On February 9th, 2026, Criminal IP, an AI-driven platform for threat and attack surface intelligence, announced its integration with IBM QRadar SIEM and SOAR systems in Torrance, California. This collaboration aims to enhance threat detection capabilities by seamlessly incorporating IP-based threat intelligence into QRadar’s workflows, thereby enabling quicker identification and prioritization of malicious activities.
Enhancing Security Operations with QRadar
IBM QRadar is a leading platform adopted by numerous enterprises and public sector entities for security monitoring and incident response. By integrating Criminal IP’s intelligence directly into QRadar SIEM and extending it into SOAR workflows, organizations gain the ability to apply external threat context throughout the incident lifecycle, without departing from the QRadar environment.
Analyzing Firewall Logs for Threat Detection
The integration allows security teams to analyze firewall traffic logs, automatically assessing risks associated with IP addresses. As data flows into IBM QRadar SIEM, it is processed through the Criminal IP API, providing a direct reflection of threat levels within the interface. IPs are categorized as high, medium, or low risk, aiding SOC teams in identifying and prioritizing threats efficiently.
This integration facilitates the monitoring of traffic, allowing for quick responses such as blocking access or escalating critical incidents within the familiar QRadar SIEM workflow.
Seamless Investigation and Response
Criminal IP’s integration with IBM QRadar offers an interactive investigation experience. Analysts can delve into suspicious IPs directly from traffic logs, accessing detailed Criminal IP reports with a simple right-click. These reports furnish additional context like threat indicators and historical behavior, streamlining the decision-making process during investigations.
Furthermore, Criminal IP extends its capabilities into QRadar SOAR, supporting automated threat enrichment. Through pre-constructed playbooks, IP addresses and URL artifacts are enriched with intelligence, assisting in effective incident response.
Criminal IP’s integration with QRadar SIEM and SOAR enhances detection accuracy and shortens investigation cycles, empowering organizations to make informed decisions swiftly.
Driving Intelligence-Driven Security
As the volume of security alerts grows, the collaboration between Criminal IP and IBM QRadar addresses the need for intelligence-driven detection and response. By bringing external threat context into SIEM and SOAR workflows, organizations can enhance their security operations without added complexity.
Byungtak Kang, AI SPERA CEO, emphasized the importance of real-time intelligence in modern security operations, highlighting Criminal IP’s role in boosting detection confidence and operational efficiency through this integration.
Criminal IP, developed by AI SPERA, is a prominent cyber threat intelligence platform used globally. It leverages AI and OSINT to deliver comprehensive threat scoring and reputation data, ensuring proactive threat management.
