.
- SOAR Breach Response add-on updates
- The following regulator was added in this update.
Regulator Description Connecticut
Updated the "Resource Library" and "Personal Data Type" logic to include "Precise Geolocation" as a new data type introduced pursuant to the amendment to "Connecticut General Statutes § 36a-701b - Breach of Security - Re Computerized Data Containing Personal Information".
August 2023
This release includes new feature updates and updates to the SOAR Breach Response add-on and enhancements to Case Management.
| Regulator | Description |
|---|---|
|
Bank Secrecy Act |
Updated the logic and language for “Monitor for suspicious activity and file SAR as appropriate” task for changing the timeframe from “No Due Date” to “30 Calendar Days” for SAR filing. Fixed the broken URLs to the Bank Secrecy Act and SAR online filing in the Tool Tip, Resource Library, and the task. |
|
New Zealand |
Updated the Tool Tip language. Updated the language for “Notify Office of the Privacy Commissioner” task. Specifically, added the notification timeframe recommended by the Commissioner and the link to the Commissioner’s online notification tool. |
|
Costa Rica |
Updated the contact information of PRODHAB in the language for “Notify the Data Protection Agency - PRODHAB (Costa Rica)” task. |
|
Japan |
Updated the Resource Library by adding the link to the "Q &A on the Guidelines for the Act on the Protection of Personal Information". |
July 2023
This release includes new feature updates and updates to the Breach response Privacy module and enhancements to Case Management.
| Regulator | Description |
|---|---|
|
Israel |
Updated the timeframe of “Notify the PPA (Israel)” task from "72 hours" to "immediately"; updated the language of “Notify the PPA (Israel)”. Specifically, added the interpretation of “severe security incidents” according to the new guidance of the Privacy Protection Authority (PPA), updated the PPA’s contact information, and inserted links to the new guidance, the notification form, and the list of examples qualifying as “severe security incidents” of the PPA. |
| Connecticut |
Updated language in the "Resource Library" to include breach notification obligations under the Connecticut Data Privacy Act, 2023. Updated the "Notify the Connecticut AG" task by inserting the link to the data breach notification portal. |
| Regulator | Description |
|---|---|
|
Vietnam |
The Decree No.13/2023 on the Protection of Personal Data (“the Decree”). Region: Asia Requirements and Timing: Vietnamese Law establishes rules relating to the protection of natural persons regarding the processing of personal data. In the case of detecting a violation of the Decree, the data controller must notify the Department of Cybersecurity and Hi-tech Crime Protection under the Ministry of Public Security about the violation within 72 hours after having become aware of it. The new regulator includes the “Notify the Supervisory Authority (Vietnam)” task. |
June 2023
This release includes new feature updates and updates to the Privacy module and enhancements to Case Management.
| Regulator | Description |
|---|---|
|
China |
Added paper and verbal formats according to the Personal Information Protection Law (PIPL) of 2021 and updated the tool tip language according to the PIPL. Updated the URL to Personal Information Security Specification and added the URL to its unofficial English translation in the Resource Library and in the tool tip. Updated the language in the Notify the Appropriate Regulatory Authorities or Ministries (China) task. Specifically, updated the required content of the breach notification and added the director mailbox of CAC. Updated the language in the Notify Affected Individuals (China) task to add a notification exemption. |
|
China Financial |
Updated the URL to Personal Financial Information Protection Technical Specification in the Resource Library and in the tool tip. |
|
Denmark |
Updated the URL to download the Dealing with breaches of personal data security PDF in the Resource Library. Updated the URLs to the Guidance and the online form in the Notify the Supervisory Authority (Denmark) task. |
|
GDPR |
Updated the URL to the EDPB's Guidance on Personal data breach notification under Regulation 2016/679 in the Notify the Supervisory Authority task and the Subsequent Notification to Supervisory Authority task for all EEA Regulators. |
|
Jersey |
Updated the URL to the Data Protection Authority Law in the Resource Library. Updated the language in the Notify Affected Individuals (Jersey) task. Specifically, added permitted notification delay and two notification exemptions. |
|
Kansas |
Updated the language in the Notify KS Consumers Individually task to reflect delayed notification based on a criminal investigation. Updated the language in the Notify Credit Bureaus (KS) task to indicate notification for over 1000 consumers is needed without unreasonable delay. |
|
Peru |
Updated the URL to Ley de Protección de Datos Personales - Ley No. 29733. |