Powerful customizable tool but only when it's configured correctly
What do you like best?
IBM resilient soar is good platform when we consider automation in process. We have integrated this tool with IBM Qradar. Best part is that it can automate the security incidents directly without human interference. We can do part of automation which we want to automate, their are lots of functionalities in this tool itself. Incidents can be created automatically or manually. We can integrate the other API also. This tool helps in saving the time and meeting the SLA.
What do you dislike?
This tool is best when all the configuration is done correctly otherwise you will face number of small problems. It's a powerful but it needs time for proper setup. As we have integrated resilient with Qradar, when we do some changes in Qradar, resilient stops working because of some error. This happens frequently. So we have to fix this number of times. Sometimes Qradar data tables not generate in resilient so that creation of incidents stops for a while.
Recommendations to others considering the product:
Resilient is best automation tool for the quick generation of incidents. It helps in creation of major and critical incidents generation within SLA. But we cannot compare it with human analysis and investigation. It helps only generation of incidents with some details. After that analyst have to do actual investigation for the case.
What problems are you solving with the product? What benefits have you realized?
Sometimes resilient fails to fetch data from Qradar which stops the incident creation. This problem we are solving with the resilient.
