Security QRadar SIEM Threat Intelligence Platform
Infuse the power of experts in IBM Security QRadar SIEM with threat intelligence feeds
Request a demo Get the 2024 Threat Intelligence Index
Person writing on whiteboard in office
Stay ahead of cybercrime 

Destabilizing events such as the global pandemic or the war in Ukraine create opportunities for cyber criminals to thrive. Every day, new threats emerge, and at the same time, criminals find smarter routes to access your company’s assets and data. Embracing automation in cybersecurity processes can help in efficiently identifying and mitigating these evolving threats, safeguarding your organization's integrity and resilience.

Adapting in real time takes vast amounts of threat intelligence and time. IBM® X-Force® operates in over 170 countries and manages the security operations for thousands of customers. This visibility into the worldwide threat landscape, feeds the X-Force® Threat Intelligence Platform used by IBM Security® QRadar® SIEM to identify threats in your company.

How can you automatically detect the latest threats in your environment without spending hours on research? 

Use global research and data from the IBM X-Force Threat Intelligence Platform to stay up to date on the latest trending threats and enhance your threat detection capabilities.

Unlock the power of QRadar SIEM for:
  1. Advanced threat detection: Use AI-driven insights for rapid threat identification.

  2. Threat hunting: Turn disparate threat data into real time action to uncover lurking threats.

  3. Ransomware defense: Stay ahead of fast-moving cyberattacks with proactive measures.

  4. Compliance assurance: Seamlessly showcase adherence to regulatory standards and internal audits.

Download the Threat Intelligence app
How it works

The IBM X-Force Threat Intelligence Platform included with QRadar SIEM uses aggregated X-Force® Exchange data.1 Additionally, it offers the option to integrate data from other threat intelligence feeds to provide enrichment and enhance your organization's ability to stay ahead of emerging threats and exposure to the latest vulnerabilities. These functionalities empower security analysts to bolster their organization's cybersecurity posture and proactively defend against potential breaches.  

Prioritize incidents
 by type

The threat intelligence platform detects
 events such as:

  • Serial attempted logins for a dynamic range of IP addresses
  • Anonymous proxy connections to a business partner portal
  • Connections between an internal endpoint and known botnet command and contro
  • Communication between endpoints and known malware distribution sites
  • Cyber threat intelligence reports on malicious IP addresses and phishing campaigns
Rate incidence types by risk value

When assessing and categorizing incidents by risk value, it's crucial to consider the impact of false positives on the overall accuracy of the risk assessment process. Threat intelligence enables proactive identification and prioritization of new incident types in QRadar by risk value, integrating them seamlessly with other security data to swiftly mitigate potential threats. For example, you can import public collections of dangerous IP addresses from IBM X-Force Exchange and then create a rule to raise the magnitude of any offense that includes IP addresses from that watch list.

Keep your intelligence current

To keep your threat intel current, regularly update your firewall configurations based on the latest threat intelligence to help ensure robust protection against evolving cyberthreats. QRadar SIEM uses the latest malicious IP addresses, URLs and malware file hashes from IBM X-Force Threat Intelligence and other threat intelligence sources so that your SIEM platform can proactively detect and mitigate the world’s latest critical and advanced threats.

What's included
IBM Advanced Threat Protection Feed by X-Force 

The IBM Advanced Threat Protection Feed by X-Force Exchange delivers a defined set of actionable indicators for direct ingestion into security tools and solutions. You can view, search and update the feed.

Explore advanced threat protection feeds

Support for STIX and TAXII 

STIX and TAXII are the machine-readable, easily automated communication standards used to share information about cyber threats.  Structured Threat Information eXpression (STIX) defines the information included in the threat intelligence, while Trusted Automated eXchange of Intelligence Information (TAXII) defines how that information is relayed. The IBM Threat Intelligence Platform supports your company to upload and download threat information to the global networks in STIX and TAXII formats.

Export to STIX

IBM X-Force Exchange API (commercial and enterprise)

The exchange API, whether commercial or enterprise, allows you to collaborate with peers in a worldwide community, aggregate global research and act on threat intelligence together.  

View the X-Force Exchange

The IBM Threat Intelligence Platform for QRadar SIEM can integrate with threat intelligence services.

Explore integrations Crowdstrike Falcon Intel

Intelligence provided by CrowdStrike's elite team of threat analysts, security researchers, cultural experts and linguists helps you stay ahead of adversaries.

Learn more about the integration
Mandiant Advantage

The Mandiant Advantage app for QRadar brings Mandiant's frontline intelligence to QRadar, highlighting indicators of compromise (IOCs) in your network and letting you identify and explore the ones that matter the most.

Learn more about the integration
Cofense Intelligence

Cofense Intelligence provides security teams with context around the criminal infrastructure to extend beyond expected IOCs, enabling teams to see an adversary's full operation as opposed to one-offs that change rapidly.

Learn more about the integration
ZeroFox Alerts

ZeroFox provides enterprises with protection, intelligence and disruption to identify and dismantle external threats in one comprehensive platform.

Learn more about the integration

IntSights delivers up-to-date IOCs, so you can continuously synchronize your network and security solutions for faster incident response and threat workflows.

Learn more about the integration
Related products IBM Security QRadar SIEM

Identify and prevent advanced threats and vulnerabilities from disrupting business operations.

IBM Security® QRadar® SIEM User Behavior Analytics (UBA)

Gain greater visibility into insider threats, uncover anomalous behavior, quickly identify risky users and generate meaningful insights.

IBM Security® QRadar® Log Insights

Accelerate insights from fast-growing log volumes with cloud-scale ingestion, fast queries and visualizations.

IBM Security® QRadar® SOAR

Take the complexity out of response by providing a unified experience that works with your existing business processes.

Resources IBM X-Force Threat Intelligence Index 2024

Explore insights and observations obtained from monitoring over 150 billion security events per day in more than 130 countries.

Global Security Operations Center Study Results

To assess the state of today’s security operations and gain critical insight into key trends, pain points and best practices, IBM surveyed 1,000 global SOC team members.

QRadar SIEM and QRadar SOAR integration

See how the QRadar SIEM and QRadar SOAR products come together to accelerate response times and reduce analyst workload.

Take the next step

Schedule time to get a custom demonstration of QRadar SIEM or consult with one of our product experts.

Request a demo
More ways to explore Documentation Support Community Partners Resources
  • Allows you to use the X-Force Threat Intelligence data in QRadar correlation rules and AQL.