Ashwin, I just answered your setup question, pls have a look as well. As outlined already the CE edition is a standard image designed as AIO running a special license. However there a very little restrictions besides the fact that it is designed as a single box with performance limited to whatever hardware you have got. The idea is to install it on top of VMware. Regarding your questions: UBA yes , Threat Intelligence yes, MITRE Attack mappimg yes, STIX/TAXII feeds yes. For SOAR you should have a look at the new cloud services integration (license needed). Everything else is included. Some Apps need to be extra installed like UBA or need extra integration work as STIX based feed.
BR
------------------------------
[Karl] [Jaeger] [#ibmchampion]
[QRadar Specialist]
------------------------------
Original Message:
Sent: Thu June 12, 2025 11:14 AM
From: Ashwin Gedekar
Subject: QRadar CE Features: UBA, SOAR, MITRE, Threat Feeds β Included or External?
Hello Everyone,
I have a quick question regarding IBM QRadar Community Edition.
I would like to know whether the following features are included by default in the Community Edition or need to be integrated externally:
π§ UBA (User Behavior Analytics)
π Threat Intelligence Integration
πΊοΈ MITRE ATT&CK Mapping Tools
π°οΈ STIX/TAXII-based IBM Threat Intelligence Feeds
π€ SOAR (Security Orchestration, Automation and Response) β via IBM Resilient or any built-in capabilities
If anyone here is an experienced QRadar user, I'd really appreciate it if you could also share the pros and cons of using QRadar (especially the Community Edition) in a lab or small-scale setup.
Thanks in advance for your help and insights!
------------------------------
Ashwin Gedekar
------------------------------