Skip to Main Content
IBM Security Ideas Portal

Shape the future of IBM Security

We invite you to shape the future of IBM, including the product roadmap, by submitting enhancement ideas that matter to you the most.

Here's how it works:

Post your ideas

Start by posting ideas and requests to enhance a product or service. Take a look at ideas others have posted and vote for them if they matter to you,

  1. Post an idea

  2. Vote for ideas that matter most to you

  3. Get feedback from the IBM team to refine your idea

Help IBM prioritize your ideas and requests

The IBM team may need your help to refine the ideas so they may ask for more information or feedback. The offering manager team will then decide if they can begin working on your idea. If they can start during the next development cycle, they will put the idea on the priority list. Each team at IBM works on a different schedule, where some ideas can be implemented right away, others may be placed on a different schedule.

Receive notification on the decision

Some ideas can be implemented at IBM, while others may not fit within the development plans for the product. In either case, the team will let you know as soon as possible. In some cases, we may be able to find alternatives for ideas which cannot be implemented in a reasonable time.

Post an Idea

To post a new idea - click on the "Add a new idea" button and where asked select the appropriate category this idea relates to. Provide requested information to allow us to get a better understanding of your request.

"Missing" Security Products?

If you cannot find the IBM Security product you are looking for then it is probably located in the IBM Security Private Ideas Portal. Check that site to open an idea.

Idea visibility

All ideas submitted via this portal are visible to all other portal users, though personal information fields remain hidden. If you would rather have your idea visible to only you and IBM then use the IBM Security Private Ideas Portal instead.

Please note: The purpose of the Ideas Portal is to tap the creativity of the IBM Security community so that we can enhance our products for everyone! If you need to report a defect or get help, please use our normal support channel. Click here to open a support ticket.

Want to see all of your IBM ideas in one place? Find them at



Indicators of compromise / artifacts

Showing 51 of 3465

Allow Notes on Attachments

I would like to have, if possible, the chance to create notes in attachments the same way I can create a note in a Task or Artifact. This way, if I am doing an analysis of a file I can be adding the information in a note and if in a future I need ...
over 4 years ago in QRadar SOAR / Collaboration / Indicators of compromise / artifacts 10 Future consideration

Add TLP Classification Level to Artifacts, with Associated Behavior

In order to use Resilient in an MSSP environment, we would like to be able to classify the confidentiality of each artifact according to the Traffic Light Protocol, and use this classification to configure the relating functionalities of Resilient...
over 4 years ago in QRadar SOAR / Indicators of compromise / artifacts 8 Future consideration

Highlight artifacts and attachments in notes

Resilient could auto-highlight the artifacts that have been added, in the notes. This would help to indicate where other potential artifacts seen in notes, are still needed to be added to artifacts, and vice versa.
about 4 years ago in QRadar SOAR / Indicators of compromise / artifacts 1 Future consideration

Automatically update data tables without requiring refresh

When you add an artefact for automatic/manual lookup, and upon the action is complete, it requires a hard-refresh to have the data-tables populated with results. Is there a way to enable an auto-refresh, the moment an action is complete?
over 4 years ago in QRadar SOAR / Indicators of compromise / artifacts 0 Future consideration

Ability to extend the scheme of the artifacts

We need the ability to add diffrent fields to the artifacts. Same as we can extend the scheme of the incident we need to create custom fields to the artifacts. This can be used to indicate the status of the artifact is blocked or allowed. Also mig...
over 4 years ago in QRadar SOAR / Indicators of compromise / artifacts 11 Future consideration

Unrestrict URL scheme for URL artifacts

When creating a URL artifact in IBM SOAR, the platform appears to enforce the following restriction: The URL's scheme must be either "http://", "https://" or "ftp://" When an analyst tries to create an incident from our SIEM that contains a URL ar...
4 months ago in QRadar SOAR / Indicators of compromise / artifacts 0 Future consideration

Threat Intelligence feed should be configurable to specify type of artifacts which should be searched against it

Not all artefact types are relevant for all threat intelligence feeds. This needs to be configurable either at threat source configuration (indicating which artefacts should be checked) or at artefact level (indicating which feeds should be checked).
over 4 years ago in QRadar SOAR / Indicators of compromise / artifacts 7 Future consideration

Allow built-in artifacts to accept multiple values / multiline input, and create multiple artifacts at once

Some out-of-the-box Resilient artifacts allow me to paste in a list of values, and will create a bunch of artifacts all at once. But some don't - it'd be helpful to be able to paste in a list of email addresses or file hashes.
over 4 years ago in QRadar SOAR / Indicators of compromise / artifacts 9 Future consideration

Pre-Configurable View-Filter for the Artifacts Widget

The Artifacts widget can be placed into various parts of the GUI (tabs, tasks, create wizzard etc.). However, it would be handy to preconfigure the types of artifacts displayed. For example, if we have a task related to IP addresses and want the o...
10 months ago in QRadar SOAR / Indicators of compromise / artifacts / Look & feel 0 Future consideration

Artifact Widget Pre-set Filter

It would be awesome if we could pre-set the filter on the artifact widget, especially when adding the artifact widget to a task. Our use case: we have a task with instructions to look at all the URLs in the incident. We would typically add the art...
about 1 year ago in QRadar SOAR / Indicators of compromise / artifacts 0 Future consideration