Getting Started

The Resilient Incident Response Platform is, essentially, a central hub for incident responses. Resilient users or systems integrated with the platform enter incidents into the Resilient platform. Once entered, the dynamic playbook implements your response plan. Typical use cases include incident escalation — creating a new incident based on an external event — and enrichment, automation, and reporting.

A Resilient extension is a software package that extends the functionality of the Resilient platform. It can contain one or more Resilient components, an external code component, or both. Resilient components include Python scripts, rules, workflows, functions and custom actions. An external code component can access and return external data, interact or integrate with other security systems, or be a utility that performs a specific action.

What do you want to do?

Are you a playbook designer?

This person customizes the dynamic playbook in the Resilient Incident Response Platform so that it implements the group’s response plan.

A dynamic playbook is the set of rules, conditions, business logic, workflows and tasks used to respond to an incident. The Resilient platform updates the response automatically as the incident progresses and is modified.

Start with the Start with the Resilient Incident Response Platform Playbook Designer Guide. It provides all the information you need to design a playbook. You can find this guide within the Resilient platform by clicking the Help/Contact menu. You can also find the guide on the IBM Knowledge Center. (This link takes you to a page where you can choose the version of the Resilient platform.)

IBM Resilient provides extensions for your playbook, including scripts, rules and workflows. For example, you can download and deploy a Python script that associates incoming email from a phishing service to an existing incident, or creates a new incident if one does not exist.

Are you a systems integrator?

Using Resilient extensions to integrate with your existing IT security solutions, the Resilient platform provides a centralized platform for cyberattack investigation and remediation. Orchestrated response with intelligent automation across tools unlocks the value of your cyber security investments and makes your team smarter and faster.

IBM Resilient provides a number of extensions that you can deploy to help you smoothly integrate your security systems with the Resilient platform.

There are various types of extensions, and the ones you use depend on your use case and your specific security systems.

You can view the available Resilient extensions from the following location. However, you must be an IBM Technology Partner (Business Partner) or an IBM employee to download the extensions. If developing functions or Python-based custom actions, you need also the Resilient integration server to download and deploy these extensions.

Do you need to write your own?

The Resilient platform is built on the REST API. It provides comprehensive access to platform capabilities: to read and write incident data, and also to perform a wide range of administrative functions. The REST API gives you access to all the incident data, including tasks, data tables, notes, milestones, artifacts and file attachments, and is supported by documentation, client libraries and example code for Python, .NET and Java.

There are various types of extensions, and the ones you use depend on your use case and your specific security systems.

If using Python, the Resilient Circuits framework helps you write the Python code that performs the integration logic for functions or custom actions by generating a Python package with a boilerplate implementation. If developing functions or Python-based custom actions, you also need the Resilient integration server.

Before starting, check our apps on GitHub. The site is designed for developers to customize and share code, so it contains library modules, community-provided extensions (and source code), example scripts, and developer documentation. You may be able to get a jump-start on your own integration.

Make sure to keep up with the latest announcements and events: