QRadar SOAR’s sophisticated case management capabilities provide analysts with an accessible view of additional incident context to accelerate and improve their investigation process. Additionally, dashboard visualizations and case reporting help summarize and share key metrics and findings across teams, providing visibility across your organization.
The ability to generate reports from directly within QRadar SOAR, on either a singular incident or multiple incidents, makes it easy to share information across teams and with leadership to improve visibility and clarity across the incident response process.
Winner of the Red Dot Design Award, QRadar SOAR’s Playbook Designer is a powerful tool built to help your security teams accelerate incident response. With dynamic, low-code functionality, fully automated playbooks can be designed in minutes and without any coding.
Playbook Designer is an intuitive, graphical user interface, purpose-built for automation engineers to create and customize both manual and automatic responses. Playbook Designer provides a library of pre-built tasks, scripts, functions, sub-playbooks and condition points available for immediate use. The user experience offers click-and-drag functionality for adding nodes to the canvas, and the ability to connect those nodes in countless ways to execute your process with your desired logic.
Data Navigator, released in v49.0 of QRadar SOAR, is a low-code function configuration framework available in Playbook Designer. Data Navigator allows function inputs to be configured in seconds and with just a few clicks, without the need to write any code. In previous versions of QRadar SOAR, the method of defining inputs for functions and sub-playbooks required Python and scripting knowledge. With Data Navigator, Playbook Designer now provides dynamic and sub-playbook inputs in an intuitive Playbook Schema menu. For users who still prefer Python for scripting configurations, we still expose Data Navigator in both the fields tab and scripting tab experiences.
Playbook Go-Back, released in v51.0.1.0 in QRadar SOAR, is an enhancement to our looping functionality that enables playbook designers and automation engineers to design flexible, logical flows in your playbooks, allowing the process to jump to any other node based on your defined conditions. Your flow can then re-execute functions and tasks, while intuitively showing you exactly what has been done and tracking related information in the audit trail.
Playbook Progress Visualization, released in v49.0 of QRadar SOAR, introduces a new way to view the progress of a playbook. Security analysts can more easily monitor the progress of a running playbook instance, and see the status of each node as the playbook progresses as the playbook was designed by the SOC engineer. This enables the analyst to make quicker and more reliable decisions about where intervention may be needed to move the case forward or debug an automation.
Playbook Instances, released in v51.0 of QRadar SOAR, provides a new tab to the Playbooks dashboard where playbook developers can see a holistic view of all running playbooks within their QRadar SOAR instance. Filtering by playbook status, activation type or object type, as well as more granular time and date filters, allows playbook developers to quickly and reliably determine where they need to intervene to resolve problems at either the case level or with the source playbook.
QRadar SOAR provides 300+ integrations to help streamline your incident response orchestration and automation processes.
The IBM App Exchange is a one-stop shop to browse, share and download integrations developed by IBM, third-party vendors and the broader security community. These integrations are designed to enhance and extend the capabilities of IBM Security solutions. To search across the 300+ QRadar SOAR integrations available, simply filter on the “QRadar SOAR” tab.
An emphasis on response content, available for immediate use, has continued to be a big focus for QRadar SOAR. Pre-built playbook content helps to expedite automation development and reduce design time. To support this, QRadar SOAR apps from the IBM App Exchange (both existing and net-new integrations) are being enhanced with sample playbooks within the SOAR integration itself. Today, you can filter on “Content Type” in the IBM App Exchange, and select “Playbooks” to see 60+ SOAR integrations that are outfitted with playbooks. Once the SOAR integration is configured in your system, the associated playbooks will be automatically added to the playbook library.
App Host (formerly known as Edge Gateway) is a Kubernetes-based container deployment environment that hosts app containers. After a SOAR integration is downloaded from the IBM App Exchange, the user will import it into their QRadar SOAR environment, configure the integration and deploy it on an App Host to enable the app for use.
QRadar SOAR Breach Response is built to simplify data breach compliance to data breach notification laws after a security incident occurs. It empowers your SOC analysts to take the right steps and collaborate with the right team members to respond to security breaches involving sensitive information, personal data, personally identifiable information (PII) and other types of data. With its integration of SOAR and data breach reporting, Breach Response provides organizations with support for over 200 privacy regulations worldwide, allowing information security teams to integrate privacy reporting tasks into their overall incident response playbooks.
At the heart of QRadar SOAR Breach Response is the global knowledge base. Updated regularly, this database includes data breach notification requirements across the world, such as GDPR and CCPA, as well as industry-specific regulations that have privacy breach reporting requirements, such as HIPAA. An internal team of data privacy professionals manages the global knowledge base and keeps it updated by communicating with regulators, government agencies, privacy professionals from the IBM customer base, and the wider privacy community.
SOAR Breach Response can accelerate response to data breaches by integrating privacy-specific tasks directly into the overall incident playbook. These privacy tasks detail the recommended steps that members of the security operations center (SOC) or privacy team should take to address the relevant reporting requirements.
The ability to generate reports from directly within QRadar SOAR, on either a singular incident or multiple incidents, makes it easy to share breach incident details across teams and with leadership to improve visibility and clarity across the incident response process.
DDI uses IBM QRadar SOAR to accelerate threat reactions and cut nearly 85% from response times.
Askari Bank builds specific playbooks based on their business use cases to receive automated responses, empowering their analysts to focus their energy where it matters most.
Silverfern IT uses QRadar SOAR to manage the entire security incident lifecycle when a cyberthreat is detected and automate processes as the business aligns its response efforts with predefined use cases.
Explore other IBM products to enhance your company's security.
Proactively manage your security threats with the expertise, skills and people of IBM Security Services.
Safeguard sensitive data using automated discovery, classification, monitoring and cognitive analytics.