IBM opens QRadar analytics platform so developers can share apps

IBM is opening its QRadar security analytics platform to allow customers to share applications they build, hoping the move will increase IT security in a world of increasingly complex threats.

“We thought opening up the platform so people could share applications would add a huge amount of benefit to the overall user base and capabilities,” Paul Eisner, the company’s director of development, security intelligence and managed security services, said in an interview. “The bad guys are collaborating, so the good guys need to collaborate as well.”

To help developers a toolset has been created that can be accessed through IBM’s developerWorks portal, using new APIs for QRadar. Then the apps can be published on the new IBM Security App Exchange. To help push momentum IBM and several of its partners have created free apps with new capabilities to the platform to seed the exchange.

These include

  • the Exabeam User Behavior Analytics app, which integrates user-level behavioral analytics and risk profiling from Exabeam into the QRadar dashboard. This real-time view of user risk allows companies to detect subtle behavioral differences between a normal employee and an attacker using that same credential.
  • a new IBM-developed app lets QRadar users pull in any threat intelligence feed using the open standard STIX and TAXII formats, and use this data to create custom rules for correlation, searching, or reporting. For example, users could bring in public collections of dangerous IP addresses from IBM’s X-Force Exchange and create a rule to raise the magnitude of any offense that includes IP addresses from that watch list.
  • another app allows QRadar to analyze data from users of Bit9 + Carbon Black endpoint software, improving the ability to detect and respond to endpoint attacks.
  • the IBM Incident Overview App allows users to better visualize all of the offenses within QRadar using bubbles, colors and correlation lines. The size and color of the bubble indicates the magnitude of the incident, while lines drawn between bubbles indicate shared IP addresses among the linked incidents. This type of intuitive visualization approach helps security analysts to quickly identify common elements between incidents and better prioritize important incidents.

Other vendors who have developed apps include Resilient Systems and Brightpoint

The open platform comes as part of the new QRadar v. 7.2.6, which also includes improvements in search speed and links to IBM’s BigFix vulnerability manager.

QRadar is a security information and event management (SIEM) platform that competes against Hewlett Packard’s ArcSight, Splunk Enterprise, Intel Corp.’s McAfee Enterprise Security Manager, LogRhythm and many others.

Opening QRadar is part of an IBM  [NYSE: IBM] strategy to encourage organizations to share threat information. Earlier this year it opened its X-Force Exchange database of some 700 Terabytes of threat data it has gathered over the years for users to research. To keep it from being downloaded  by criminals, users can only search one IP address at a time. IBM said over 1,000 organizations have registered to use the exchange.


Would you recommend this article?


Thanks for taking the time to let us know what you think of this article!
We'd love to hear your opinion about this or any other story you read in our publication.

Jim Love, Chief Content Officer, IT World Canada

Featured Download

Howard Solomon
Howard Solomon
Currently a freelance writer, I'm the former editor of and Computing Canada. An IT journalist since 1997, I've written for several of ITWC's sister publications including and Computer Dealer News. Before that I was a staff reporter at the Calgary Herald and the Brampton (Ont.) Daily Times. I can be reached at hsolomon [@]

Featured Articles

Cybersecurity in 2024: Priorities and challenges for Canadian organizations 

By Derek Manky As predictions for 2024 point to the continued expansion...

Survey shows generative AI is a top priority for Canadian corporate leaders.

Leaders are devoting significant budget to generative AI for 2024 Canadian corporate...

Related Tech News

Tech Jobs

Our experienced team of journalists and bloggers bring you engaging in-depth interviews, videos and content targeted to IT professionals and line-of-business executives.

Tech Companies Hiring Right Now