Graylog vs. IBM Security QRadar SIEM

Overview
ProductRatingMost Used ByProduct SummaryStarting Price
Graylog
Score 8.4 out of 10
N/A
Graylog, headquartered in Houston, offers their eponymous platform for centralized log management that helps users find meaning in data faster so as to take action immediately. Graylog is available via Enterprise and Cloud plans, but also has a Small Business Plan, and an Open (free) plan with limited features.N/A
IBM Security QRadar SIEM
Score 8.7 out of 10
N/A
IBM Security QRadar is security information and event management (SIEM) Software.N/A
Pricing
GraylogIBM Security QRadar SIEM
Editions & Modules
No answers on this topic
No answers on this topic
Offerings
Pricing Offerings
GraylogIBM Security QRadar SIEM
Free Trial
NoYes
Free/Freemium Version
YesNo
Premium Consulting/Integration Services
NoNo
Entry-level Setup FeeNo setup feeNo setup fee
Additional Details
More Pricing Information
Community Pulse
GraylogIBM Security QRadar SIEM
Considered Both Products
Graylog
Chose Graylog
In terms of log aggregation, the free product fully stacks up with the competitors listed. Full control over the data ingests for flexible configuration. Graylog even better on that front than AlienVault USM because you cannot configure the variable mapping. We haven't used …
IBM Security QRadar SIEM

