Before you start with IBM QRadar SOAR#

Review this information about requirements and dependencies before installing EclecticIQ Intelligence Center Integration for IBM QRadar SOAR.


  • IBM QRadar SOAR platform version 47 or later.

  • EclecticIQ Intelligence Center version 3.0 or later.

  • The IBM QRadar SOAR and EclecticIQ Intelligence Center instances can communicate through HTTPS.

    By default, the communication protocol is TCP, and the corresponding port is 443.

  • You can access the IBM QRadar SOAR command line terminal, and you can run commands.

  • You can create integration users and groups in the EclecticIQ Intelligence Center instance.


The following additional components must be installed on the IBM Resilient instance:

To install the additional components:

  1. Open a terminal session.

  2. Run pip install:

    # IBM QRadar SOAR dependencies
    sudo pip install resilient_circuits
    sudo pip install rc-cts
    sudo pip install rc-webserver
    # Keyring password manager
    sudo pip install keyring
    # Alternate keyring backend implementations
    sudo pip install keyrings.alt

Integration user#

Optionally, it is possible to assign the integration a dedicated automation user.

For the integration to work as expected, the user must have administrator-level access rights.

When you configure the integration and edit the IBM QRadar SOAR app.config file, specify email address, password, and organization details related to this user.

To create a new IBM QRadar SOAR user:

  1. Open a terminal session in the IBM QRadar SOAR instance.

  2. Run the following command:

    # Replace the "[email protected]", "firstname", "lastname", and "orgname" placeholders with
    # actual values that apply to the user you are creating:
    # - A valid email address for the integration user.
    # - The integration user's name.
    # - The integration user's family name.
    # - The organization the integration user belongs to.
    sudo resutil newuser -createorg -email "[email protected]" -first "firstname" -last "lastname" -org "orgname"