Skip to Main Content
IBM Security Ideas Portal

Shape the future of IBM Security

We invite you to shape the future of IBM, including the product roadmap, by submitting enhancement ideas that matter to you the most.

Here's how it works:

Post your ideas

Start by posting ideas and requests to enhance a product or service. Take a look at ideas others have posted and vote for them if they matter to you,

  1. Post an idea

  2. Vote for ideas that matter most to you

  3. Get feedback from the IBM team to refine your idea

Help IBM prioritize your ideas and requests

The IBM team may need your help to refine the ideas so they may ask for more information or feedback. The offering manager team will then decide if they can begin working on your idea. If they can start during the next development cycle, they will put the idea on the priority list. Each team at IBM works on a different schedule, where some ideas can be implemented right away, others may be placed on a different schedule.

Receive notification on the decision

Some ideas can be implemented at IBM, while others may not fit within the development plans for the product. In either case, the team will let you know as soon as possible. In some cases, we may be able to find alternatives for ideas which cannot be implemented in a reasonable time.

Post an Idea

To post a new idea - click on the "Add a new idea" button and where asked select the appropriate category this idea relates to. Provide requested information to allow us to get a better understanding of your request.

"Missing" Security Products?

If you cannot find the IBM Security product you are looking for then it is probably located in the IBM Security Private Ideas Portal. Check that site to open an idea.

Idea visibility

All ideas submitted via this portal are visible to all other portal users, though personal information fields remain hidden. If you would rather have your idea visible to only you and IBM then use the IBM Security Private Ideas Portal instead.

Please note: The purpose of the Ideas Portal is to tap the creativity of the IBM Security community so that we can enhance our products for everyone! If you need to report a defect or get help, please use our normal support channel. Click here to open a support ticket.

Want to see all of your IBM ideas in one place? Find them at



Privacy / data breach response

Showing 11 of 3464

Disable deprecated X-XSS-Protection header

Hi there, Regarding the X-XSS-Protection security header in the SOAR platform, we would like to propose for the value of this header could be configured to be "0" instead. This has been recommended by OWASP, as well as our third-party auditor. Att...
10 months ago in QRadar SOAR / Privacy / data breach response 0 Future consideration

Create a calendar option that you can not select future dates when building new fields

Prevents the creator or the process that creates an incident ticket, not to be able to select a future date. This is something our Privacy team is requesting. We can limit this on a web form, but I don't see this option when creating a new field t...
almost 3 years ago in QRadar SOAR / Privacy / data breach response 1 Not under consideration

Customize reports to the level where a field name can be selected, like the Incident filter

This allows a report builder to have the information in fields to be on the report. Such as a Remediation List, where the user could select this field and it display the value in the report. Even though this filed might be in a section that has th...
almost 3 years ago in QRadar SOAR / Privacy / data breach response / Reporting & metrics 4 Not under consideration

Put every recipient of every System notification in the emails' BCC by default

In regards to data privacy there is a need to not allow users to see who else has received this email. This could be configurable but the important part here is the BCC possibility.
over 3 years ago in QRadar SOAR / Email / Privacy / data breach response 1 Not under consideration

Allow reference and population of privacy fields for all product areas

Allow the business rules to reference fields in Privacy module to trigger actions or orchestrations. Use case: If Breach in Germany is checked, add task for Germany DPO. Allow business rules to populate fields in privacy module based on incident...
almost 4 years ago in QRadar SOAR / Privacy / data breach response 1 Future consideration

localize privacy related task

In the new version of V31, it was first localize version of Resilient IRP. That's amazing! However, privacy related task, breach and etc.. was not localized on this version. Actually, privacy modules are not only very keen for English speaker but ...
about 4 years ago in QRadar SOAR / Privacy / data breach response 1 Not under consideration

Subcategories in phases (subphases)

I would like to be able to add subcategories to individual phases to make it more clean and clear for the analysis as well as to organise the tasks better.
about 4 years ago in QRadar SOAR / Privacy / data breach response / Process design 2 Future consideration

Have the abiltiy to create our Company Legal notification tasks (which would be showing up as the System tasks)

Now the Legal tasks are limited to Privacy breaches, while in eg the Financial sector, a lot of other legal notifications are applicable. We want to be able to create our OWN sector or country notifications which come on top of the Resilient once....
over 4 years ago in QRadar SOAR / Privacy / data breach response / Process design 1 Not under consideration

Improvements to Privacy Layouts/Tasks – Allow Content Tagging

Identify all Privacy related content and Tag them to allow for ease of update and protection from unintentional changes which could lead to incorrect operation of the Privacy Module and its Liability assessments. Since Resilient maintains this con...
over 4 years ago in QRadar SOAR / Look & feel / Privacy / data breach response 0 Not under consideration

Allowing the "Source of Data" field on the Breach section to be populated after incident is created

The sources may not be fully known when the incident is created and our organization is not utilizing the Breach questions during incident creation, but instead incorporating it into our current CyberIncident process. The workaround would be ineff...
over 4 years ago in QRadar SOAR / Privacy / data breach response 1 Not under consideration