IBM Security™ QRadar® SIEM features

Fully integrated NDR

Get higher fidelity, detailed and actionable alerts from threats. SIEM anchors the analytics to an event or log data while NDR monitors network flows.

SIEM and NDR better together (377 KB)

700+ integrations

Transform your security practice from “in the dark” to proactive detection and response with a broad range of tightly integrated add-on offerings.

Learn more

Automatic parsing and normalizing of logs

Quickly onboard custom log sources for analysis, detect and create new log sources based on incoming event data.

Data Action case study

1,500 out-of-the-box use cases aligned to MITRE ATT&CK

Identify and correlate activities throughout the kill chain, obtain end-to-end visibility into a single alert and get global day-1 faster detection.

Learn more about Use Case Manager

Intuitive, automatic query builder

Leverage built-in smart property detection and AQL query builds, quickly search and pinpoint valuable data without having to write rules and code.

Read the blog

User behavior analytics

Gain greater visibility into insider threats, uncover anomalous behavior, quickly identify risky users and generate meaningful insights.

Learn more

Threat intelligence and support for STIX/TAXII

Pull in additional threat intelligence feeds and deploy the data to create custom rules for correlation, searching and reporting.

View latest X-Force intel

Breadth of services

Quantify and prioritize your risks, detect and respond to threats and unify your organization with industry-leading assessments and strategies.

Learn more

How it works

Visibility, detection, investigation and response

Enable real-time threat detection through greater visibility across your environments,
improved use case management, user behavior analytics and threat intelligence.

Visibility across environments

Problem: Lack of visibility across IT environments that span on-premises, cloud and SaaS applications.

Solution: Gain high-fidelity alerts from QRadar SIEM 450+ log sources, integrations and network flows across on-premises, cloud-based and external IP-sourced attacks.
screenshot showing QRadar SIEM visibility across environment

Use case management

Problem: Understand if use cases in your SIEM holistically cover an attack chain.

Solution: See a summary of use cases in your SIEM by MITRE ATT&CK tactic and technique. Add or update use cases based on tuning recommendations unique to your environment. Review which rules are finding alerts in your environment.
screenshot showing a dashboard of use case manager on QRadar SIEM

User Behavior Analytics (UBA)

Problem: How to determine normal versus malicious employee behavior.

Solution: Machine learning determines baseline user and peer group behavior to detect suspicious anomalies and send alerts on potential insider threats or compromised hosts.
 
screenshot of QRadar SIEM showing a dashboard

Threat intelligence

Problem: How to automatically detect the latest threats in your environment without spending hours researching the latest threats.

Solution: Find threats by leveraging the latest malicious IP addresses, URLs and malware file hashes from X-Force Threat Intelligence and other threat intelligence sources.
Offenses dashboard view in IBM Security QRadar software

Compliance

IBM QRadar SIEM meets these compliance regulations

QRadar SIEM helps your organization show evidence of compliance and declaration of conformity with applicable regulatory statues and internal audits for the environments that QRadar SIEM is monitoring.  QRadar SIEM adheres to rigorous security, availability, and privacy frameworks, and complies with a range of industry-standard certifications and governance including:

  • Common Criteria
  • FIPS140-2 (Level 1)
  • STIG / Hardening
  • ISO 27001
  • Section 508 VPAT reports

See product accessibility reports

Requirements

IBM QRadar SIEM can help you meet your compliance requirements

IBM recognizes the critical importance of compliance and up-to-date certifications for clients relying on our product capabilities to secure their data and comply with regulatory requirements.

QRadar SIEM provides default-setting compliance packages for General Data Protection Regulation (GDPR), the Federal Information Security Management Act (FISMA), Sarbanes-Oxley (SOX), HIPAA, ISO 27001**, Payment Card Industry Data Security Standard (PCI DSS) and more. All are available in the IBM Security App Exchange and are included free of charge with a QRadar SIEM license. QRadar SIEM integrates with our IBM Security QRadar SOAR solution to provide a proactive, fast, and intelligent response to data privacy breaches. IBM Security QRadar SOAR supports over 180 privacy regulations worldwide, so your security teams can integrate privacy reporting tasks into their overall incident response playbooks, and collaborate with privacy and legal teams to address regulatory requirements.

These include:

Frequently asked questions

Are there prerequisites to installing User Behavior Analytics (UBA)?

Yes. If running on a QRadar SIEM console, the UBA app requires a minimum of 64 GB or up to 128 GB of memory. Additionally, consider the deployment of a QRadar SIEM app host to access the full benefits of running the UBA app with the machine learning app enabled.

How do I get my organization's data into UBA?

UBA integrates directly into QRadar SIEM, leveraging the existing user interface and database. All enterprise-wide security data remains in one central location and analysts can tune rules, generate reports and connect data as part of their SIEM experience.

Does UBA integrate with my other tools?

Since UBA shares the same underlying database as QRadar SIEM and NDR, any data source that is ingested by QRadar SIEM can be surfaced and leveraged in UBA.

What is the UBA architecture?

UBA is packaged as a collection of 3 apps—an LDAP app that helps ingest and coalesce users' identity information, a UBA app that helps visualize data and analytics, and a machine learning app that provides a library of machine learning algorithms used to create behavioral models of users' activities.

What is anomaly detection?

Anomaly detection is a technique used to identify unusual patterns that do not conform to normal behavior and differ significantly from most of the data. UBA builds a baseline of normal behavior from a user’s and similar users’ (peers) events and then uses that baseline to detect anomalous behavior.

What is a risk score?

A risk score is the numeric measure of the potential harmfulness of a user's activity. Each anomalous behavior that is detected by UBA impacts an individual user's risk score.

How long does it take for the machine learning models to train?

Upon installation, machine learning algorithms ingest the previous 4 weeks of data from the QRadar database and can take up to 1 week to build the baseline models of normal user behavior.

Can UBA be deployed in QRadar SaaS (QRadar on cloud)?

The UBA app can be deployed in QRadar SaaS, software or cloud deployments.

How much does the UBA app cost?

The UBA app is offered to QRadar clients at no additional cost.

Where can I go for help with UBA?

IBM Support has dedicated resources who can help with high priority issues. The UBA app includes a help and support section for using the LDAP, UBA and machine learning analytics apps.

How does IBM protect user information in UBA?

As with all QRadar applications and modules, the data is encrypted at rest.

Next steps

Request a demo

Schedule time today with one of our experts to get a custom tour of IBM Security QRadar SIEM.

Read the solution brief

Explore the powerful capabilities of QRadar SIEM in more depth. (348 KB)

Get a price estimate now

Estimate the cost of your QRadar SIEM solution using our pricing estimator.

Footnotes

* Please contact your sales representative for GDPR and CCPA as these requirements differ for each customer.

** ISO 27001 Operational certification available for QROC (SaaS).   Software deployments are reliant on customer operational practices.