Features and enhancements in IBM Security QRadar SOAR Platform 51.0.5.0

Add functions to SOAR playbooks with low code

To build integrations for the IBM Security QRadar SOAR Platform with little or no coding required, you can create connector functions by importing OpenAPI spec 3.0 files.

You must deploy connector functions using an App Host.

For more information, see New in 51.0.5.0 Connectors and functions.

Automatic refresh of incidents list

You can toggle the incidents list to update dynamically as changes occur to incidents.

When the Auto refresh toggle is enabled, the incidents list is updated dynamically when incidents for the list presets are created, updated or deleted.

For more information, see Changed in 51.0.5.0 Reviewing the list of incidents.

Add predefined tasks

When adding tasks to an incident, you can select from predefined tasks, where task instructions are already populated.

Users with a role that includes the new Add Predefined Tasks permission can select from a list of predefined tasks when adding a new task to an incident. The Predefined Task list includes enabled automatic tasks, in the order in which they are specified in Phases & Tasks in Customization Settings. Regulatory tasks are not included in the list of predefined tasks.

For more information, see New in 51.0.5.0 Adding a new task.

View playbook change logs

Security analysts and playbook designers can view playbook change history in a new side panel, showing the time of changes, the user who changed the playbook, and comments added.

For more information, see New in 51.0.5.0 Viewing playbook change logs.

Playbook build number

A playbook build number is added to uniquely identify specific versions of playbooks, both within a SOAR organization and across SOAR organizations.

The playbook build number supersedes the playbook revision number, which was not unique across organizations and is deprecated for new playbook instances, but remains for preexisting instances.

For more information, see New in 51.0.5.0 Viewing playbook change logs.

Notification links in emails enabled for SAML users

Accessing notification links in emails is improved for SAML users.

Previously, unauthenticated SAML users clicking a link to an incident were unable to log in from the link.

Modernized login screen

The IBM Security QRadar SOAR Platform login pages have been modernized.