IBM QRadar

👋 Hello everyone,

I'm currently exploring IBM QRadar Community Edition (CE) and would appreciate clarification on the following feature support areas:

🔗 Threat Intelligence Feed Integrations

I would like to confirm whether QRadar CE supports integration (natively or custom) with the following TI feeds:

• Group-IB

• VirusTotal

• Criminal IP

• Recorded Future Triage

➡️ If QRadar CE comes with its own default threat feed, kindly mention what that is.

➡️ If third-party feeds aren't natively supported, can they be integrated via:

• API ingestion

• STIX/TAXII

• Custom reference sets or lookup tables

⚙️ SOAR Functionality

• Does QRadar CE include any SOAR capabilities (e.g., automated playbooks, response actions)?

• Or is a licensed IBM SOAR (Resilient) or third-party SOAR platform required for that?

🧑‍💼 Multitenancy Support

• Is multitenancy supported or testable in QRadar CE for MSSP/MSP-style environments?

• Can we simulate client isolation (like domains, offenses, asset groups) in the community edition?

🧠 I'd really appreciate responses from those with hands-on experience or links to official documentation. Thanks in advance!

Ashwin, I have answered your questions already here https://community.ibm.com/community/user/discussion/qradar-ce-features-uba-soar-mitre-threat-feeds-included-or-external

Maybe I wasnt clear enough. Best way to integrate feeds is to use TI App documented here https://www.ibm.com/docs/en/qradar-common?topic=app-whats-new-in-qradar-threat-intelligence

Group IB = no AFAIK, Virus Total is supported. Criminal IP should work, Recorded Future Triage see https://www.recordedfuture.com/search?query=qradar

In general you can manually add standard feed as being documented here https://www.ibm.com/docs/en/qradar-common?topic=tif-adding-threat-intelligence-feeds

default feed is STIX / TAXII as beeing documented above

SOAR yes via resilient / IBM SOAR or cloud based lookup of offenses, which requires extra license

Multitenancy is supported in CE, so it can be simulated. You need to configure doamins, tenants etc manually, pls check https://www.ibm.com/docs/en/qsip/7.5?topic=administration-multitenant-management

👋 Hello everyone,

I'm currently exploring IBM QRadar Community Edition (CE) and would appreciate clarification on the following feature support areas:

🔗 Threat Intelligence Feed Integrations

I would like to confirm whether QRadar CE supports integration (natively or custom) with the following TI feeds:

• Group-IB

• VirusTotal

• Criminal IP

• Recorded Future Triage

➡️ If QRadar CE comes with its own default threat feed, kindly mention what that is.

➡️ If third-party feeds aren't natively supported, can they be integrated via:

• API ingestion

• STIX/TAXII

• Custom reference sets or lookup tables

⚙️ SOAR Functionality

• Does QRadar CE include any SOAR capabilities (e.g., automated playbooks, response actions)?

• Or is a licensed IBM SOAR (Resilient) or third-party SOAR platform required for that?

🧑‍💼 Multitenancy Support

• Is multitenancy supported or testable in QRadar CE for MSSP/MSP-style environments?

• Can we simulate client isolation (like domains, offenses, asset groups) in the community edition?

🧠 I'd really appreciate responses from those with hands-on experience or links to official documentation. Thanks in advance!

👋 Hello everyone,

I'm currently exploring IBM QRadar Community Edition (CE) and would appreciate clarification on the following feature support areas:

🔗 Threat Intelligence Feed Integrations

I would like to confirm whether QRadar CE supports integration (natively or custom) with the following TI feeds:

• Group-IB

• VirusTotal

• Criminal IP

• Recorded Future Triage

➡️ If QRadar CE comes with its own default threat feed, kindly mention what that is.

➡️ If third-party feeds aren't natively supported, can they be integrated via:

• API ingestion

• STIX/TAXII

• Custom reference sets or lookup tables

⚙️ SOAR Functionality

• Does QRadar CE include any SOAR capabilities (e.g., automated playbooks, response actions)?

• Or is a licensed IBM SOAR (Resilient) or third-party SOAR platform required for that?

🧑‍💼 Multitenancy Support

• Is multitenancy supported or testable in QRadar CE for MSSP/MSP-style environments?

• Can we simulate client isolation (like domains, offenses, asset groups) in the community edition?

🧠 I'd really appreciate responses from those with hands-on experience or links to official documentation. Thanks in advance!