Key Features

Automated investigations of incidents

Free up your time and let QRadar Advisor with Watson start the investigation for you. It starts by performing local data mining using observables in the incident to gather broader local context. Then it quickly assesses to see if threats bypassed your layered defenses or was blocked. With watch lists, you can also automate hunting for specific indicators to get a head start.

Artificial intelligence that reasons

Apply cognitive reasoning to identify the likely threat and connect threat entities related to the original incident such as malicious files, suspicious IP addresses, and rogue entities to draw relationships among these entities. Automatically tap into Watson for Cyber Security to apply external unstructured data including threat intelligence feeds, websites, forums, and more.

Identification of high priority risks

Get insights that show criticality of an incident, such as whether or not a malware has executed, with supporting evidence to focus your time on the higher risk threats. Then make a decision quickly on the best response method for your business.

Key insights on users and critical assets

Realize reach of threats and its effects on users and high valued assets. Gain visibility to suspicious behavior from insiders through integration with the User Behavior Analytics (UBA) App and understand how certain activities or profiles impact systems.

Customer case studies

  • QRadar Advisor with Watson: Sogeti Gets 50% Faster Analysis Times

  • Ronan Murphy, CEO Smarttech, talks Watson for Cyber Security - a Game Changer in the Industry

  • Case study image

    Cargills Bank - pioneering the use of cognitive security in Sri Lanka

    Read the case study

How customers use it

  • Quickly gather insights


    Accelerating analysis and freeing up analysts' time.


    Automatically investigate indicators of compromise and suspicious behaviors. Quickly gather insights by correlating millions of external sources against local data, while enabling analysts to focus on more complex parts of the response cycle.

  • Cognitive reasoning


    Visualizing the scope and severity of a threat.


    Apply cognitive reasoning to build relationships among discovered threat entities and get visibility into higher priority risks.

  • Faster response – now and in the future


    Possibly missing incidents due to false positives, false negatives, or by lack of automation.


    Use actionable information to make a decision on remediation. Ensure you don't miss incidents in the future by automatically adding discovered threat indicators to watch lists.

  • Focus on true positives


    Determining how prevalent active threats are, and If they are related.


    Easily see if related network events or flow communications related to a threat have gotten through, or if the traffic was blocked by your existing defenses network. Focus efforts on active threats.