Skip to main content
Butter bar
Protect your organization with our weekly risk intelligence brief

IBM QRadar

Integration guide

Workflow Cropped


IBM license: IBM QRadar SIEM

Version 7.2.8 or higher

Everbridge license: Active IT Alerting standard or IT Alerting enterprise

Version: SaaS Annual Subscription (latest version).


  • An IBM QRadar administrator account must be used to install and configure the extension
  • An IBM QRadar Authorized Service and corresponding Authorized Service Token are required in order to use this extension
  • Everbridge user account with API Privileges
  • An API key is needed, but that will be generated when you perform the procedures in the iPaaS Configuration section of the Everbridge user guide under Documentation at


A distributable archive and documentation for installing and configuring the integration is available on the IBM X-Force App Exchange.

cards right

Inbound Interaction

User can control the conditions under which IBM QRadar automatically triggers incident creation in Everbridge:

cards right

Outbound Interaction

Everbridge incident and notification delivery details are available in the IBM QRadar offense details:

cards right

When the delivery details URL is visited, a page like the following is displayed:

cards right

You can configure the IBM QRadar integration and choose whether or not Everbridge incidents are automatically created from IBM QRadar offenses:

cards right

You can also customize the fields that are sent to Everbridge:

cards right

And you can manually create an incident from an IBM QRadar offense details page:

cards right


Under Help & Support -> Online Help, read the following section:

cards right

Under Help & Support -> Everbridge Support Center, download the IT Alerting User Guide, and read the following section:

Download the Admin Guide for the IBM QRadar Integration from IBM’s X-Force App Exchange.

cards right
Request a Demo