Orchestrate incident response with IBM Security Resilient integrations

AbuseIPDB is an IP abuse data clearinghouse and API that crowdsources  and aggregates real-time data on IP addresses engaged in malicious activity. The AbuseIPDB integration with Resilient/SOAR automatically checks IP address artifacts from incidents against the AbuseIPDB database, alerting the response team if anyone else has report malicious activities.  

A leading provider of business-driven security management solutions, AlgoSec enables the world’s largest organizations, including 20 of the Fortune 50, to align business and security strategies and manage their network security – helping them to become more agile, secure and compliant.

Anomali automates detection and prioritization of the most serious threats to your organization and promotes a more proactive security posture with insights from cyber threat intelligence. 

Armis, the leading unified asset visibility and security intelligence platform, helps secure the expanded attack surface that connected assets create.

This extension integrates the Armis platform with QRadar, enabling security analysts with convenient right-click lookups of Armis alerts and device information without leaving the QRadar console. Analysts can also click through to the Armis console. 

Attivo Networks, a leader in deception technology, provides an active defense for early detection, forensics, and automated incident response to in-network attacks. Attivo Networks® provides security orchestration & incident management through the Resilient SOAR platform which gives visibility into environment & threat intelligence from Attivo decoys that feed into the Resilient platform.

With a powerful platform and team of experts, Bugcrowd connects organizations to a global crowd of trusted security researchers. Bugcrowd's integration with Resilient allows users to synchronize accepted submissions from Crowd control to the Resilient platform.

VMware Carbon Black is a leading provider of next-generation endpoint security, leveraging its big data and analytics cloud platform to consolidate prevention, detection, response, threat hunting and managed services into a single platform, with a single agent and single console.

Cisco security products deliver effective network security, incident response, and heightened IT productivity through automation. Cisco and IBM Security deliver effective security in the form of integrated solutions, managed services, and shared threat intelligence. 

Code42 Next-Gen DLP provides simple, fast detection and response to everyday data loss from insider threats by focusing on customer data on endpoints and the cloud. The Code42 for Resilient app accelerates incident response by combining Resilient’s market leading automation and incident handling with Code42’s context of file activity to accelerate detection & response to data loss incidents.

CrowdStrike, the leader in cloud-delivered endpoint security, offers instant visibility and protection and prevents endpoint attacks on or off network. The CrowdStrike Falcon Extensions for Resilient enable you to ingest Detections or IOCs and leverage Sandbox Analysis to scan for potential malware. You can automate security playbooks to isolate and identify threats for effective response.

Cybereason is an Endpoint Protection Platform that offers multi-layered endpoint prevention, detection and response and active monitoring. The Cybereason app enables users to leverage the power of the Cybereason Platform within Resilient. Using the app, analysts can now automatically import high fidelity alerts, investigate and respond to incidents within the Resilient workflow.

EclecticIQ enables intelligence-powered cybersecurity for government organizations and commercial enterprises. They develop analyst-centric products that align their clients' cybersecurity focus with their threat reality. Additionally they tightly integrate their solutions with their customers' IT security controls and systems.

Everbridge is a global software company that provides enterprise software applications that automate and accelerate organizations' operational response to critical events in order to keep people safe and businesses running. The integration with Resilient allows you to utilize the power of an enterprise incident response solution with the collaboration capabilities of Everbridge. 

Intezer's Genetic Malware Analysis technology offers enterprises automated malware analysis for improving their security operations and accelerating incident response. The integration with Resilient enriches threat investigations with unique intelligence, including code and string reuse, malware family classification, and threat actor attribution. 

McAfee is the device-to-cloud cybersecurity company. The combination of McAfee products with Resilient’s Incident Response Platform ensures security analysts can operationalize threat intelligence data in real time, allowing them to focus their energy on investigation and response.

Mimecast is a cybersecurity company that helps thousands of organizations worldwide make email safer and strengthen their cyber resilience. The Mimecast integration with Resilient delivers a more complete SOAR platform. The Mimecast Actions Add-On offers 22 actions to help customers enrich SOC automation and broaden the scope of playbook-driven incident response and remediation.

Netskope, the SASE leader, combines CASB, SWG, and ZTNA natively in a single platform that is fast everywhere, data-centric, and cloud-smart.
The Netskope application for IBM SOAR enables customers to surface dangerous cloud activities and take action in response. Actions include pulling enrichment logs and sharing malicious IP addresses/URL with Netskope for policy use.

Proofpoint, Inc. (NASDAQ:PFPT) is a leading cybersecurity company that protects organizations' greatest assets and biggest risks: their people. The user context Proofpoint/ObserveIT provides will streamline your Resilient investigations. The included automated workflow functions will bring the ObserveIT insights to your incidents either automatically or with the click of a button.

Data tells a story, Polarity helps you see it with Augmented Reality overlaying contextual info as you work for superhuman Data Awareness and Recall. Polarity searches resilient for incident information and allows users to take notes related to that incident.

Recorded Future offers both off-the-shelf and custom features that Resilient users can use to bring real-time threat intelligence into the security operations center. 

Red Hat Ansible Automation Platform provides enterprise automation for the entire IT organization, no matter where you are in your automation journey. Security teams can leverage the Resilient SOAR Platform and Red Hat Ansible Automation Platform to automate and orchestrate response to security incidents across their business.

ReversingLabs is a provider of explainable threat intelligence solutions that better support security analysts in their IR decision-making process. ReversingLabs provides Resilient with threat intelligence based on human-readable indicators and transparency in analysis that enables SOCs to confidently verify alerts, automate incident response and develop threat skills.

SUSE NeuVector, the leader in Full Lifecycle Container Security, offers a cloud-native Kubernetes security platform. NeuVector integrates with IBM Resilient SOAR product, the integrations will also work with IBM Cloud Pak for Security platform's integrated SOAR capability.

Tufin enables organizations to automate the security policy visibility, risk management, provisioning and compliance across their hybrid environment. The playbooks designed in IBM Resilient leverages Tufin to improve continuous security as well as accelerate response to an attack with accurate information about the network security devices and policies, thus providing visibility and automation.

TruSTAR is an intelligence platform that helps enterprises leverage multiple sources of intelligence and fuse it with their own event data to prioritize and enrich investigations. The integration with Resilient instantly enriches and prioritizes correlations to accelerate analyst workflow - saving time and costs.  

Whispir is an omni-channel communication platform that extends the capabilities of an organizations' security operations center. With the Whispir integration, incident response and resolution communications can transition from alerts to actionable, interactive conversations.

150+ security vendors work with IBM to offer integrations and solutions