Request a Demo

Everbridge – IBM QRadar Integration Guide

Everbridge license needed: active annual subscription of IT Alerting Standard or IT Alerting Enterprise

IBM QRadar version supported: IBM QRadar SIEM version 7.2.8 or higher

Everbridge version supported: as a SaaS offering, the latest version is always available


  • An IBM QRadar administrator account must be used to install and configure the extension
  • An IBM QRadar Authorized Service and corresponding Authorized Service Token are required in order to use this extension
  • Everbridge user account with API Privileges
  • An API key is needed, but that will be generated when you perform the procedures in the iPaaS Configuration section of the Everbridge user guide under Documentation at


A distributable archive and documentation for installing and configuring the integration is available on the IBM X-Force App Exchange.
Self-service configuration of IBM QRadar integration on the Everbridge platform,
by an end user, is easy from the Settings -> Everbridge Open -> iPaaS  tab of the Everbridge SaaS application. Click “New Agent”:

Inbound interaction

User can control the conditions under which IBM QRadar automatically triggers incident creation in Everbridge:

Outbound interaction

Everbridge incident and notification delivery details are available in the IBM QRadar offense details:
When the delivery details URL is visited, a page like the following is displayed:
You can configure the IBM QRadar integration and choose whether or not Everbridge incidents are automatically created from IBM QRadar offenses:
You can also customize the fields that are sent to Everbridge:
And you can manually create an incident from an IBM QRadar offense details page:

  • Under Help & Support -> Online Help, read the following section:
  • Under Help & Support -> Everbridge Support Center, download the IT Alerting User Guide, and read the following section: