Good Correlation Rule Capabilities with Legacy Dashboard.
July 18, 2023
Good Correlation Rule Capabilities with Legacy Dashboard.
Score 8 out of 10
Vetted Review
Verified User
Software Version
Other
Modules Used
- SIEM
Overall Satisfaction with IBM Security QRadar SIEM
Qradar is a leader SIEM solution and we are consulting companies for installation, technical issues, correlation rules etc. Most of the problem is about the legacy dashboard. Many companies want to see like splunk view and usage but less than Qradar price. Qradar is trying to improve this side like Users, log source management tabs but it is relatively slow. However, the solution mostly stable for working. Another issue is related to upgrades. When we uppgrade the solution, many issues are solved but many problems are coming together. Sometimes, finding the suitable version can be hard. Another issue, IBM support. It is better than many other products' support but it is not enough. Escalation period is relatively long and they can reject your escalation request. Finally, when you find some notification or error logg about an issue. However there is no solution for these issues in troubleshooting guide.
- Mostly stable.
- Strong Threat Intelligence.
- Correlation Rules.
- Log collection and auto-parser.
- Support
- Documentation
- The custom rule engine is successful.
- Rule creation is very easy with predefined sentences.
- Ease of use.
Correlation rule capabilities are very good. Maybe that is not best but its ROI is best. In addition, it is IBM and in my region, Qradar is one of the best SIEM solutions with good quality local and global support.
Do you think IBM Security QRadar SIEM delivers good value for the price?
Yes
Are you happy with IBM Security QRadar SIEM's feature set?
Yes
Did IBM Security QRadar SIEM live up to sales and marketing promises?
I wasn't involved with the selection/purchase process
Did implementation of IBM Security QRadar SIEM go as expected?
Yes
Would you buy IBM Security QRadar SIEM again?
Yes
IBM Security QRadar SIEM Feature Ratings
Using IBM Security QRadar SIEM
20 - They are consultants and SOC Analysts.
8 - We are consulting company, and we are a partner of IBM. So, we have Qradar consultants.
- We can install and make Qradar ready in one day.
- Support capabilities are very high but a bit slow.
- The dashboard is legacy, but Qradar works well.
- Local partnership is better than other SIEM solutions, so it is more preferred.
- ROI is very high.
- IBM is hard to work with.
- Dashboard renovation.
- Automatic parser mechanism must be improved like elastic/Wazuh/Splunk...
- Offense workflow must be more readable.
Evaluating IBM Security QRadar SIEM and Competitors
- Scalability
- Integration with Other Systems
- Ease of Use
We know the product, and this is the solution that best meets our expectations. Maybe we can add a new solution for SMEs because of price.