Skip to main contentIBM Cloud Pak Playbook


Solution Overview

IBM® Cloud Pak for Security provides a platform to quickly integrate your existing security tools to generate deeper insights into threats across hybrid, multicloud environments.

The IBM Cloud Pak for Security platform uses an infrastructure-independent common operating environment that can be installed and run anywhere. It comprises containerized software pre-integrated with Red Hat OpenShift enterprise application platform, which is trusted and certified by thousands of organizations around the world.

IBM Cloud Pak for Security can connect disparate data sources—to uncover hidden threats and make better risk-based decisions—while leaving the data where it resides. By using open standards and IBM innovations, IBM Cloud Pak for Security can securely access IBM and third-party tools to search for threat indicators across any cloud or on-premises location. Connect your workflows with a unified interface so you can respond faster to security incidents. Use IBM Cloud Pak for Security to orchestrate and automate your security response so that you can better prioritize your team’s time.

More information about IBM Cloud Pak for Security can be found at this IBM Knowledge Center page.

IBM Cloud Pak for Security 1.2.0 includes the following component applications.

Data Explorer

IBM® Security Data Explorer is a platform application that enables customers to perform federated search and investigation across their hybrid, multi-cloud environment in a single interface and workflow. Data Explorer enables users to perform investigations in a timely manner without compromising visibility. Core underlying services and capabilities include:

  • Federated data search to unite silos of security data and provide complete visibility across security solutions (for example, Security Information and Event Management, Endpoint Detection and Response, Data lake), and cloud infrastructures (for example, Azure, Amazon Web Services (AWS))
  • Single, unified interface and workflow to investigate threats and Indicators of Compromise into user-selected data sources
  • In-context data enhancements from connected asset and risk data sources and IBM® Threat Intelligence Insights
  • Workflows to track, append, create security cases from native platform case management system

For more information, see the Data Explorer section of the IBM Knowledge Center.


Cases for IBM Cloud Pak for Security provides organizations with the ability to track, manage, and resolve cybersecurity incidents. With Cases, Security and IT teams can collaborate across their organization to rapidly and successfully respond to incidents. For more information, see Cases.

IBM Threat Intelligence Insights

IBM Threat Intelligence Insights is an application that delivers unique, actionable, and timely threat intelligence. The application provides nearly all the same functions the X-Force Exchange does with added features such as:

  • IBM-derived threat intelligence across threat activity, threat groups, malware, and industries
  • Continuous and automated Am I Affected searches across connected data sources to proactively identify your most relevant threats
  • Analytical and adaptive threat scoring to help prioritize threats for further investigation and response

For more information, see IBM Threat Intelligence Insights.

Note: The IBM Threat Intelligence Insights application is installed by default, but can be switched off as part of the IBM Cloud Pak for Security installation process.

IBM Resilient Security Orchestration, Automation, and Response (SOAR) Platform

IBM® Resilient Security Orchestration, Automation, and Response (SOAR) Platform (5737-A52) is offered as an on-premises solution and delivers a foundation for successful cybersecurity defense that enables organizations to:

  • Create response plans that are based on industry standards and best practices.
  • Integrate more easily with security and IT tools, and orchestrate responses to events and incidents.
  • Collaborate across the organization, equipping various stakeholders with the tools to fulfill their roles and tasks as part of an incident response effort.

IBM QRadar Security Intelligence Platform

IBM® QRadar® Security Intelligence Platform is offered as an on-premises solution and delivers intelligent security analytics, enabling visibility, detection, and investigation for a wide range of known and unknown threats. Event analytics ingest, parse, normalize, correlate, and analyze log and event data to detect indicators of threats, identify anomalous activities, automatically connect related threat activity, and alert security teams to potential threats. Flow analytics collect, extract, and normalize valuable network flow data and packet metadata to augment log-based security insights and identify network and application level threat activity, such as phishing, lateral movement, and data exfiltration.

For more information, see QRadar Security Intelligence Platform .

The following diagram illustrates a high-level overview of the components of IBM Cloud Pak for Security.

Overview diagram