A fast and highly scalable cloud-native log management and security observability solution.
Security within reach
IBM Security® QRadar® Log Insights can help you gain complete visibility over your exponential and continuously growing digital footprint. Designed to address security observability needs with simple data ingestion, rapid search and powerful visualization, it’s optimized to perform analytics on data with greater efficiency and to provide faster insights.
QRadar Log Insights is powerful enough to extract, investigate and pull data from anywhere, and it can quickly perform multiple, concurrent searches on large data subsets in seconds. We infused the tool with smart, interactive dashboards and analytics to help you detect, investigate and plan action against threats faster.
Unified analyst experience built to increase productivity
Actionable dashboards and powerful search UX with built-in threat intelligence enrichment, federated search and case management allow more time for strategic analysis and threat hunting. The unified analyst experience is built specifically for the demands of today’s security operations and hybrid cloud environments.
More than just a log manager
Investigate
What do I hunt?
Stop spending hours researching the latest threats. QRadar Log Insights helps you find threats by using the latest malicious IP addresses, URLs and malware file hashes. It applies threat intelligence to both manual investigations and cases automatically created QRadar Log Insights leverages Sigma Rules and uses Kestrel Threat Hunting as the AI base component. The AI model acts as a security analyst who knows exactly what to hunt for.
Analyze
What does it mean?
After threat intelligence capabilities identify risky behavior or critical threats, QRadar Log Insights aligns the data to the MITRE ATT&CK framework, which reduces the triage process to minutes. You can quickly identify which TTP’s are used and filter through the supporting data for more information and details.
Take Action
What do I need to do about it?
Powered by AI, QRadar Log Insights provides recommendations based on industry best practices should your system identify a threat.
Frequently asked questions
Can QRadar Log Insights detect Threats?
QRadar Log Insights includes the ability to detect threats by using threat intelligence where discovered indicators result in new alerts, and from scheduled searches run against the data warehouse. Log Insights also includes the QRadar unified analyst workflow that enables users to quickly triage and respond to alerts.
Can QRadar Log Insights generate alerts?
Yes, QRadar Log Insights can generate alerts from KQL and STIX queries, as well as from threat intelligence updates by using threat intelligence insights.
Can QRadar Log Insights generate response actions form alerts?
Yes, Log Insights goes beyond a standard log management product to provide recommended actions according to search-based alerts and automated investigation functionalities.
What are the primary differences between QRadar Log Insights and a SIEM?
A SIEM will collect, analyze and correlate data to detect threats. Log Insights will ingest, normalize and store data in one location for analysts to easily search and make decisions about an environment’s health. Essentially, a SIEM provides actionable alerts whereas a log manager brings data together, allows for quick search and offers flexible storage options at a lower price point.
Is Grafana available immediately or do I need to instal it?
Users must acquire the license and install Grafana and then configure the QRadar KQL Plugin.
If you would like more information on IBM QRadar, contact us today!
