Integrating IBM Resilient
Overview
This guide outlines how to interwork IBM Resilient SOAR and Genian ZTNA using an IBM App leveraging REST API.
For more info on the REST API function in Genain ZTNA, refer to: API Guide
Resilient Circuit Overview
Genian ZTNA + IBM Resilient Interoperation
The events that trigger the app, and enforcement actions taken by Genian ZTNA are user configurable, and are not limited to those shown in this example.
Multiple instances of this integration may be configured to provide a flexible response to different threats.
The Genian ZTNA APP is installed on IBM Resilient and configured to call Genian ZTNA's API in the following sequence.
After an event occurs in IBM Resilient (identify the threat IP), it is delivered to the App.[App starts]
- Genian ZTNA checks if the threat node IP is known.
- If the IP is known: Proceed to the next step
- If the IP is not known: App is ended after outputting the message'The node is not subject to management'
- Check the Genians Node ID associated with the IP address.
- Check if the Resilient enforcement Tag exists int Genian ZTNA Tag list.
- If the tag exists: Proceed to the next step
- If the tag does not exist: Create the tag and proceed to the next step
- Assign the tag to the threat node
[App operation end]
After the tag has been applied to the threat node, Genian ZTNA will perform the Enforcement Action that is configured as associated with the tag.
For Video Demonstration, see: Genian ZTNA Video Series
Installing The Genian ZTNA Extension on IBM Resilient
The Genian ZTNA app for IBM Resilient along with more detailed documentation can be found on the IBM App Exchange .