About the IBM Resilient integration#

The EclecticIQ Platform integration for IBM Resilient enables EclecticIQ Platform as a custom threat source service in IBM Resilient.

This integration helps automate incident response processes by making threats to your organization more visible, and by providing actionable contextual information to respond to them quickly and efficiently.

IBM Resilient scans EclecticIQ Platform for matching artifacts. Artifacts are pieces of evidence gathered during an investigation.

EclecticIQ Platform stores artifacts as observables.

Immediately after creating an artifact, IBM Resilient automatically queries EclecticIQ Platform for matches and for any available additional context. When IBM Resilient detects a match in EclecticIQ Platform, it can automatically create a sighting in the platform.

When the following artifact types are created in IBM Resilient, the system automatically searches the integrated EclecticIQ Platform instance for existing observables matching the new artifacts:

IBM Resilient artifact

Artifact type JSON field

DNS Name

net.name

Email Body

email

Email Recipient

email.header.to

Email Sender

email.header.sender_address

Email Subject

email.header

IP Address

net.ip

Malware MD5 Hash

hash.md5

Malware SHA-1 Hash

hash.sha1

Malware SHA-256 Hash

hash.sha256

Malware SHA-512 Hash

hash.sha512

URL

net.uri

URI Path

net.uri.path