CRIMINAL IP has announced its integration with IBM QRadar SIEM and QRadar SOAR, bringing external, IP-based threat intelligence directly into IBM’s detection, investigation and response workflows. The partnership enables real-time threat visibility by allowing security teams to analyse firewall traffic logs and automatically assess risk levels for IP addresses via the Criminal IP API, with results shown inside the SIEM interface.
Observed IPs are categorised as High, Medium or Low risk, helping SOC teams prioritise actions such as access blocking or escalation without leaving QRadar. Analysts can also investigate suspicious IPs from traffic logs by opening a detailed Criminal IP report directly within QRadar, which includes threat indicators, historical behaviour and exposure signals.
In QRadar SOAR, two pre-built playbooks enrich IP addresses and URL artefacts, returning results as artefact hits or incident notes to expedite incident response. According to AI SPERA CEO Byungtak Kang, the integration underlines the importance of real-time, exposure-based intelligence in modern SOC environments.