Use Cases

Using Resilient extensions to integrate with your existing IT security solutions, the Resilient platform provides a centralized platform for cyberattack investigation and remediation. Orchestrated response with intelligent automation across tools unlocks the value of your cyber security investments and makes your team smarter and faster.

There are levels of integration from the relatively simple to more complex and tightly integrated systems. The level of integration depends on your use case.

Monitoring and Escalation

When a significant event occurs, applications connect to the Resilient platform using the REST API to escalate incidents from email, SIEMs, ticketing systems, and other sources, and include artifacts such as IP addresses, file hashes, URLs, usernames and machine names.

Identification and Enrichment

Automatic threat intelligence lookups, workflows and menu-driven actions deliver valuable context, reduce time to identify scope and impact, enabling a rapid, decisive response. Trigger sandbox evaluation and build rules to act on the results. Search logs and endpoints and make decisions based on the data. Include CMDB and directory information to help analysts make accurate assessment of severity and impact. Pivot on these critical data elements to dynamically adjust the way your team responds.

Containment, Response and Recovery

Based on trigger conditions, or based on manual actions, the system can send notifications or initiate external activities to contain and adjust your security posture as a part of your response playbook.

Communication and Coordination

By integrating beyond the SOC, users can coordinate a fast and effective incident resolution from the platform. Integrate bi-directionally with ticketing and service management, smart notifications, communication platforms and other business applications.

IBM Resilient provides a number of extensions to fit these use cases. You can download and deploy them to your Resilient platform then customize them to fit your needs. If you like to create your own extension, join the community to find helpful documentation and engage with experts.

See the Reference page for a list of communities and documentation.