Home Security QRadar SOAR Integrations for IBM QRadar SOAR
IBM QRadar SOAR integrations are part of an open integration framework and supported by IBM and leading security companies
Visit the IBM App Exchange Request a demo of QRadar SOAR
Illustration of purple, blue, light blue discs stacked horizontally
Empower security teams to be more efficient

Bring together people, processes and technologies to accelerate threat enrichment, investigation and response. QRadar SOAR offers 300+ of enterprise-grade, bidirectional integrations with third-party security solutions as well as broader IT and DevOps tools.

Installation and deployment of applications only takes minutes with AppHost, QRadar SOAR’s integration infrastructure that containerizes integrations and brings integration management into the web user interface.

QRadar SOAR helps make security alerts instantly actionable. With the SOAR solution, analysts can use dynamic playbooks for a step‑by‑step guided response while improving collaboration and accelerating response times.

There are hundreds of applications and add-ons available that are fully supported by IBM or trusted partners, ready for you to use.

Explore the IBM App Exchange
How we help businesses succeed QRadar SOAR's vast integrations ecosystem is designed to work with your existing security infrastructure and empower your SOC's response processes. 300+  

Over 300 integrations available on the IBM App Exchange.

 

7x

7 times faster response possible with dynamic playbooks that integrate with your existing security tools.

 

190+

More than 190 technical alliance program partners helping develop an open application ecosystem.

 

The power of QRadar SOAR Integrations Leverage the breadth of the ecosystem

Use hundreds of no-cost integrations and content packs available on the IBM App Exchange, including the industry’s most widely-adopted security solutions.

Accelerate incident response

Automate security actions with easily integrated third-party tools and perform threat enrichment on incidents before security analysts begins their work.

 

Maximize your team's talent and skills

Eliminate the need to learn new security tools. Use your existing tech stack by connecting your own tools with 300+ of integrations from the IBM App Exchange.

 

Security intelligence and event management (SIEM)

Integrate IBM QRadar SIEM or third-party SIEM applications with QRadar SOAR to escalate and manage offenses seamlessly.

Search the application directory IBM QRadar SIEM

Empowers SecOps teams to more quickly and efficiently detect, investigate and respond to threats. Offenses in IBM QRadar SIEM are escalated to IBM QRadar SOAR for further enrichment and remediation; all within a single console. 

IBM SOAR QRadar Plugin App
Splunk

Provides automatic and manual escalation of Splunk alerts and notable events to the QRadar SOAR Platform, along with easy incident mapping.

QRadar SOAR add-on for Splunk
Microsoft Azure Sentinel

Allows bidirectional synchronization between QRadar SOAR and Microsoft Azure Sentinel. Sentinel entities are exposed as artifacts for further investigation.

Microsoft Azure Sentinel for QRadar SOAR
Rapid7 InsightIDR

Provides bidirectional synchronization between InsightIDR alerts and QRadar SOAR. Security analysts can leverage out-of-the-box playbooks while information on alerts, (including the alert evidence) that triggered the investigation, are retained in the Rapid7 InsightIDR Alerts data table. 

Rapid7 InsightIDR for SOAR
The power of SIEM plus SOAR
Combine intelligence and insights with automation and integration Together, IBM QRadar SIEM and QRadar SOAR deliver end-to-end threat management that can accelerate incident response by combining accurate threat detection, case management, orchestration and automation, plus artificial and human intelligence. QRadar SOAR offers case management, dynamic playbooks with customizable and automated workflows, and a robust ecosystem of third-party integrations that let analysts use information from QRadar SIEM and efficiently respond to incidents. Read the solution brief
Endpoint detection and response (EDR)

Integrate IBM QRadar EDR or third-party EDR applications with QRadar SOAR to escalate alerts originating from users, endpoint devices and IT assets.

Search the application directory IBM QRadar EDR

Allows bidirectional synchronization of QRadar EDR, formerly ReaQta, alerts to QRadar SOAR. Additional functions include list and kill endpoint processes, isolate the endpoint, synchronize notes and close events.

QRadar EDR for QRadar SOAR
SentinelOne

Queries for SentinelOne threats and create incidents in QRadar SOAR. Security analysts can sync notes, update case status, and execute remediation actions on SentinelOne incidents. 

SentinelOne for IBM SOAR
Crowdstrike

Imports CrowdStrike Detections or indicators of compromise (IOCs) into QRadar SOAR, so you can automate your security playbooks and view a wide range of incidents.

CrowdStrike Falcon Insight and Threat Intel
Cybereason

Uses the power of the Cybereason Platform within QRadar SOAR. Automatically import high fidelity alerts, investigate and respond to incidents within the SOAR workflow. 

Cybereason Endpoint Protection Platform
IT service management (ITSM)

Integrate IBM or third-party collaboration and ITSM applications to enhance communication and coordination with QRadar SOAR.

Search the application directory Salesforce Service Cloud

Supports stronger collaboration across Enterprise ITOps and SecOps teams. ITOps teams can leverage bi-directional synchronization between Salesforce Service Cloud and QRadar SOAR to escalate incidents to SecOps teams.

Salesforce for IBM SOAR
ServiceNow

Empowers ITOps and SecOps teams to collaborate during an incident. This integration allows for bi-directional syncrhonization of incidents, tasks, notes, and attachments enabling the SecOps and ITOps teams to be aligned during critical security events.

ServiceNow Functions for IBM SOAR
Jira

Allows for the tracking of QRadar SOAR Incidents and Tasks as Jira Issues with bidirectional links for easy navigation.

Atlassian Jira Functions for QRadar SOAR
IBM Security integrations

IBM QRadar SOAR supports integrations with offerings from the IBM Security portfolio.

Explore the IBM Security portfolio IBM QRadar SIEM

Threat detection and prioritization for real-time visibility.

Explore QRadar SIEM
IBM QRadar EDR

Secure endpoints from cyberattacks, detect anomalous behavior and remediate in near real time.

Explore QRadar EDR
IBM Guardium

Uncover vulnerabilities and protect sensitive on-premises and cloud data.

Explore Guardium
IBM Security Verify

Identity and Access management (IAM) solutions for the hybrid, multi-cloud enterprise.

Explore Verify
IBM Security MaaS360

Manage and protect your mobile workforce with AI-driven unified endpoint management (UEM).

Explore MaaS360
IBM X-Force

Build and manage an integrated IT security program.

Explore X-Force
IBM QRadar and IBM FlashSystem Safeguarded Copy

Learn more about the advanced cyber resilience that IBM can provide with IBM QRadar and SafeGuarded Copy (SGC) on IBM FlashSystem arrays using Storage Virtualize.

Explore Cyber Resilience
Community applications

Developed by customers, partners or IBM services organizations, these applications undergo functional and security testing before getting published. They are supported through the IBM QRadar SOAR user community.

Visit the QRadar SOAR community
See SOAR Integrations in action

Schedule time to speak with an expert or view integrations on the IBM App Exchange.

Explore the IBM App Exchange
More ways to explore Documentation Support Community Partners Resources