IBM QRadar

IBM QRadar

Join this online user group to communicate across Security product users and IBM experts by sharing advice and best practices with peers and staying up to date regarding product enhancements.

 View Only

QRadar User Entity Behavior Analytics Now Available with Expanded Visibility for Insider Threats

By Lauren Hogge posted 8 hours ago

  

Managing Insider Threats Starts With Early Detection

The 2025 Ponemon Cost of Insider Risks Report shows that insider risk management is turning the tide on insider threats. The cost of insider risk continues to rise, with the annual average reaching $17.4M – up from $16.2M in 2023 – largely driven by increased spending on containment and incident response. Breach prevention begins with early risk detection and having a robust tool that helps surface unknown insider threat is crucial.

Thats why we’re excited to announce the release of User Entity Behavior Analytics (UEBA) for IBM QRadar—now available for download on the IBM App Exchange! ⬇️ Download Here

This major update brings expanded visibility for Insider Threat activity into your environment by combining user behavior insights with entity context. Devices, servers, and assets are now part of the picture, helping security teams detect threats with greater precision.

UEBA is now generally available with version 5.0.1 and introduces entity risk scoring, offense generation for entities, and enhanced dashboards that make it easier to investigate suspicious activity. Analysts can now monitor how users and entities interact, uncover hidden patterns, and respond faster to potential threats. 

UEBA 5.0.1 delivers key capabilities that help teams stay ahead of insider threats:

  • Detect unusual behavior tied to devices

  • View how users and entities are connected

  • Investigate threats with more context

Feature Highlights

Unified Dashboard & Risk Profiling

Monitor risky activity across users and entities in one place in the QRadar UEBA dashboard, with additional visibility into IP addresses, hostnames, and MAC addresses.

User & Entity Details Page

Drill down into entity-specific data including hostname, MAC address, IP location, linked users and vulnerability score.

Timeline View

Investigate deeper with timeline views for both users and entities.

Offense creation

Automatically generate offenses for entities with rising risk profiles. Analysts can differentiate between user and entity-triggered offenses using new dashboard indicators and sensitivity settings. 

Third Party Integrations

Integrate with vulnerability scanners and geo-location tools for richer context. Entities are automatically discovered and linked to user identities.

Ready to Strengthen Your Insider Threat Strategy?

We're committed to supporting your insider threat journey and will continue to offer QRadar UEBA as a free app to all QRadar customers.

Download or upgrade now to version 5.0.1 on the IBM App Exchange to take advantage of these powerful new capabilities and strengthen your threat detection strategy.

⬇️ Download Here

Additional Resources

Interested in learning more? Check out our UEBA resources:

🔗 Release Notes

🔗 UEBA Feature Deep Dive - Blog

🔗 UEBA Feature Deep Dive - Webinar

🔗 UEBA Feature Deep Dive - Demo

 

0 comments
22 views

Permalink

https://community.ibm.com/community/user/blogs/lauren-hogge/2025/08/27/qradar-ueba-now-available