IBM Security QRadar

Accelerating Intelligence-Driven Threat Detection and Response in IBM Security QRadar

By Ellen Wilson posted Thu June 17, 2021 03:35 PM


 As the attack surface grows, security teams are seeing more and more events each day. Recorded Future’s intelligence reduces security risk by automatically positioning threat data in your IBM Security QRadar environment to connect the dots between your internal activity and the external threat landscape. This empowers analysts to identify and triage alerts faster, proactively block threats, and reduce time spent on false positives to improve analyst efficiency. 

Using a sophisticated combination of patented machine and expert human analysis, Recorded Future fuses an unrivaled set of open source, dark web, technical sources, and original research to deliver relevant cyber threat insights in real time — empowering you to identify threats faster. Recorded Future isn’t just another threat list. It provides actionable intelligence with the context needed to help you detect threats better, triage your alerts faster, and reduce risk for your organization. 

Start your free 30-day trial of Recorded Future integration for IBM Security QRadar today and gain access to real-time intelligence in support of the following use cases:


Enrich IP addresses: The Recorded Future integration for IBM Security QRadar enables you to access risk scores and associated evidence from Recorded Future on IP indicators directly in IBM Security QRadar by hovering the mouse cursor over any field containing an IP address.

Accelerate threat research: Users can also lookup IPs, domains, hashes, URLs, and vulnerabilities via a dedicated Recorded Future tab within QRadar, providing in-app Intelligence Cards for any indicator, which includes risk scores, risk evidence, finished intelligence research, related entities, and more.

Automate threat detection: Recorded Future intelligence can also be used to create Reference Sets that help you to quickly correlate and search data within QRadar for real-time detections of previously unknown threats. Recorded Future provides Reference Sets based on the entity type (including IP address, domains, hashes, and URLs), risk score thresholds, as well as the risk rules that have triggered.

There are three risk score-based reference sets for each entity type.

  • Malicious: Contains all the IOCs with a risk score of 65+
  • Very Malicious: Contains all the IOCs with a risk score of 90+
  • Score: Contains all the IOCs with a risk score equal to or greater than the the Threshold value, as set on the Recorded Future app configuration page. Different Thresholds can be set for each entity type.

By having the reference sets built out in such a granular way it allows clients to build extremely specific, targeted correlation rules that fit their organizations critical use cases.

Additionally, we also deliver malicious CVE Risk Lists into QRadar Reference Sets which can be used for searches and rules in conjunction with QRadar Vulnerability Management. The Reference set created is the Vulnerability Risk List which contains about 20,000 CVEs with malicious or very malicious risk scores.

With all of these features, the Recorded Future integration for IBM Security QRadar enables faster detection of threats, more granular correlation logic based on risk score or evidence, better offense triage and faster offense investigation.  For the Okinawa Institute of Science and Technology (OIST), the Recorded Future and IBM Security QRadar joint solution resulted in a 25% reduction of false positive QRadar offenses. Keita Nagase, OIST chief information security officer, also shared, “By integrating intelligence into our existing IBM Security QRadar system and workflows, and automating analysis, we believe we have improved the accuracy and operational efficiency of security monitoring by a factor of three or four.”


To see what Recorded Future can offer for your organization firsthand, request your 30-day free trial of Recorded Future’s integration for IBM Security QRadar today.