0
2.3.0
Washington DC, Vancouver
IBM Security QRadar Security Orchestration, Automation, and Response (SOAR) Platform enables organizations to orchestrate and automate the people, processes, and technology that are associated with responses to security events.
With the SOAR platform and ServiceNow IT Service Management integration, SEC Ops professionals can communicate security incidents in realtime. The integration allows for bi-directional synchronization of notes and incidents enabling the security and operations teams to be aligned during critical security events.
- Bi-directional integration between Records in the ServiceNow Incident Table or Security Incident Response (SIR) Table and Incidents and Tasks in the IBM SOAR platform.
- Create a SOAR Incident or Task from a ServiceNow Record in the Incident/SIR Table.
- Create a ServiceNow Record in the Incident/SIR Table from a SOAR Incident or Task.
- Sync notes between a related SOAR Incident or Task and a ServiceNow Record.
- Send Attachments from a SOAR Incident or Task to a related ServiceNow Record.
v2.3.0
- Verified on Washington DC and all previous ServiceNow releases
- Updated capabilities regarding integrating with SIR and SIT tables
- Ensure that SOAR-side app is running minimum 2.3.0 version
v2.1.0
- Verified on ServiceNow Tokyo release
- Verified on ServiceNow Vancouver release (use 2.1.0 or 2.2.0 from IBM App Exchange)
v2.0.9
- Support added for ServiceNow Security Incident Response (SIR)
- Support added for API Key authentication from ServiceNow to IBM SOAR
- AppHost support for proxies
- App renamed to IBM Security QRadar SOAR App
- Verified on ServiceNow San Diego release
v1.1.0
- Fixed bug in RES_WF_UpdateState Workflow Run Script
v1.0.0
- Initial release
- ServiceNow Instance with ITSM enabled and running a Washington DC or newer releases
- Access to the Incident Table in ServiceNow
- A user in ServiceNow with an admin role
- IBM SOAR >= v42.0.0
- An App Host with the ServiceNow App from the IBM App Exchange installed or an Integrations Server running resilient-circuits >= v31.0.0 with fn_service_now >= v2.3.0 installed
- If integrating with ServiceNow Security Incident Table, IBM SOAR App >= 2.3.0 and ServiceNow Security Incident Response with its dependencies are required. More information [here](https://www.servicenow.com/products/security-incident-response.html).
- If IBM SOAR is not publicly accessible (behind a firewall) a ServiceNow MID Server is required
- See ibm.biz/res-snow-docs for setting up your SOAR Appliance with this Integration