Criminal IP Integrates with IBM QRadar to Deliver Real-Time Threat Intelligence Across SIEM and SOAR
MWN-AI** Summary
Criminal IP, an AI-driven threat intelligence platform, recently integrated its services with IBM's QRadar SIEM and QRadar SOAR systems, enhancing real-time threat intelligence capabilities for security operations centers (SOCs). This partnership allows organizations to seamlessly incorporate IP-based threat intelligence into their existing QRadar workflows, significantly improving the efficiency of threat detection, investigation, and response processes.
With the integration, security teams can analyze firewall traffic logs monitored by IBM QRadar. The Criminal IP’s API evaluates the risk levels of communicating IP addresses and presents this information directly within the QRadar interface. This categorization of IPs into high, medium, or low-risk classifications enables SOC teams to swiftly identify and prioritize critical threats, ensuring effective resource allocation for incident responses.
Moreover, the integration promotes interactive investigations without needing analysts to switch platforms. By simply right-clicking on suspicious IP addresses within the QRadar Log Activity, security professionals can access detailed Criminal IP reports that offer historical behavior and exposure signals, expediting risk validation and decision-making during investigations.
Additionally, the integration extends to QRadar SOAR with pre-built playbooks that automate threat enrichment for IP addresses and URLs. This automation enables analysts to enhance incident response efficiency by allowing enriched threat data to flow directly into SOAR cases, reducing the need for manual lookups.
By embedding Criminal IP’s threat intelligence into IBM QRadar's existing systems, organizations enhance their detection accuracy, investigation speed, and response prioritization. AI SPERA CEO Byungtak Kang emphasized the critical need for real-time exposure-based intelligence in modern SOC environments, highlighting the integration's role in advancing operational efficiency and decision-making during threat assessments.
MWN-AI** Analysis
The recent integration of Criminal IP with IBM QRadar SIEM and SOAR represents a significant advancement for security operations centers (SOCs) seeking enhanced threat intelligence capabilities. This development underscores the growing need for real-time, context-rich external threat intelligence in the cybersecurity landscape, especially as the volume of alerts continues to rise.
Investors should take note of how this integration enhances the operational efficiency of SOCs by streamlining workflows and allowing for quicker incident response. By embedding Criminal IP's threat intelligence into QRadar, security teams gain immediate access to risk-assessed data from their firewall traffic logs. This capability is essential, as it enables faster identification of high-risk IP addresses and allows analysts to perform in-context investigations without switching between tools. Such efficiencies are invaluable in managing today’s complex threat environments where rapid decision-making can make the difference between thwarting an attack and succumbing to one.
Moreover, the integration with QRadar SOAR to automate threat enrichment further underscores the operational benefits. By deploying pre-built playbooks that leverage external threat intelligence, security analysts can focus on more strategic tasks rather than time-consuming manual lookups. This is likely to lead to improved decision-making in crisis situations, making organizations more resilient against cyber threats.
For investors, companies like Criminal IP that enhance cybersecurity infrastructure through innovative integrations may present lucrative opportunities. As organizations prioritize enhancing their cybersecurity frameworks, technologies that integrate seamlessly into existing systems, like QRadar, are likely to gain traction.
Thus, keeping an eye on companies profiting from these technological advancements could yield fruitful returns, especially in an era where cyber threats are increasingly sophisticated and pervasive. Investing in firms that prioritize real-time threat insights and operational efficiency will be crucial in navigating the evolving cybersecurity landscape.
**MWN-AI Summary and Analysis is based on asking OpenAI to summarize and analyze this news release.
TORRANCE, Calif., Feb. 09, 2026 (GLOBE NEWSWIRE) -- Criminal IP (criminalip.io), the AI-powered threat intelligence and attack surface intelligence platform, is now integrated with IBM QRadar SIEM and QRadar SOAR.
The integration brings external, IP-based threat intelligence directly into IBM QRadar’s detection, investigation, and response workflows, enabling security teams to identify malicious activity faster and prioritize response actions more effectively across SOC operations.
IBM QRadar is widely adopted by enterprises and public-sector organizations as a central platform for security monitoring, automation, and incident response. By embedding Criminal IP intelligence into QRadar SIEM and extending it into SOAR workflows, organizations can apply external threat context across the incident lifecycle without leaving the QRadar environment.
