Feature spotlights

Detects insider threats based on user behavioral anomalies

User behavior analysis and fine-grained machine learning algorithms can detect when users deviate from normal activity patterns or behave differently from their peers. QRadar UBA creates a baseline of normal activity and detects significant deviations to expose both malicious insiders and users whose credentials have been compromised by cyber criminals.

Generates detailed risk scores for individual users

Risk scores dynamically change based on user activity, and high-risk users can be added to a watch list. Security analysts can easily drill down to view the actions, offenses, logs and flow data that contributed to a person’s risk score. This helps shorten the investigation and response times associated with insider threats.

Integrates seamlessly with QRadar Security Analytics

QRadar UBA integrates directly into the QRadar Security Analytics solution, leveraging the existing QRadar user interface and database. All enterprise-wide security data can remain in one central location, and analysts can tune rules, generate reports and integrate with complementary Identity and Access Management solutions – all without having to learn a new system or build a new integration.

Available from the IBM Security App Exchange

QRadar UBA is packaged as a downloadable app that is independent of the platform’s formal release cycles. All current QRadar clients can add this app to QRadar version 7.2.8 or higher to begin seeing a user-centric view of activity within their networks.

How customers use it

  • Gain visibility into insider threats

    Gain visibility into insider threats


    Detecting cyberattacks, prioritizing security incidents, and effectively responding.


    Uncover anomalous behaviors to more quickly and effectively identify rogue insiders and cyber criminals using compromised credentials.

  • Extend QRadar security features

    Extend QRadar security features


    Investigate any user's anomalous behavior from the individual user details page of the UBA App.


    The UBA dashboard is an integrated part of the QRadar console and helps extend existing capabilities to better identify high-risk users.

  • Improve analyst productivity


    Determining the overall health of your environment and the risks that user pose in it.


    Apply machine learning to generate users’ risk scores, identify high-risk users and only raise alerts on the riskiest activities to provide early warning of a threat without overwhelming analysts.

  • Accelerate time to value


    Being able to quickly access and action risks.


    Generate meaningful insights within 24 hours. QRadar clients can download and install the UBA app quickly and easily from the IBM Security App Exchange.

Technical details

Software requirements

All current QRadar clients can add this app to their QRadar version All current QRadar clients can add this app to their QRadar version 7.2.8 or higher releases to begin seeing a user-centric view of what is happening within their networks.

Supported web browsers:

  • Mozilla Firefox 45.2 Extended Support Release
  • Google Chrome (Latest)

Hardware requirements

Users will need a QRadar SIEM console with 128 GB of memory.

    Technical specifications

    You must install IBM® QRadar 7.2.8 or later before you install the QRadar UBA app.

      You may also be interested in

      Explore these related products in the QRadar family:

      IBM QRadar SIEM

      Protects assets and information from threats using contextual insights

      Learn more

      IBM QRadar Advisor with Watson

      Applies AI to investigate IOCs and provide context into threats.

      Learn more

      IBM QRadar Network Insights

      Inspects network traffic in real-time to expose hidden threats.

      Learn more

      IBM QRadar on Cloud

      Provides a SaaS version of QRadar SIEM, hosted in the IBM Cloud.

      Learn more

      See how it works

      Learn more