IBM® QRadar® SIEM consolidates log events and network flow data from thousands of devices, endpoints and applications distributed throughout a network. It normalizes and correlates raw data to identify security offenses, and uses an advanced Sense Analytics engine to baseline normal behavior, detect anomalies, uncover advanced threats, and remove false positives. As an option, this software incorporates IBM X-Force® Threat Intelligence which supplies a list of potentially malicious IP addresses including malware hosts, spam sources and other threats. IBM QRadar SIEM can also correlate system vulnerabilities with event and network data, helping to prioritize security incidents.


  • Provides real-time visibility to the entire IT infrastructure for threat detection and prioritization
  • Reduces and prioritizes alerts to focus security analyst investigations on an actionable list of suspected, high probability incidents
  • Enables more effective threat management while producing detailed data access and user activity reports
  • Operates across on-premises and cloud environments
  • Produces detailed data access and user activity reports to help manage compliance
  • Offers multi-tenancy and a master console to help managed service providers provide security intelligence solutions in a cost-effective manner

Provides real-time visibility

  • Senses and detects inappropriate use of applications, insider fraud, and advanced low and slow threats that can be lost among millions of daily events
  • Collects logs and events from several sources including network assets, security devices, operating systems, applications, databases, and identity and access management products
  • Collects network flow data, including Layer 7 (application-layer) data, from switches and routers
  • Obtains information from identity and access management products and infrastructure services such as Dynamic Host Configuration Protocol (DHCP); and receives vulnerability information from network and application vulnerability scanners

Reduces and prioritizes alerts

  • Performs immediate event normalization and correlation for threat detection and compliance reporting
  • Reduces billions of events and flows into a handful of actionable offenses and prioritizes them according to business impact
  • Performs activity baselining and anomaly detection to identify changes in behavior associated with applications, hosts, users and areas of the network
  • Uses IBM X-Force Threat Intelligence optionally to identify activity associated with suspicious IP addresses, such as those suspected of hosting malware

Enables more effective threat management

  • Senses and tracks significant incidents and threats, providing links to all supporting data and context for easier investigation
  • Performs event and flow data searches in both real-time streaming mode or on a historical basis to enhance investigations
  • Enables the addition of IBM QRadar QFlow and IBM QRadar VFlow Collector appliances for deep insight and visibility into applications (such as enterprise resource management), databases, collaboration products and social media through deep packet inspection of Layer 7 network traffic
  • Detects off-hours or unusual use of an application or cloud-based service, or network activity patterns that are inconsistent with historical usage patterns
  • Performs federated searches throughout large, geographically distributed environments
  • Delivers security intelligence in cloud environments
  • Provides SoftLayer cloud installation capability
  • Collects events and flows from applications running both in the cloud and on-premises
  • Produces detailed data access and user activity reports
  • Tracks all access to customer data by username and IP address to ensure enforcement of data-privacy policies
  • Includes an intuitive reporting engine that does not require advanced database and report-writing skills
  • Provides the transparency, accountability and measurability to meet regulatory mandates and compliance reporting

Offers multi-tenancy and a master console

  • Allows managed service providers to cost-effectively deliver security intelligence using a single console to support multiple customers
  • Leverages either on-premises or cloud-based deployments