Real-Time Threat Visibility from Firewall Traffic Logs
With the Criminal IP QRadar SIEM integration, security teams can analyze firewall traffic logs and automatically assess the risk associated with communicating IP addresses. Traffic data forwarded into IBM QRadar SIEM is analyzed through the Criminal IP API and reflected directly inside the SIEM interface.
Observed IP addresses are automatically classified into High, Medium, or Low risk levels from a threat intelligence perspective. This allows SOC teams to quickly identify high-risk IPs, monitor inbound and outbound traffic, and prioritize response actions such as access blocking or escalation within the familiar QRadar SIEM workflow.
Interactive Investigation Without Leaving QRadar
Integrated Criminal IP lookup within IBM QRadar SIEM enables analysts to investigate suspicious IPs directly from traffic logs.
Beyond high-level visibility, the integration supports fast, in-context investigation. Analysts can right-click on IP addresses displayed in QRadar Log Activity to open a detailed Criminal IP report.
These reports provide additional context, including threat indicators, historical behavior, and external exposure signals, enabling analysts to validate risk and intent without switching tools. This streamlined workflow supports faster decision-making during time-sensitive investigations.
Extending Intelligence into QRadar SOAR Workflows
Criminal IP is also integrated with IBM QRadar SOAR to support automated threat enrichment during incident response. Using pre-built playbooks, Criminal IP intelligence can be applied to IP addresses and URL artifacts, with enrichment results returned directly into SOAR cases as artifact hits or incident notes.
This integration includes two playbooks:
- Criminal IP: IP Threat Service – Enriches IP address artifacts with Criminal IP threat context.
- Criminal IP: URL Threat Service – Performs lite or full URL scans and returns results as artifact hits or incident notes.
By embedding Criminal IP threat intelligence directly into SOAR workflows, analysts can reduce manual lookups and respond to incidents more efficiently.
Advancing Intelligence-Driven Detection and Response
By integrating Criminal IP with IBM QRadar SIEM and SOAR, organizations can combine QRadar’s correlation, investigation, and response capabilities with context-rich external threat intelligence derived from real-world internet exposure. This approach improves detection accuracy, shortens investigation cycles, and enhances response prioritization across SOC operations.
As alert volumes continue to grow, Criminal IP helps QRadar users make faster, more informed decisions by bringing external threat context directly into SIEM and SOAR workflows without adding operational complexity.
AI SPERA CEO Byungtak Kang commented that the integration highlights the growing importance of real-time, exposure-based intelligence in modern SOC environments and underscores Criminal IP’s focus on improving detection confidence and operational efficiency through practical, intelligence-driven integrations.
About Criminal IP
Criminal IP is the flagship cyber threat intelligence platform developed by AI SPERA and is used in more than 150 countries worldwide. It equips security teams with the actionable Threat Intelligence needed to proactively identify, analyze, and respond to emerging threats.
Powered by AI and OSINT, it delivers threat scoring, reputation data, and real-time detection of a wide array of malicious indicators, ranging from C2 servers and IOCs to masking services like VPNs, proxies, and anonymous VPNs, across IPs, domains, and URLs. Its API-first architecture ensures seamless integration into security workflows to boost visibility, automation, and response.
Contact
Michael Sena
AI SPERA
support@aispera.com
Photos accompanying this announcement are available at
https://www.globenewswire.com/NewsRoom/AttachmentNg/ee901ea7-1e08-438b-a452-86721affac9c
https://www.globenewswire.com/NewsRoom/AttachmentNg/8e031070-261c-475d-b797-c2fabea4bb5a
FAQ**
How does the integration of Criminal IP with IBM QRadar SIEM enhance the analysis of "International Paper Company IP" in terms of risk assessment and threat detection?
Can the real-time threat visibility from firewall traffic logs impact the security posture of "International Paper Company IP" under various threat scenarios?
How does the interactive investigation feature enable quicker decision-making for potential threats associated with "International Paper Company IP"?
In what ways does integrating Criminal IP's threat intelligence into QRadar SOAR workflows improve incident response times for incidents related to "International Paper Company IP"?
**MWN-AI FAQ is based on asking OpenAI questions about International Paper Company (NYSE: IP).
NASDAQ: IP
IP Trading
4.62% G/L:
$39.48 Last:
2,607,761 Volume:
$38.39 Open:
