SOAR administration and organization settings
Based on a knowledgebase of incident response best practices, industry standard frameworks, and regulatory requirements, the IBM Security® QRadar® SOAR helps make incident response efficient and compliant.
The guide provides SOAR Platform administrators with an introduction to the system’s administrative user interface and requirements. The document walks through a setup of a new organization and maintenance of organization-wide settings.
Getting started with the SOAR Platform
You access the SOAR Platform from a web browser. Your administrator provides you with the URL and login information.
Before you log in, make sure that you are using a supported web browser, which is the current release or one release back of each of the following browsers: Chrome, Firefox, Safari, and Edge.
When you log in, you see your username and SOAR organization name in the header.
If you are a member of multiple SOAR organizations on this SOAR Platform, you can switch between the organizations from this menu.
At any time, you can access the documentation and Support information by selecting Help/Contact in the system menu. The Activity Dashboard page, which is the home page when you log in, also has a link to the documentation and Support.
The SOAR Platform supports a number of languages. You can change the language by setting your web browser to your preferred language. If none of the languages you set in your browser are supported, the English language is shown.
SOAR platform administrator settings
In the system menu, click Administrator Settings to view the page where you can tune the system to your specific preferences. From the Administrator Settings page, several tabs are available to configure different parts of the system.
SOAR Breach response add-on privacy add-on
The SOAR Breach response add-on privacy add-on contains the privacy database and the breach notification rules. The add-on is needed to generate data breach compliance tasks in an incident task list. Otherwise, data breach compliance tasks are not generated regardless of an indication of a data breach or breach data that is recorded in the Breach tab.
Managed Security Service Providers add-on
The Managed Security Service Providers (MSSP) add-on option, licensed separately, can manage multiple child organizations from a single global dashboard. Each child organization can be assigned to a different group, division, or company to meet their incident response requirements.
Many of the administrative procedures remain the same; however, you manage the administrative settings in the configuration organization. If you have the MSSP add-on, you need to use the MSSP Add-on Configuration Guide to configure and manage the MSSP add-on components.