IBM Security QRadar Log Insights
A fast and highly scalable cloud-native log management and security observability solution on AWS
Explore the interactive demo
Screenshot showing security insights dashboard in IBM Security QRadar software
Security within reach

IBM Security® QRadar® Log Insights can help you gain complete visibility over your exponential and continuously growing digital footprint. Designed to address security observability needs with simple data ingestion, rapid search and powerful visualization, it's optimized to perform analytics on data with greater efficiency, providing faster insights. Plus, with the "AWS Built-in" designation, you can trust that QRadar Log Insights has been independently verified by AWS to include automated configuration elements across foundational cloud domains. 

  • Extract, investigate and pull data from anywhere
  • Perform multiple, concurrent searches on large data subsets in seconds
  • Detect, investigate and plan action against threats faster with smart, interactive dashboards and analytics
Don't let Blind Spots Spook You

Closing the breach window, from data to action

Benefits Near-real-time visibility into the expanding digital footprint

Gain enhanced security insights with comprehensive visibility across data sources and repositories using hundreds of ready-made connectors.

Accelerated investigation, fast response

Respond faster with AI-powered risk prioritization, automated threat investigation with recommended actions, and search capability at sub-second speed.

Cost-effectivene security operations

Control costs and eliminate overages with efficient storage, 'ingestionless' federated search, flexible retention and straightforward pricing for dependable planning.

QRadar Log Insights + AWS

Accelerate and simplify your cloud journey with a turn-key, built-in solution deployed seamlessly by the AWS Marketplace.

Shorten time to value and reduce misconfigurations
Through Infrastructure as Code, roles and permissions are programmatically set up in the AWS IAM Identity Center, and AWS Control Tower is used to configure QRadar Log Insights by using AWS best practices for multi-account environments.
Increase investigation speed with security data visualization
With Amazon GuardDuty and QRadar Log Insights you can integrate all your data sources from other clouds and on-premises environments and have access to all your data quickly in one place to detect, investigate and plan action against threats faster.
Accelerate threat detection with faster search-based investigation across the hybrid cloud
AWS CloudTrail tracks the who, what, where and when of an activity that occurs in your AWS environment. When these audit logs are integrated into QRadar Log Insights, you can search events across your AWS and hybrid cloud environments in seconds to identify possible malicious behavior or misconfigurations in your environment.
Unified analyst experience helps increase productivity
Actionable dashboards and powerful search capabilities with built-in threat intelligence enrichment, federated search and case management allow more time for strategic analysis and threat hunting. The unified analyst experience is built specifically for the demands of today’s security operations and hybrid cloud environments.

More than just a log manager

What do I hunt? Stop spending hours researching the latest threats. QRadar Log Insights helps you find threats by using the latest malicious IP addresses, URLs and malware file hashes. It applies threat intelligence to both manual investigations and automatically-created cases. QRadar Log Insights leverages Sigma Rules and uses Kestrel Threat Hunting as the AI base component. The AI model acts as a security analyst who knows exactly what to hunt for.

What does it mean? After threat intelligence capabilities identify risky behavior or critical threats, QRadar Log Insights aligns the data to the MITRE ATT&CK framework, which reduces the triage process to minutes. You can quickly identify which TTPs are used and filter through the supporting data for more information and details.

What do I need to do about it? Powered by AI, QRadar Log Insights provides recommendations based on industry best practices should your system identify a threat. 

Features Elastically scalable ingestion

Scale terabytes of data in minutes with low-latency ingestion on the AWS Cloud.

Advanced intuitive KQL

Build, troubleshoot and minimize detection time with KQL. 

Data explorer

Find the answers you need fast from streaming data.

Grafana plug-in

Fast and flexible. Visualize your data anyway you want with dashboards that are most meaningful to you.


QRadar Log Insights offers straightforward pricing for reliable planning, starting at USD 2.14 per GB/day and incorporating volume-based discounts. Additionally, it provides flexible retention options for cost-effective compliance record management.

What is included

All capabilities are available at any ingestion volume. Retention up to 90 days is included in the standard offering.

Add-ons available

Extend data retention beyond the initial 90 days to meet compliance requirements, starting at USD 0.11 GB/day.


Simplify budget planning and approval with a predictable cost structure that offers several advantages. This includes minimizing overage costs by not using peak pricing and adopting a per-day average instead.

Frequently asked questions

QRadar Log Insights includes the ability to detect threats by using threat intelligence where discovered indicators result in new alerts, and from scheduled searches run against the data warehouse. Log Insights also includes the QRadar unified analyst workflow that enables users to quickly triage and respond to alerts.

Yes, QRadar Log Insights can generate alerts from KQL and STIX queries, as well as from threat intelligence updates by using threat intelligence insights.

Yes, Log Insights goes beyond a standard log management product to provide recommended actions according to search-based alerts and automated investigation functionalities.

A SIEM will collect, analyze and correlate data to detect threats. Log Insights will ingest, normalize and store data in one location for analysts to easily search and make decisions about an environment’s health. Essentially, a SIEM provides actionable alerts whereas a log manager brings data together, allows for quick search and offers flexible storage options at a lower price point.

Users must acquire the license and install Grafana and then configure the QRadar KQL Plugin.

Related products IBM Security® QRadar® SIEM
QRadar SIEM correlates, tracks and identifies related activity throughout a kill chain to prioritize critical threats.
IBM Security® QRadar® EDR
QRadar EDR provides security analysts with deep visibility across the endpoint ecosystem. Integrate your endpoints with QRadar SIEM with no impact to your EPS count.
IBM Security® QRadar® SOAR
QRadar SOAR orchestrates and automates responses to the high-fidelity alerts that SIEM identifies and provides actionable insight on remediating threats.
IBM Security® Intelligence Operations and Consulting Services
Assess your threat strategies, unite security operations and response, improve your security posture and migrate to the cloud confidently.
Take the next step

Visit the AWS Marketplace to purchase or sign up to request a live demo.

Buy on AWS Marketplace Book a demo