IBM Security QRadar SOAR overview

IBM® Security QRadar® SOAR is a leading security orchestration automation and response (SOAR) solution that is enhanced with alert correlation and enrichment. It provides technology to standardize and automate response to cybersecurity cases and to track, manage, and resolve cybersecurity cases.

If you are a new IBM Security QRadar SOAR user, it is important to become familiar with the key concepts. If your organization is migrating to IBM Security QRadar SOAR, make sure that you familiarize with the key components of IBM Security QRadar SOAR and the impact on your existing customizations and integrations.

IBM Security QRadar SOAR and alert correlation and enrichment

IBM Security QRadar SOAR is built on a platform that automatically enriches and correlates alerts.

The QRadar platform ingests alerts from multiple sources, enriches the alerts with context that is used to prioritize those alerts, and correlates the alerts together into a case. High priority cases are provided to an analyst with tasks for them to complete.

Security orchestration, automation, and response

The IBM Security QRadar SOAR solution provides a full set of security orchestration and automation features. Playbooks provide the ability to automate, manage, and respond to cases by streamlining and standardizing response. Based on automatically triggered playbooks, standardized tasks and actions are available for analysts to immediately begin working on cases. IBM Security QRadar SOAR capabilities provide a largely automated, fast, and flexible way for organizations to react to cybersecurity incidents.

Ingest alerts from data sources

You can configure alert collection from third-party devices. Complete configuration tasks on the third-party device, add a data source, and configure the connectors for the data source type in the QRadar platform. The key components that work together to collect events from third-party devices are data sources and data source types.

Integrated tools and apps

You can integrate the IBM Security QRadar SOAR solution with other tools and technology in your environment so that it automatically shares data with other tools and automate actions that are run by the other tools.

SOAR Breach response add-on and Privacy database

Available as an additional entitled feature, the SOAR Breach response add-on and the breach notification rules generates data breach compliance tasks for privacy and breach response cases. IBM Security QRadar SOAR maintains a database of the following privacy and breach related items:
  • Breach notification statutes (laws that are passed by a legislature and signed into law)
  • Regulations (laws made by agencies)
  • Trade organization bulletins
  • Guidance documents, including penalties where applicable
Important: Make sure that you become familiar with the key concepts, benefits, and impact of IBM Security QRadar SOAR on any existing SOAR apps, integrations, and customizations that are already in your environment. For more information, see Migrating to SOAR on the QRadar platform.