Identify gaps and fine tune your environment with IBM Security QRadar Use Case Manager

Feature spotlights

Ingest vast amounts of data from on-prem and cloud sources

Provides insights into on-premises and cloud-based resources and applies business context to that data to maximize relevant threat and risk insights.

Applies built-in analytics to accurately detect threats

Analyzes network, endpoint, asset, user, vulnerability and threat data to accurately detect known and unknown threats that others miss. Built-in analytics help shorten time-to-value without requiring data science experts.

Correlate related activities to prioritize incidents

Uniquely identifies and tracks related activities throughout the kill chain so analysts can have end-to-end visibility into a potential incident from a single screen.

Automatically parses and normalizes logs

Automatically makes sense of data from disparate sources and provides a easy-to-use editor to quickly on-board custom log sources for analysis.

Threat intelligence and support for STIX/TAXII

Includes threat intelligence from IBM X-Force and enables customers to integrate additional threat intelligence feeds of their choice via STIX/TAXII.

Integrates out-of-the-box with 450 solutions

Fosters an ecosystem by providing over 450 out-of-the-box integrations, APIs and an SDK to help customers ingest data faster, gain deeper insights and extend the value of existing solutions.

Flexible architecture can be deployed on-prem or on cloud

Offers multiple deployment options to meet a variety of needs. The solution can be delivered as hardware, software or virtual machines for on-premises or IaaS environments. Start with an all-in-one solution or scale up to a highly distributed model across multiple network segments and geographies.

Highly scalable, self-tuning and self-managing database

Enables customers to focus on security operations instead of system management and helps reduce the total cost of ownership. A self-tuning and self-managing database can scale to support the largest organizations without requiring dedicated database admins.

How customers use it

  • Screen shot of QRadar SIEM dashboard

    Complete visibility for traditional and cloud environments


    Lack of insight across multiple security environments.


    Gain centralized insight into logs, flow, and events across on premise, SaaS, and IaaS environments.

  • Screen shot of offense report generated by QRadar SIEM

    Eliminate manual tasks to empower analysts


    Manual tracking processes take up valuable analyst time, and pull analysts away from doing other work.


    Centrally see all events related to a particular threat in one place, eliminating manual tasks so analysts can focus on investigation and response.

  • Real-time threat detection


    Not enough resources or hours to be constantly watching for threats.


    Out-of-the-box analytics automatically investigate logs and network flows to detect threats and generate prioritized alerts as attacks progress through the kill chain.

  • Illustration of a scalable, centralized and flexible platform

    Scalable, centralized and flexible platform


    Scaling out your security operations program over time, without requiring major infrastructure changes.


    Leverage the QRadar ecosystem to easily integrate with other solutions and quickly update capabilities.

Technical details

Technical specifications

QRadar SIEM requires Red Hat Enterprise Linux (RHEL) Server 6.

Software requirements

Java SDK: IBM Runtime Environment Java Technology edition 7.0.8Security management: Tivoli Directory Integrator 7.1.7Browser requirements:

  • Google Chrome 43 and future fix packs
  • Microsoft Internet Explorer 10 and future fix packs
  • Mozilla Firefox ESR 38 and future fix packs

Hardware requirements

There is no specific hardware requirements page for this product.