Quickly and easily conduct in-depth security forensics investigations

What's behind a cyber attack?

IBM® Security QRadar® Incident Forensics allows you to retrace the step-by-step actions of a potential attacker, and quickly and easily conduct an in-depth forensics investigation of suspected malicious network security incidents. It reduces the time it takes security teams to investigate offense records, in many cases from days to hours—or even minutes. It can also help you remediate a network security breach and prevent it from happening again.

IBM Security QRadar Incident Forensics offers an optional IBM Security QRadar Packet Capture appliance to store and manage data used by IBM Security QRadar Incident Forensics if no other network packet capture (PCAP) device is deployed. Any number of these appliances can be installed as a tap on a network or sub-network to collect the raw packet data.

IBM Security QRadar Incident Forensics:

Retraces the step-by-step actions of cyber criminals

Reconstructs raw network data related to a security incident

Integrates with IBM QRadar Security Intelligence Platform

  • Security intelligence blog: Get more insight about IBM Security QRadar Incident Forensics

    See what security specialists are saying and join the conversation.

IBM Security QRadar Incident Forensics resources

Not in United States?

Considering a purchase?

Contact IBM

Considering a purchase?