Criminal IP Integrates with IBM QRadar SIEM and SOAR for Faster Threat Response
2 min. read 
Published on
Criminal IP now works directly with IBM QRadar SIEM and SOAR. This AI-powered threat intelligence platform enriches firewall logs and IP data in real time. Security teams get risk scores and context without leaving their QRadar console.
The integration pulls external threat data into QRadar’s core workflows. Firewall traffic shows High, Medium, or Low risk labels for IPs automatically. Analysts spot malicious C2 servers, VPNs, proxies, and IOCs faster. This cuts investigation time during busy SOC shifts.
Access content across the globe at the highest speed rate.
70% of our readers choose Private Internet Access
70% of our readers choose ExpressVPN
Browse the web from multiple devices with industry-standard security protocols.
Faster dedicated servers for specific actions (currently at summer discounts)
QRadar SOAR gains two new playbooks. One enriches IP artifacts with Criminal IP reports. The other scans URLs for threats and adds results as case notes. Automation handles the lookups so humans focus on response.
AI SPERA CEO Byungtak Kang said: “The integration highlights the growing importance of real-time, exposure-based intelligence in modern SOC environments.” He added it “underscores Criminal IP’s focus on improving detection confidence and operational efficiency.”
Key Features Table
| Feature | QRadar SIEM | QRadar SOAR |
|---|---|---|
| IP Risk Scoring | Auto-classify traffic logs | Enrich artifacts |
| Right-Click Lookup | Detailed IP reports | Playbook automation |
| Threat Coverage | C2, VPNs, proxies, IOCs | URL scans (lite/full) |
| Workflow Impact | No tool switching | Case notes direct |
Real-Time Benefits
Firewall logs feed into Criminal IP API instantly. IPs get scored by AI and OSINT data from 150+ countries. Right-click any IP in Log Activity for full context like historical attacks or exposure signals. SOAR playbooks run enrichment without manual steps.
High-risk IPs trigger priority alerts. Teams block access or escalate fast. The API-first design fits any security stack.
Supported Threat Types
- Command-and-control servers.
- Masking services (VPNs, proxies).
- Domains and URLs with bad reputation.
- Active IOCs from global feeds.
Integration Setup
| Step | Action | Time Required |
|---|---|---|
| SIEM Content | Install app packs | 15 minutes |
| SOAR Playbooks | Import IP/URL services | 10 minutes |
| API Config | Add Criminal IP key | 5 minutes |
| Test | Run sample lookups | Verify instantly |
FAQ
Real-time IP/URL threat scoring and context from AI+OSINT.
Right-click IPs in logs for instant reports.
IP Threat Service and URL Threat Service.
C2 servers, VPNs/proxies, IOCs, bad domains.
No, API-first with pre-built packs for SIEM/SOAR.
Read our disclosure page to find out how can you help VPNCentral sustain the editorial team Read more
Improve this guide
User forum
0 messages