Threat intelligence 
Infuse the power of experts in IBM Security® QRadar® SIEM with threat intelligence feeds
Request a demo Download the 2023 Threat Intelligence Index
Person writing on whiteboard in office
Stay ahead of cybercrime 

Destabilizing events such as the global pandemic or the war in Ukraine create opportunities for cyber criminals to thrive. Every day new threats emerge, and at the same time, criminals find smarter routes to access your company’s assets and data.

Adapting in real time takes vast amounts of threat intelligence and time. IBM® X-Force® operates in over 170 countries and manages the security operations for thousands of customers. This visibility into the worldwide threat landscape, feeds the X-Force® Threat Intelligence Platform used by IBM Security QRadar SIEM to identify threats in your company.

How can you automatically detect the latest threats in your environment without spending hours on research? 

Use global research and data from the IBM X-Force Threat Intelligence Platform to stay up to date on the latest trending threats. 

Download the Threat Intelligence app
How it works

The IBM X-Force Threat Intelligence Platform included with QRadar SIEM uses aggregated X-Force® Exchange data1. You can also integrate data from other threat intelligence feeds to help your organization stay ahead of emerging threats and exposure from the latest vulnerabilities.  

Prioritize incidents
 by type

Threat intelligence detects
 events such as:

  • Serial attempted logins for a dynamic range of IP addresses
  • Anonymous proxy connections to a business partner portal
  • Connections between an internal endpoint and known botnet command and control
  • Communication between endpoints and known malware distribution sites
Rate types of incidences by risk value

Threat intelligence allows you to rank new types of incidences in QRadar by risk value, integrating them seamlessly with other security data. For example, you can import public collections of dangerous IP addresses from IBM X-Force Exchange and then create a rule to raise the magnitude of any offense that includes IP addresses from that watch list.

Keep your intelligence current

QRadar SIEM uses the latest malicious IP addresses, URLs and malware file hashes from IBM X-Force Threat Intelligence and other threat intelligence sources, so that your SIEM platform can detect the world’s latest critical and advanced threats.

What's included
IBM Advanced Threat Protection Feed by X-Force 

The IBM Advanced Threat Protection Feed by X-Force Exchange delivers a defined set of actionable indicators for direct ingestion into security tools and solutions. You can view, search and update the feed.

Explore advanced threat protection feeds

Support for STIX and TAXII 

STIX and TAXII are the machine readable, easily automated communication standards used to share information about cyberthreats. STIX (Structured Threat Information eXpression) defines the information included in the threat intelligence, while TAXII (Trusted Automated eXchange of Intelligence Information) defines how that information is relayed. The IBM Threat Intelligence Platform supports your company to upload and download threat information to the global networks in STIX and TAXII formats.

Export to STIX

IBM X-Force Exchange API (commercial and enterprise)

The exchange API, whether commercial or enterprise, allows you to collaborate with peers in a worldwide community, aggregate global research and act on threat intelligence together.  

View the X-Force Exchange

The IBM Threat Intelligence Platform for QRadar SIEM can integrate with threat intelligence services.

Explore integrations Crowdstrike Falcon Intel

Intelligence provided by CrowdStrike's elite team of threat analysts, security researchers, cultural experts and linguists helps you stay ahead of adversaries.

Learn more about the integration
Mandiant Advantage

The Mandiant Advantage app for QRadar brings Mandiant's frontline intelligence to QRadar, highlighting indicators of compromise (IOCs) in your network and letting you identify and explore the ones that matter the most.

Learn more about the integration
Cofense Intelligence

Cofense Intelligence provides security teams with context around the criminal infrastructure to extend beyond expected IOCs, enabling teams to see an adversary's full operation as opposed to one-offs that change rapidly.

Learn more about the integration
ZeroFox Alerts

ZeroFox provides enterprises with protection, intelligence and disruption to identify and dismantle external threats in one comprehensive platform.

Learn more about the integration

IntSights delivers up-to-date IOCs so you can continuously synchronize your network and security solutions for faster incident response and threat workflows.

Learn more about the integration
Take the next step

Schedule time to get a custom demonstration of QRadar SIEM or consult with one of our product experts.

Request a demo
More ways to explore Documentation Support Community Partners Resources
  • 1Allows you to use the X-Force Threat Intelligence data in QRadar correlation rules and AQL