Criminal IP is now integrated with IBM QRadar SIEM and QRadar SOAR, bringing AI-powered, IP-based threat intelligence directly into QRadar detection, investigation, and response workflows. The integration provides real-time IP risk scoring from firewall logs, in-context investigations inside QRadar, and automated SOAR enrichment to speed prioritization and response. #CriminalIP #IBMQRadar
Keypoints
- Criminal IP now integrates with IBM QRadar SIEM and QRadar SOAR to embed external IP-based intelligence into QRadar workflows.
- Firewall traffic forwarded to QRadar is analyzed via the Criminal IP API and IPs are classified as High, Medium, or Low risk.
- Analysts can perform in-context investigations by right-clicking IPs in QRadar Log Activity to open detailed Criminal IP reports.
- Pre-built QRadar SOAR playbooks (IP Threat Service and URL Threat Service) automate enrichment and return results as artifact hits or incident notes.
- AI- and OSINT-powered threat scoring and reputation data for C2 servers, IOCs, VPNs, proxies, and URLs improve detection accuracy and response efficiency.