IBM Security QRadar SOAR overview
IBM® Security QRadar® SOAR is a leading security orchestration automation and response (SOAR) solution that is enhanced with alert correlation and enrichment. It provides technology to standardize and automate response to cybersecurity cases and to track, manage, and resolve cybersecurity cases.
If you are a new IBM Security QRadar SOAR user, it is important to become familiar with the key concepts. If your organization is migrating to IBM Security QRadar SOAR, make sure that you familiarize with the key components of IBM Security QRadar SOAR and the impact on your existing customizations and integrations.
IBM Security QRadar SOAR and alert correlation and enrichment
IBM Security QRadar SOAR is built on a platform that automatically enriches and correlates alerts.
The QRadar platform ingests alerts from multiple sources, enriches the alerts with context that is used to prioritize those alerts, and correlates the alerts together into a case. High priority cases are provided to an analyst with tasks for them to complete.
Security orchestration, automation, and response
The IBM Security QRadar SOAR solution provides a full set of security orchestration and automation features. Playbooks provide the ability to automate, manage, and respond to cases by streamlining and standardizing response. Based on automatically triggered playbooks, standardized tasks and actions are available for analysts to immediately begin working on cases. IBM Security QRadar SOAR capabilities provide a largely automated, fast, and flexible way for organizations to react to cybersecurity incidents.
Ingest alerts from data sources
You can configure alert collection from third-party devices. Complete configuration tasks on the third-party device, add a data source, and configure the connectors for the data source type in the QRadar platform. The key components that work together to collect events from third-party devices are data sources and data source types.
Integrated tools and apps
You can integrate the IBM Security QRadar SOAR solution with other tools and technology in your environment so that it automatically shares data with other tools and automate actions that are run by the other tools.
SOAR Breach response add-on and Privacy database
- Breach notification statutes (laws that are passed by a legislature and signed into law)
- Regulations (laws made by agencies)
- Trade organization bulletins
- Guidance documents, including penalties where applicable