TrustRadius

IBM Security QRadar SOAR vs. TheHive

Overview
ProductRatingMost Used ByProduct SummaryStarting Price
IBM Security QRadar SOAR
Score 8.9 out of 10
N/A
IBM Security® QRadar® SOAR is designed to help your security team respond to cyberthreats with confidence, automate with intelligence and collaborate with consistency. It guides your team in resolving incidents by codifying established incident response processes into dynamic playbooks.N/A
TheHive
Score 9.7 out of 10
Enterprise companies (1,001+ employees)
TheHive is a collaborative case management platform that helps security teams centralize, structure, speed up and scale their alert management, investigations and incident response.N/A
Pricing
IBM Security QRadar SOARTheHive
Editions & Modules
No answers on this topic
No answers on this topic
Offerings
Pricing Offerings
IBM Security QRadar SOARTheHive
Free Trial
NoYes
Free/Freemium Version
NoYes
Premium Consulting/Integration Services
NoYes
Entry-level Setup FeeNo setup feeOptional
Additional DetailsUsage-based pricing: This simple, scalable option allows starting small with an initial users and capabilities and scaling up as more users are added, as well as capabilities and data. Enterprise-wide pricing: This option is based on either the size of the enterprise-wide IT infrastructure or the size and type of data sources being secured.TheHive Gold and Platinum editions are priced per number of users (seats) and orgnizations (tenants). Prices start from 1 organization and 5 users.
More Pricing Information
Community Pulse
IBM Security QRadar SOARTheHive
Features
IBM Security QRadar SOARTheHive
Incident Response Platforms
Comparison of Incident Response Platforms features of Product A and Product B
IBM Security QRadar SOAR
-
Ratings
TheHive
10.0
1 Ratings
12% above category average
Company-wide Incident Reporting00 Ratings10.01 Ratings
Integration with Other Security Systems00 Ratings10.01 Ratings
Centralized Dashboard00 Ratings10.01 Ratings
Live Response for Rapid Remediation00 Ratings10.01 Ratings
Best Alternatives
IBM Security QRadar SOARTheHive
Small Businesses

