Skip to main content
Butter bar
Risk Intelligence Trial

Integration Guide

IBM QRadar



IBM License: IBM QRadar SIEM

Version 7.2.8 or higher

Everbridge license: active IT Alerting Standard or IT Alerting Enterprise

Version: SaaS Annual Subscription (latest version).


  • An IBM QRadar administrator account must be used to install and configure the extension
  • An IBM QRadar Authorized Service and corresponding Authorized Service Token are required in order to use this extension
  • Everbridge user account with API Privileges
  • An API key is needed, but that will be generated when you perform the procedures in the iPaaS Configuration section of the Everbridge user guide under Documentation at


A distributable archive and documentation for installing and configuring the integration is available on the IBM X-Force App Exchange.

IBM QRadar Screenshot 1

Inbound Interaction

User can control the conditions under which IBM QRadar automatically triggers incident creation in Everbridge:

IBM QRadar Screenshot 2

Outbound Interaction

Everbridge incident and notification delivery details are available in the IBM QRadar offense details:

IBM QRadar Screenshot 3

When the delivery details URL is visited, a page like the following is displayed:

IBM QRadar Outbound 2

You can configure the IBM QRadar integration and choose whether or not Everbridge incidents are automatically created from IBM QRadar offenses:

IBM QRadar Outbound 3

You can also customize the fields that are sent to Everbridge:

Incident Mapping Screenshot

And you can manually create an incident from an IBM QRadar offense details page:

Incident Mapping Screenshot


Under Help & Support -> Online Help, read the following section:

IBM documentation screenshot

Under Help & Support -> Everbridge Support Center, download the IT Alerting User Guide, and read the following section:

Download the Admin Guide for the IBM QRadar Integration from IBM’s X-Force App Exchange.

Request a Demo