IBM Security Resilient

IBM® Security Resilient® remediates incidents in IBM Security Verify by interacting with user profiles. This integration contains multiple functions for remediation actions to act on user statuses manually or automatically, and updating the incident with result.

For more information on IBM Security Resilient, see https://www.ibm.com/support/knowledgecenter/SSBRUQ.

The included actions in this integration are:

Add User Entitlement
Entitle a Verify user for an existing Verify application.
To validate the action:
  1. Open your Verify tenant administration console.
  2. Go to Applications -> Your application settings
  3. Go to Entitlements. The added user is present under Entitlements.
Remove User Entitlement
Disable application entitlements for Verify users.
To validate the action:
  1. Open your Verify tenant administration console.
  2. Go to Applications -> Your application settings.
  3. Go to Entitlements. The added user is removed from application Entitlements.
Add User to Group
Add a Verify user into an existing Verify Group.
To validate the action:
  1. Open your Verify tenant administration console.
  2. Go to Users and groups -> Groups -> Your group.
  3. User is added to the group members.
Remove User from Group
Remove a Verify user from an existing Verify Group.
To validate the action:
  1. Open your Verify tenant administration console.
  2. Go to Users and groups -> Groups -> Your group.
  3. User is removed from the group members.
Reset User Password
Reset a Verify user's password.
To validate the action:
  1. Check user's email for the new password.
Set User Inactive
Make a Verify user inactive.
To validate the action:
  1. Open your Verify tenant administration console.
  2. Go to Users and groups -> User's.
  3. Click 'user details' of your user. Status of user is 'Disabled'
Installation

Download the package at https://exchange.xforce.ibmcloud.com/hub/extension/206ad33a6275c76b4c8a774a7bc8d4ec.

To install the extension, extract the package and run:
pip install .\ci_resilient/
After installation, the package is loaded by running:
resilient-circuits run

Inputs:

Name Type Required Example
ci_tenant string Yes <yourTenant.ibmcloud.com>
client_id string Yes 1234567889800
client_secret string Yes secret
ci_username string Yes (depends on action) ci_resilient_user
ci_applicationname string Yes (depends on action) frankly
ci_group_id string Yes (depends on action) 64000572LO
Output Example:
Successfully Added user (ci_resilient_user) to group
Example Pre-Process Script:
inputs.authorization = workflow.properties.access_token.value
inputs.ci_applicationname = rule.properties.ci_applicationname
inputs.ci_username = rule.properties.ci_username
inputs.ci_tenant = rule.properties.ci_tenant
Example Post-Process Script:
incident.addNote(results.value)