About the IBM Resilient integration#
The EclecticIQ Platform integration for IBM Resilient enables EclecticIQ Platform as a custom threat source service in IBM Resilient.
This integration helps automate incident response processes by making threats to your organization more visible, and by providing actionable contextual information to respond to them quickly and efficiently.
IBM Resilient scans EclecticIQ Platform for matching artifacts. Artifacts are pieces of evidence gathered during an investigation.
EclecticIQ Platform stores artifacts as observables.
Immediately after creating an artifact, IBM Resilient automatically queries EclecticIQ Platform for matches and for any available additional context. When IBM Resilient detects a match in EclecticIQ Platform, it can automatically create a sighting in the platform.
When the following artifact types are created in IBM Resilient, the system automatically searches the integrated EclecticIQ Platform instance for existing observables matching the new artifacts:
IBM Resilient artifact |
Artifact type JSON field |
|---|---|
DNS Name |
net.name |
Email Body |
|
Email Recipient |
email.header.to |
Email Sender |
email.header.sender_address |
Email Subject |
email.header |
IP Address |
net.ip |
Malware MD5 Hash |
hash.md5 |
Malware SHA-1 Hash |
hash.sha1 |
Malware SHA-256 Hash |
hash.sha256 |
Malware SHA-512 Hash |
hash.sha512 |
URL |
net.uri |
URI Path |
net.uri.path |