IBM Security Resilient
IBM® Security Resilient® remediates incidents in IBM Security Verify by interacting with user profiles. This integration contains multiple functions for remediation actions to act on user statuses manually or automatically, and updating the incident with result.
For more information on IBM Security Resilient, see https://www.ibm.com/support/knowledgecenter/SSBRUQ.
The included actions in this integration are:
- Add User Entitlement
- Entitle a Verify user
for an existing Verify
application.To validate the action:
- Open your Verify tenant administration console.
- Go to Applications -> Your application settings
- Go to Entitlements. The added user is present under Entitlements.
- Remove User Entitlement
- Disable application entitlements for Verify users.To validate the action:
- Open your Verify tenant administration console.
- Go to Applications -> Your application settings.
- Go to Entitlements. The added user is removed from application Entitlements.
- Add User to Group
- Add a Verify user into
an existing Verify
Group.To validate the action:
- Open your Verify tenant administration console.
- Go to Users and groups -> Groups -> Your group.
- User is added to the group members.
- Remove User from Group
- Remove a Verify user
from an existing Verify
Group.To validate the action:
- Open your Verify tenant administration console.
- Go to Users and groups -> Groups -> Your group.
- User is removed from the group members.
- Reset User Password
- Reset a Verify user's
password.To validate the action:
- Check user's email for the new password.
- Set User Inactive
- Make a Verify user
inactive.To validate the action:
- Open your Verify tenant administration console.
- Go to Users and groups -> User's.
- Click 'user details' of your user. Status of user is 'Disabled'
Installation
Download the package at https://exchange.xforce.ibmcloud.com/hub/extension/206ad33a6275c76b4c8a774a7bc8d4ec.
To
install the extension, extract the package and
run:
pip install .\ci_resilient/
After installation, the package is
loaded by running:
resilient-circuits run
Inputs:
Name | Type | Required | Example |
---|---|---|---|
ci_tenant | string | Yes | <yourTenant.ibmcloud.com> |
client_id | string | Yes | 1234567889800 |
client_secret | string | Yes | secret |
ci_username | string | Yes (depends on action) | ci_resilient_user |
ci_applicationname | string | Yes (depends on action) | frankly |
ci_group_id | string | Yes (depends on action) | 64000572LO |
Output
Example:
Successfully Added user (ci_resilient_user) to group
Example Pre-Process
Script:
inputs.authorization = workflow.properties.access_token.value
inputs.ci_applicationname = rule.properties.ci_applicationname
inputs.ci_username = rule.properties.ci_username
inputs.ci_tenant = rule.properties.ci_tenant
Example Post-Process Script:
incident.addNote(results.value)