Features and enhancements in IBM Security QRadar SOAR Platform 51.0.2.0

IBM Security QRadar SOAR Platform 51.0.2.0 includes new features and updates to the SOAR Breach response add-on privacy module.

Certificate validation for email connections

When configuring inbound email connections, you can choose between a client secret or certificate validation for the OAuth protocol.

For more information, see Configuring an inbound email connection.

Run actions permission

A new permission under Incident Permissions controls if a user can invoke actions on an object type. This new permission, Run Actions, enables users who do not have the Edit Incident permission to make changes to an incident by running a playbook, workflow, or rule that modifies the incident.

Users without Edit Incident permissions cannot directly make any changes to incidents. However, they can run playbooks that can modify the incident, as these are predefined operations on the incident. Playbooks, designed by playbook designers, specify what can be changed on an incident. The new Run Actions permission only enables the user to execute previously designed playbooks.

For more information about incident permissions, see Categories.

pgBackRest enhancements

You can now run the resExpireBackup command without any parameter. When you run resExpireBackup without a parameter, the system keeps only the latest full backup set (one full backup plus its incremental backup files). WAL archives for the previous backup set are also removed.