Resilientlogo

Resilient

The Polarity - IBM Resilient integration searches the Resilient Incident Response Platform for incidents related to indicators on your screen. The integration can search across artifacts, incidents, tasks, and notes. Incident and tasks searches are full-text searches against all fields. Artifact searches are exact match searches against the artifact's value. Note searches are full-text searches against the content of the note. If a result is found, the integration will display information about the related incident. Incidents are deduplicated so that an incident is only shown a single time even if it has multiple matches. This allows analysts to quickly see when there are related tickets, enabling them to triage and close tickets faster and more efficiently.

IBM Resilient Solutions

Security Operations Centers: With the IBM Resilient integration SOC analysts can immediately know when an indicator is associated with other tickets or events that have occurred previously. Enabling analysts to quickly triage new tickets and take the correct actions when needed. The Polarity - IBM Resilient integration even allows SOC analysts to add notes directly to tickets.

Threat Hunting: Threat hunters can quickly know if there was an indicator they are investigating that has been associated with a ticket or event previously. Enabling the analyst to have the full picture when looking through indicators.

Configuring IBM Resilient

This integration requires you to complete a few extra steps in order to use it.

In order to use the Polarity - IBM Resilient integration, configuration of the integration is required.

Entity Types: Ips, domains, emails, file hashes

Configuration Options

Resilient Url - The base url used to access the instance of IBM Resilient. This is the same url that analysts will go to when logging into Resilient. This option is typically set by a Polarity admin for all Polarity users to utilize.

Resilient Username - Analysts username that is needed to log into IBM Resilient. This option may be set by a Polarity admin with a service account.

Resilient API Key - API Key used to connect to Resilient. Will need to be generated by a Resilient administrator. This option will only work if you do not have basic authentication turned on.

Resilient Password - Analysts password that is needed to log into IBM Resilient. This option may be set by a Polarity admin with a service account.

Types to Search - This option allows analysts what portions of IBM Resilient they want to Polarity integration to search. The options include: incidents, notes, tasks and artifacts. The analysts can select all or just one of the options. This option is typically set by a Polarity admin for all Polarity users to utilize.

**Ignore List or Ignore Regex **- Resilient Integration enables the ability to set a regex to match domains or ips to be ignored or add in a comma separated list, so the integration will never look them up in Flashpoint. This is typically used for sensitive information or company domains.