SOAR Platform documentation and communities

The IBM® Documentation website contains all of the IBM Security® QRadar® SOAR product documentation.

In addition to the documentation, the following resources can help you learn more about using the SOAR Platform.

API reference documents are available in the product from the Help/Contact page of the SOAR Platform.
IBM SOAR DeveloperWorks web site provides information and methods for developing apps that you can integrate into IBM Security QRadar SOAR.
IBM Security Learning Academy provides various courses and tutorials, helpful articles, white papers and FAQs.
IBM Support provides helpful articles, white papers and FAQs.

SOAR Platform core documentation

The SOAR Platform IBM Docs collection includes the following documents to help you install and use IBM Security QRadar SOAR.

Document	Description
What's New	Also known as the Release Notes, this document contains details on the new features, enhancements, and bug fixes for the release.
Getting Started	Provides a high-level overview of the platform’s capabilities. It also describes the types of personas or roles and lists the relevant documentation and IBM Security communities for each role.
Virtual Appliance Installation Guide	Provides the procedures to install and configure the SOAR Platform VMWare package on a Red Hat® Enterprise Linux® (RHEL) server in your own environment.
Software Installation Guide	Provides the procedures to install and configure the stand-alone SOAR Platform on a Red Hat Enterprise Linux (RHEL) server in your own environment.
FIPS-Compliant Software Installation Guide	Provides the procedures to install and configure a FIPS-compliant SOAR Platform on a Red Hat Enterprise Linux (RHEL) server that is also configured for FIPS. This variation of the SOAR Platform adheres to standards in the Federal Information Processing Standard (FIPS) Publication 140-2 (FIPS PUB 140-2). To obtain a copy of this document, contact IBM Customer Support.
Disaster Recovery Guide	Provides the instructions to configure a Disaster Recovery (DR) system.
Sizing Guidelines	Provides system configuration recommendations to help deploy and maintain the SOAR Platform Virtual Appliance, which is provided as a virtual application (vApp) in Open Virtualization (.ova) format. The sizing guidelines in this document are not intended for use with the SOAR Platform stand-alone installation or the SOAR for MSSPs add-on.
System Administrator Guide	Provides SOAR Platform administrators with an introduction to the system’s administrative user interface and requirements. The document walks through a setup of a new organization and maintenance of organization-wide settings.
Playbook Designer Guide	Provides the information to create and maintain playbooks. A playbook is the set of tools, conditions, business logic, flows, and tasks that are used to respond to security events and threats in a SOAR Platform environment.
User Guide	Provides a detailed description of the SOAR Platform and the features that you use to respond to incidents.
App Host Deployment Guide	Provides the procedures to install, deploy, and run apps and associated App Hosts.
App Developer's Guide	Provides information to help programmers, testers, architects, and technical managers write apps that integrate the SOAR Platform with your organization’s existing security and IT investments.
Integration Server Guide	Provides the procedures to create and maintain an integration server, and deploy apps that are in the extension (.tar.gz) format.
SOAR for MSSP Configuration Guide	Provides the information that an IT administrator needs to configure and manage the SOAR Platform organizations when they use the SOAR for MSSPs add-on deployment feature.
SOAR for MSSP Add-on User Guide	Provides information for the response team to review and analyze incident data from all child organizations when they use the SOAR for MSSPs add-on deployment feature.

Documentation in an air-gap environment

If you are in an air-gap environment without access to the internet, you can install IBM Documentation Offline to view the product documentation. As a desktop application, it is available for macOS, Microsoft Windows, or Linux. An intranet version is also available.

For more information about installing IBM Documentation Offline, see IBM Documentation Offline (https://www.ibm.com/docs/en/offline).

Tip: Ensure that your browser does not automatically unzip the offline download. If it does, you cannot upload the collection to IBM Documentation Offline.

SOAR Platform REST API document and interactive tool

The REST API Reference Guide and interactive tool are available from the Help/Contact page in the SOAR Platform.

If you are developing an app and require access to the REST API, you can access the following documents and interactive tool:

REST API Reference. Provides reference material for interacting with the REST API.
Interactive REST API. It is a tool that provides developers interactive access to the IBM SOAR REST API.

Developer documentation and resources

There are several developer documents and resources available for developers who are developing programs to integrate with the SOAR Platform.

The following documents provide information to develop programs to interact with the SOAR Platform:

App Developer's Guide. Provides the information to develop and publish apps.
Custom Action Developer’s Guide (PDF). Provides the information to develop and publish custom actions by using Resilient® Circuits or the REST API directly.
Custom Threat Service Guide (PDF). Provides the information to provide artifact scanning from your own threat sources, or provide extra scanning beyond what the SOAR Platform provides. If you are creating your own user guide for your threat service, you can use the Template for Custom Threats User Guide, which is a Microsoft Word template, as a starting place.
Web URL Integration Guide (PDF). Provides the information to direct a user’s browser to specially constructed web URLs, where the user can be guided through automatic creation of an incident.

In addition, the Integration Server Guide provides the information to install and configure an integration server.

Communities and other resources

You can view the available apps but you must be an IBM Technology Partner (Business Partner) or an IBM employee to download the apps.

You can view the available apps from the following locations:

IBM Resilient Community Apps repository on GitHub. Provides access to library modules, community-provided apps, example scripts, and developer documentation.
IBM Security App Exchange. Provides access to the SOAR community apps on IBM X-Force®. You can download functions and apps from the IBM X-Force Community App Exchange. You must have an account to download apps.
IBM Security Partner Ecosystem. Introduction to IBM Security and the IBM Security App Exchange.
IBM Security Community. Latest news, announcements and event information, plus discuss ideas and problems with other developers.
Script examples. Example scripts and rules for use in SOAR playbooks.