Frequently asked questions

Get answers to the most commonly asked questions about IBM Security® QRadar® SOAR.

What is SOAR?

As defined by Gartner, Security Orchestration, Automation and Response (SOAR) tools allow security teams to take inputs from a variety of sources and apply workflows aligned to previously defined processes and procedures. SOAR technologies introduce efficiency to security operations by enhancing activities such as threat detection and response, and maintaining consistency with people and processes. Read the 2020 Gartner Market Guide on SOAR to learn more.

What is IBM Security QRadar SOAR?

IBM Security QRadar SOAR is the leading platform for orchestrating and automating incident response processes with unique automation, reporting, and privacy capabilities, and numerous integrations with other security and IT tools. Today, numerous SOCs and Fusion centers rely on IBM Security QRadar SOAR to form their incident response hub, the center of their SOC.

What is an incident response playbook?

A playbook is a set of tasks or workflow(s), which may or may not be automated, associated with a specific threat type. It determines the organizational response to a type of threat and guides analysts through the investigation and remediation process, therefore improving consistency and reducing time to respond. IBM Security QRadar SOAR playbooks are unique as they are dynamic and additive, which means that they evolve with an incident as new information is uncovered. Read the white paper on playbook-driven cybersecurity.

What is a workflow?

A workflow codifies and describes a specific set of tasks or action around a particular security process. A playbook is made up of one or multiple workflows. To get up to speed on SOAR, read our white paper “How to Be a SOAR Winner.”

What is security orchestration?

Orchestration refers to the ability of a SOAR platform to integrate with other security tools through defined connectors. Once these disparate security tools are integrated, a SOAR platform such as IBM Security QRadar SOAR can execute a wider orchestration of people, technologies, and processes to respond to security incidents efficiently and effectively. To find other definitions of SOAR terminology read our white paper "How to Be a SOAR Winner".

Is a SOAR tool right for me?

Companies that can fully optimize a SOAR platform such as IBM Security QRadar SOAR need to understand and evaluate internal processes to assess if automation will provide the intended benefits and have the internal skills to customize and leverage the platform on an ongoing basis.

Where can I download applications to build an integration ecosystem for IBM Security QRadar SOAR?

There are over 160 IBM validated and supported applications, as well as community applications that can be integrated with IBM Security QRadar SOAR. You can download these applications from the IBM App Exchange, where new applications are being added regularly.

What is IBM Security QRadar SOAR with Privacy?

IBM Security QRadar SOAR with Privacy allows security teams to integrate privacy reporting tasks and deadlines into their overall incident response playbooks, and work together with your privacy and legal teams to address regulatory requirements. It also helps organizations maintain a single, auditable record of all aspects of their breach response.

Which regulations are supported by IBM Security QRadar SOAR with Privacy?

At the heart of IBM Security QRadar SOAR with Privacy is the Global Knowledgebase, which is a regularly updated database that supports over 170 breach notification regulations globally, including GDPR, PIPEDA, HIPAA, and CCPA, among others. Read the data sheet for more information.

What is the MSSP Add-on?

It’s a capability of IBM Security QRadar SOAR that’s designed to meet the specific requirements of managed SIEM and MDR service providers. It delivers the scalability and predictability that service providers need to grow their security business. Read the solution brief for more information.

Does IBM Security QRadar SOAR integrate with IBM Security QRadar SIEM?

Yes. By integrating IBM Security QRadar SOAR with a SIEM, such as IBM Security QRadar SIEM, you can build out a complete threat management solution that covers detection, investigation and remediation of threats across a wide range of cybersecurity use cases. Read the solution brief for more information.

Does IBM Security QRadar SOAR integrate with IBM Security Verify®?

Yes. The Security Verify Functions for SOAR application allows you to act on user status from SOAR workflows and it updates the incident with results. Download the app from the App Exchange.

Does IBM Security QRadar SOAR integrate with IBM Security MaaS360®?

Yes. The MaaS360 functions for SOAR application enable you to perform certain mobile device management (MDM) actions using MaaS360. Download the app from the App Exchange.


How is IBM Security QRadar SOAR deployed?

IBM Security QRadar SOAR can be deployed on premises, in IaaS, or via the cloud (SaaS). It’s also available as part of IBM Cloud Pak® for Security (on premises).

Is there a community for IBM Security QRadar SOAR users and developers?

Yes. IBM Security QRadar SOAR has a dedicated space within the IBM Security Community. It’s free to join and open to everyone. The community offers a constant stream of freshly updated content, including featured blogs, release updates, and forums for discussion and collaboration. Join the community!

Other common questions

What is IBM Cloud Pak® for Security?

IBM Cloud Pak for Security is a platform comprised of containerized software pre-integrated with Red Hat® OpenShift®. It connects to your existing security tools, and through open standards, it allows you to search for threat indicators across your hybrid, multicloud environment.

Can IBM Security QRadar SOAR be deployed through IBM Cloud Pak for Security?

Yes. IBM Security QRadar SOAR can be deployed through IBM Cloud Pak for Security. As part of IBM Cloud Pak for Security, SOAR seamlessly integrates with Data Explorer and Threat Intelligence Insights.