Feature spotlights

Sense and detect fraud, insider and advanced threats

Deploy a single, highly scalable platform to reduce thousands of security events into a manageable list of suspected offenses. Collect logs and events from many sources including network assets, security devices, operating systems, applications, databases and identity and access management products. Pull network flow data, including Layer 7 (application-layer) data, from switches and routers.

Perform immediate event normalization and correlation

Optimize threat detection and compliance reporting by reducing billions of events and flows into a handful of actionable offenses and prioritize them according to business impact. Perform activity baselining and anomaly detection to identify changes in behavior associated with applications, hosts, users and areas of the network. Use IBM® X-Force® Threat Intelligence (optional) to identify activity associated with suspicious IP addresses, such as those suspected of hosting malware.

Sense, track and link significant incidents and threats

Simplify and enhance investigations by performing event and flow analysis using either near real-time streaming or historical data. Add IBM QRadar® QFlow and IBM QRadar VFlow Collector for deep insight and visibility into applications, databases, collaboration products and social media through deep packet inspection of Layer 7 network traffic.

Deploy QRadar SIEM on premises or in cloud environments

Collect events and flows from applications running both in the cloud and on-premises, or have IBM deploy, manage and maintain your QRadar infrastructure while your staff performs security threat management tasks.

Quickly and inexpensively add more storage and processing

Add QRadar Data Node plug-in storage capabilities to increase your local storage capacity, improve search performance when retrieving data for offense investigations and eliminate bottlenecks without increasing licensing terms.

Provide enforcement of data-privacy policies

Includes an intuitive reporting engine that does not require advanced database and report-writing skills. Provide the transparency, accountability and measurability to meet regulatory mandates and compliance reporting.

Enable threat-prevention collaboration and management

Permit access to the IBM Security App Exchange.

How customers use it

  • Complete visibility for traditional and cloud environments


    Lack of insight across multiple security environments.


    Gain centralized insight into logs, flow, and events across on premise, SaaS, and IaaS environments.

  • Real-time threat detection


    Not enough resources or hours to be constantly watching for threats.


    Out-of-the-box analytics automatically investigate logs and network flows to detect threats and generate prioritized alerts as attacks progress through the kill chain.

  • Eliminate manual tasks to empower analysts


    Manual tracking processes take up valuable analyst time, and pull analysts away from doing other work.


    Centrally see all events related to a particular threat in one place, eliminating manual tasks so analysts can focus on investigation and response.

  • Scalable, centralized and flexible platform


    Scaling out your security operations program over time, without requiring major infrastructure changes.


    Leverage the QRadar ecosystem to easily integrate with other solutions and quickly update capabilities.

Technical details

Software requirements

Java SDK: IBM Runtime Environment Java Technology edition 7.0.8 Security management: Tivoli Directory Integrator 7.1.7 Browser requirements:

  • Google Chrome 43 and future fix packs
  • Microsoft Internet Explorer 10 and future fix packs
  • Mozilla Firefox ESR 38 and future fix packs

Hardware requirements

There is no specific hardware requirements page for this product.

    Technical specifications

    QRadar SIEM requires Red Hat Enterprise Linux (RHEL) Server 6.

      See a complete list of technical specifications