Criminal IP, the artificial intelligence-powered threat intelligence platform and attack surface intelligence platform, has announced its integration with IBM QRadar SIEM and QRadar SOAR that can provide security operations center (SOC) professionals with the ability to bring external threat intelligence in the form of IP-related data into their workflows to identify and counter potential security breaches. The integration allows firewall traffic log files to be automatically investigated via the Criminal IP API through the interface of QRadar SIEM to automatically identify IP addresses that can be graded and assigned a level of High, Medium, or Low risk to aid in SOC response actions. Integrated Criminal IP lookup capabilities within QRadar enable analysts to investigate suspicious IPs directly from traffic logs, accessing detailed reports that include threat indicators, historical behavior, and external exposure signals, without switching tools, thereby accelerating decision-making during time-sensitive investigations.
Also Read: Alteryx and Google Cloud Expand Strategic Partnership to Empower Analytics on BigQuery
In addition to SIEM enrichment, the integration extends to QRadar SOAR workflows with pre-built playbooks Criminal IP: IP Threat Service and Criminal IP: URL Threat Service that apply threat context to IP and URL artifacts and return results into SOAR cases as artifact hits or incident notes, reducing manual lookups and improving incident response efficiency. By combining QRadar’s correlation, investigation, and response capabilities with context-rich external threat intelligence derived from real-world internet exposure, organizations can improve detection accuracy, shorten investigation cycles, and enhance response prioritization across SOC operations, even as alert volumes grow. AI SPERA CEO Byungtak Kang commented that the integration highlights the growing importance of real-time, exposure-based intelligence in modern SOC environments and underscores Criminal IP’s focus on improving detection confidence and operational efficiency through practical, intelligence-driven integrations, while the platform’s AI and OSINT-powered threat scoring, reputation data, and real-time detection of various malicious indicators across IPs, domains, and URLs equip security teams with actionable threat intelligence to proactively identify, analyze, and respond to emerging threats.
