Resilient Extensions

A Resilient extension is a software package that extends the functionality of the Resilient platform. It can contain one or more Resilient components, external code component, or both. Resilient components include Python scripts, rules, workflows, functions and custom actions. An external code component can access and return external data, interact or integrate with other security systems, or be a utility that performs a specific action.

Typically, an extension is contained in a single zip or tar file that you download from the IBM Security App Exchange or the IBM Resilient Community apps repository on GitHub.

A Resilient extension can address a number of situations.

Playbook Extensions

The playbook has a number of components, including rules, workflows, Python scripts, custom fields, data tables and message destinations.

An extension can provide one or more components to address a specific circumstance. For example, IBM Resilient provides a Python script that parses incoming email messages, such as from a phishing email service. You deploy the script to your Resilient platform and customize it for your environment.

Functions typically contain multiple playbook components that address a specific integration or type of event.

For example, the LDAP Utilities function package contains multiple functions, each with example rules and workflows. Together, they initiate LDAP tasks from the Resilient platform to an external LDAP server and use the returned results to update incidents, artifacts, data tables and so on.

Integration Extensions

You add value by automating your information collection and dispersal by integrating your Resilient platform into your environment.


There are three general types of extensions that you can use to integrate with other systems:

IBM Resilient provides extensions that allow you to integrate with security apps such as QRadar, Splunk, and BigFix. Or you can develop your own.

Accessing Extensions

IBM Resilient provides a variety of extensions. You may be able to use some with very little modification, or use an extension to jump-start your own integration development.

If you are an IBM Technology Partner (Business Partner) or an IBM employee, you can download integration packages from the IBM Security App Exchange and the IBM Resilient Community apps repository on GitHub.

The IBM Resilient Community apps repository on GitHub is designed for developers to customize and share code, so it contains integration packages along with source code. The IBM Security App Exchange contains integration packages but not the source code. A number of integration packages appear in both locations.

See the Reference page for a list of communities and documentation.