Criminal IP, the AI-powered threat intelligence and attack surface intelligence platform, is now integrated with IBM QRadar SIEM and QRadar SOAR.
The integration brings external, IP-based threat intelligence directly into IBM QRadar’s detection, investigation, and response workflows, enabling security teams to identify malicious activity faster and prioritize response actions more effectively across SOC operations.
IBM QRadar is widely adopted by enterprises and public-sector organizations as a central platform for security monitoring, automation, and incident response. By embedding Criminal IP intelligence into QRadar SIEM and extending it into SOAR workflows, organizations can apply external threat context across the incident lifecycle without leaving the QRadar environment.
Real-Time Threat Visibility from Firewall Traffic Logs
With the Criminal IP QRadar SIEM integration, security teams can analyze firewall traffic logs and automatically assess the risk associated with communicating IP addresses. Traffic data forwarded into IBM QRadar SIEM is analyzed through the Criminal IP API and reflected directly inside the SIEM interface.
Also Read: Zscaler Acquires SquareX for Browser Security in AI Era
Observed IP addresses are automatically classified into High, Medium, or Low risk levels from a threat intelligence perspective. This allows SOC teams to quickly identify high-risk IPs, monitor inbound and outbound traffic, and prioritize response actions such as access blocking or escalation within the familiar QRadar SIEM workflow.
Interactive Investigation Without Leaving QRadar
Integrated Criminal IP lookup within IBM QRadar SIEM enables analysts to investigate suspicious IPs directly from traffic logs.
Beyond high-level visibility, the integration supports fast, in-context investigation. Analysts can right-click on IP addresses displayed in QRadar Log Activity to open a detailed Criminal IP report.
These reports provide additional context, including threat indicators, historical behavior, and external exposure signals, enabling analysts to validate risk and intent without switching tools. This streamlined workflow supports faster decision-making during time-sensitive investigations.
SOURCE: GlobeNewswire