IBM Security® QRadar® Log Insights can help you gain complete visibility over your exponential and continuously growing digital footprint. Designed to address security observability needs with simple data ingestion, rapid search and powerful visualization, it's optimized to perform analytics on data with greater efficiency, providing faster insights. Plus, with the "AWS Built-in" designation, you can trust that QRadar Log Insights has been independently verified by AWS to include automated configuration elements across foundational cloud domains.
Closing the breach window, from data to action
Gain enhanced security insights with comprehensive visibility across data sources and repositories using hundreds of ready-made connectors.
Respond faster with AI-powered risk prioritization, automated threat investigation with recommended actions, and search capability at sub-second speed.
Control costs and eliminate overages with efficient storage, 'ingestionless' federated search, flexible retention and straightforward pricing for dependable planning.
Accelerate and simplify your cloud journey with a turn-key, built-in solution deployed seamlessly by the AWS Marketplace.
Scale terabytes of data in minutes with low-latency ingestion on the AWS Cloud.
Build, troubleshoot and minimize detection time with KQL.
Find the answers you need fast from streaming data.
Fast and flexible. Visualize your data anyway you want with dashboards that are most meaningful to you.
QRadar Log Insights offers straightforward pricing for reliable planning, starting at USD 2.14 per GB/day and incorporating volume-based discounts. Additionally, it provides flexible retention options for cost-effective compliance record management.
All capabilities are available at any ingestion volume. Retention up to 90 days is included in the standard offering.
Extend data retention beyond the initial 90 days to meet compliance requirements, starting at USD 0.11 GB/day.
Simplify budget planning and approval with a predictable cost structure that offers several advantages. This includes minimizing overage costs by not using peak pricing and adopting a per-day average instead.
QRadar Log Insights includes the ability to detect threats by using threat intelligence where discovered indicators result in new alerts, and from scheduled searches run against the data warehouse. Log Insights also includes the QRadar unified analyst workflow that enables users to quickly triage and respond to alerts.
Yes, QRadar Log Insights can generate alerts from KQL and STIX queries, as well as from threat intelligence updates by using threat intelligence insights.
Yes, Log Insights goes beyond a standard log management product to provide recommended actions according to search-based alerts and automated investigation functionalities.
A SIEM will collect, analyze and correlate data to detect threats. Log Insights will ingest, normalize and store data in one location for analysts to easily search and make decisions about an environment’s health. Essentially, a SIEM provides actionable alerts whereas a log manager brings data together, allows for quick search and offers flexible storage options at a lower price point.
Users must acquire the license and install Grafana and then configure the QRadar KQL Plugin.