No answer on this topic

Top Pros
Top Cons
Features
GraylogIBM Security QRadar SIEM
Security Information and Event Management (SIEM)
Comparison of Security Information and Event Management (SIEM) features of Product A and Product B
Graylog
-
Ratings
IBM Security QRadar SIEM
8.6
69 Ratings
10% above category average
Centralized event and log data collection00 Ratings9.927 Ratings
Correlation00 Ratings8.869 Ratings
Event and log normalization/management00 Ratings9.527 Ratings
Deployment flexibility00 Ratings7.827 Ratings
Integration with Identity and Access Management Tools00 Ratings8.665 Ratings
Custom dashboards and workspaces00 Ratings7.469 Ratings
Host and network-based intrusion detection00 Ratings9.725 Ratings
Data integration/API management00 Ratings9.07 Ratings
Behavioral analytics and baselining00 Ratings7.948 Ratings
Rules-based and algorithmic detection thresholds00 Ratings8.649 Ratings
Response orchestration and automation00 Ratings7.75 Ratings
Reporting and compliance management00 Ratings7.947 Ratings
Incident indexing/searching00 Ratings8.97 Ratings
Best Alternatives
GraylogIBM Security QRadar SIEM
Small Businesses
SolarWinds Papertrail
SolarWinds Papertrail
Score 8.9 out of 10
AlienVault USM
AlienVault USM
Score 7.9 out of 10
Medium-sized Companies
PRTG
PRTG
Score 8.9 out of 10
InsightIDR
InsightIDR
Score 9.1 out of 10
Enterprises
PRTG
PRTG
Score 8.9 out of 10
InsightIDR
InsightIDR
Score 9.1 out of 10
All AlternativesView all alternativesView all alternatives
User Ratings
GraylogIBM Security QRadar SIEM
Likelihood to Recommend
7.8
(7 ratings)
8.6
(89 ratings)
Likelihood to Renew
-
(0 ratings)
8.3
(4 ratings)
Usability
-
(0 ratings)
9.1
(1 ratings)
Support Rating
3.6
(3 ratings)
8.3
(62 ratings)
Ease of integration
-
(0 ratings)
8.1
(58 ratings)
User Testimonials
GraylogIBM Security QRadar SIEM
Likelihood to Recommend
Graylog
For small companies, Graylog is the best solution possible. It's easy to configure and "just works." Above everything else, it's free. The only thing I hold against it is the fact that it's Linux-based. [This] makes sense because Elasticsearch is Linux-based. But Linux adds a layer of complexity that we don't need for something basic as a logging server. I'm pretty sure that we would have had a logging server years earlier if I had to convince quite a few decision-making people to go ahead with it anyway.
Read full review
IBM
I would only recommend IBM Security QRadar SIEM in a few situations. For one, it's very easy to setup and use if all your log sources are generic from known vendors. It's also significantly cheaper than Splunk, which is nice if you're trying to save money or be more efficient. I would not recommend IBM Security QRadar SIEM for environments with a lot of custom logs and complicated detection requirements.
Read full review
Pros
Graylog
  • Graylog does a great job of its core function: log aggregation, retention, and searching.
  • Graylog has a very flexible configuration. The backend for storage is Elasticsearch and MongoDB is used to store the configuration. You have to option to make your configuration as simple as possible by storing everything on one box, or you can scale everything out horizontally by using a cluster of Elasticsearch nodes and MongoDB servers with several Graylog servers pointed to all the necessary nodes.
  • Graylog does a good job of abstracting away a fair portion of Elasticsearch index management (sharding, creation, deletion, rotation, etc).
Read full review
IBM
  • Enables identification and prioritization of vulnerabilities in IT infrastructure for corrective action.
  • Facilitates security incident investigation and forensic analysis.
  • Provides a real-time view of security events, enabling immediate incident response.
  • Can integrate with external threat intelligence sources to enrich data and improve threat detection.
  • Enables the generation of detailed and customized reports.
Read full review
Cons
Graylog
  • Support for more log sources
  • Event alerts/emails - Some cases where unable to separate data from multiple clients, and no easy fix
  • API - Limits results to 10,000 and can cause server to lockup on queries that exceed the limit
Read full review
IBM
  • Need to spend more time configuring the system to properly interpret and normalize different type of data collected from multiple resources.
  • While Rule creation QRadar uses that rules to detect security threats and generate alerts, but to creating and managing rules is bit complex & tedious work to complete.
  • IBM Security QRadar SIEM is excellent in handling large & complex systems that requires in-depth knowledge and extensive training to configure and maintain the system which includes upgrading, optimization of performance & issue troubleshooting.
Read full review
Likelihood to Renew
Graylog
No answers on this topic
IBM
With the arrival of IBM Security QRadar SIEM at our company, we have a better vision of all the security needs that may arise, it is a very safe software to use that prevents threats from damaging our IT environment, it is impossible to change it for another software.
Read full review
Usability
Graylog
No answers on this topic
IBM
A very special system to use without problems, the process is very genuine and does not require complicated procedures.
Read full review
Support Rating
Graylog
Community support does not give simple straightforward answers; simply search up Graylog Issues and look at some of the responses on the forums. The documentation is your only hope if you are on the free version, as you can NOT purchase only support. The few times I have worked with Graylog Enterprise support they were great though.
Read full review
IBM
Customer support is Good of IBM, While Using IBM QRadar its deployment is to slow and suddenly stop working and crashed we have contacted IBM Support and Rised a Ticket within a few minute we get call back from customer support and Query Resolved by them Fast And Rapid Support of Ibm
Read full review
Alternatives Considered
Graylog
In terms of log aggregation, the free product fully stacks up with the competitors listed. Full control over the data ingests for flexible configuration. Graylog even better on that front than AlienVault USM because you cannot configure the variable mapping. We haven't used the threat exchange stuff or correlation. But with regex searches, we have created function dashboards that show threat theater pictures of our network based on logs from our firewall.
Read full review
IBM
IBM Qradar takes the best from its competitors. Reliable and stable but sometimes very expensive, the SIEM from IBM offers a wide range of scenarios in which the customers can suite and size their own infrastructures. IBM Qradar doesn't really needs to stack up againt its competitors because it already sets an example in the SIEM world.
Read full review
Return on Investment
Graylog
  • Graylog is just less expensive than some other options which meant it fit into our budget otherwise we might not be able to justify a higher cost.
  • Being able to track issues that we normally couldn't track using other tools is a bonus to help us know of any issues we have and can fix before an outage or failure that could potentially cost money.
  • We have had to spend more time than I would like to understand and customize Graylog which has taken time away from other tasks and projects.
Read full review
IBM
  • Offense investigation was really helped in tackling the incidents. It was accurate and brief
  • The automation with IBM resilient (SOAR) was a milestone in elimination of user mistakes
  • The X-Force threat intelligence supported us in getting the work done without any 3rd party enterprise OSINT database
Read full review
ScreenShots

IBM Security QRadar SIEM Screenshots

Screenshot of QRadar SIEM Cloud native- Threat intelligence preview