Integrating IBM Resilient

Overview

This guide outlines how to interwork IBM Resilient SOAR and Genian NAC using an IBM App leveraging REST API.

For more info on the REST API function in Genain NAC, refer to: API Guide

Resilient Circuit Overview

Genian NAC + IBM Resilient Interoperation

  • The events that trigger the app, and enforcement actions taken by Genian NAC are user configurable, and are not limited to those shown in this example.

  • Multiple instances of this integration may be configured to provide a flexible response to different threats.

    ../_images/int_IBM_resilient_app_process.png
  • The Genian NAC APP is installed on IBM Resilient and configured to call Genian NAC's API in the following sequence.

After an event occurs in IBM Resilient (identify the threat IP), it is delivered to the App.

[App starts]

  1. Genian NAC checks if the threat node IP is known.
  • If the IP is known: Proceed to the next step
  • If the IP is not known: App is ended after outputting the message'The node is not subject to management'
  1. Check the Genians Node ID associated with the IP address.
  2. Check if the Resilient enforcement Tag exists int Genian NAC Tag list.
  • If the tag exists: Proceed to the next step
  • If the tag does not exist: Create the tag and proceed to the next step
  1. Assign the tag to the threat node

[App operation end]

After the tag has been applied to the threat node, Genian NAC will perform the Enforcement Action that is configured as associated with the tag.

For Video Demonstration, see: Genian NAC Video Series

Installing The Genian NAC Extension on IBM Resilient

The Genian NAC app for IBM Resilient along with more detailed documentation can be found on the IBM App Exchange .