No answers on this topic

ThreatDown, powered by Malwarebytes
ThreatDown, powered by Malwarebytes
Score 8.7 out of 10
Medium-sized Companies
Splunk SOAR
Splunk SOAR
Score 8.3 out of 10
CrowdStrike Falcon
CrowdStrike Falcon
Score 9.1 out of 10
Enterprises
Palo Alto Networks Cortex XSOAR
Palo Alto Networks Cortex XSOAR
Score 1.5 out of 10
CrowdStrike Falcon
CrowdStrike Falcon
Score 9.1 out of 10
All AlternativesView all alternativesView all alternatives
User Ratings
IBM Security QRadar SOARTheHive
Likelihood to Recommend
8.8
(18 ratings)
10.0
(1 ratings)
Likelihood to Renew
8.0
(1 ratings)
-
(0 ratings)
Usability
5.5
(3 ratings)
-
(0 ratings)
Support Rating
6.0
(1 ratings)
-
(0 ratings)
Vendor post-sale
7.3
(1 ratings)
-
(0 ratings)
Vendor pre-sale
8.2
(1 ratings)
-
(0 ratings)
User Testimonials
IBM Security QRadar SOARTheHive
Likelihood to Recommend
IBM
IBM Security QRadar SOAR is versatile. All the major players in SOAR field require the administrator to have coding experience but with IBM it is different. IBM's solution is a full-fledged automation solution, and not some threat-based or limited one. Meaning whatever comes to your mind, if you can write the code, you can do it. This goes from daily tasks from SOC to daily tasks of your network or security administrator or any other administrator. You can manage your ITSM solution if you want to, IBM is a playground and there is much to discover in its capabilities. If you do not have the knowledge or if you want a SOC/Threat Based SOAR solution, meaning you want automation but you want it to be limited to an area and out-of-box, you may choose other alternatives.
Verified User
Anonymous
Read full review
StrangeBee
Managing incident response - it does exactly what it is supposed to do!
PG
Patrick Green
Cyber Security and Resilience
Read full review
Pros
IBM
  • QRadar's ability to collect, analyze and normalize vast amount of security data from various sources is remarkable.
  • QRadar allows us to define and automate incident response playbooks which have been amazing for streamlining the response to security incidents.
  • It offers and extensive library of pre-built connectors and support for common security standards facilitating seamless integration with a wide range of security tools.
SJ
Sarah Jones
CMO (Chief Marketing Officer)
Read full review
StrangeBee
No answers on this topic
Cons
IBM
  • You still have to generate reports manually. Reports are very limited and practically not useful.
  • The solution should not be SOAR class. Automations usually don't work. It's apparent that it's not designed for that.
  • Lack of flexibility.
  • Practically no support. The reported integration problems have not been resolved.
DS
Dominik Siekierski
Applications Engineer
Read full review
StrangeBee
No answers on this topic
Likelihood to Renew
IBM
I'd rate my likelihood of renewing the use of IBM Security QRadar SOAR as an 8 out of 10. Its strong automation, customization, and integration capabilities make it highly valuable for incident response and cybersecurity research. However, occasional complexity and the need for more streamlined usability prevent it from being a perfect score.
Verified User
Anonymous
Read full review
StrangeBee
No answers on this topic
Usability
IBM
I would rate IBM Security QRadar SOAR's overall usability a 7 out of 10. The interface is quite functional and offers a wide range of features, but it can be somewhat complex and intimidating for beginners. Additionally, the configuration and customization can require a significant learning curve, especially for those without prior experience with security orchestration and automation platforms.
Verified User
Anonymous
Read full review
StrangeBee
No answers on this topic
Reliability and Availability
IBM
I would rate IBM Security QRadar SOAR's availability as 9 out of 10. The platform is highly reliable, with minimal unplanned outages or application errors, ensuring it’s available when needed. However, occasional minor maintenance periods or rare connectivity issues prevent it from achieving a perfect score in terms of availability.
Verified User
Anonymous
Read full review
StrangeBee
No answers on this topic
Performance
IBM
I would rate IBM Security QRadar SOAR's performance as 8 out of 10. Pages generally load quickly, and reports complete in a reasonable time frame, even for complex data. While integration with other systems is smooth, there can be occasional slowdowns when handling very large datasets or during peak usage, which affects the perfect score.
Verified User
Anonymous
Read full review
StrangeBee
No answers on this topic
Support Rating
IBM
I would rate IBM Security QRadar SOAR's support an 8 out of 10. The support team is knowledgeable, responsive, and generally provides helpful solutions. However, there can be occasional delays when addressing more complex issues, which prevents it from being a perfect score. Overall, the support experience has been positive.
Verified User
Anonymous
Read full review
StrangeBee
No answers on this topic
Implementation Rating
IBM
I would rate my satisfaction with the implementation of IBM Security QRadar SOAR as 7 out of 10. The process was generally straightforward, supported by helpful documentation and responsive support. However, certain advanced configurations proved more challenging and required more technical effort than anticipated, making the overall experience less seamless.
Verified User
Anonymous
Read full review
StrangeBee
No answers on this topic
Alternatives Considered
IBM
Overall, IBM Security QRadar SOAR offered the same set of functionality that was needed by the organization as offered by Splunk SOAR, but the former is less expensive and solves all the purpose within budget. In addition, integration with other IBM products was easier and made implementation of a SOAR solution much faster.
Verified User
Anonymous
Read full review
StrangeBee
No answers on this topic
Scalability
IBM
I would rate IBM Security QRadar SOAR's overall scalability as 9 out of 10. It effectively scales to handle large volumes of incidents and can be deployed across multiple departments or sites. Its architecture supports growing data and integration needs, but advanced configuration for larger deployments may require more effort, preventing a perfect score.
Verified User
Anonymous
Read full review
StrangeBee
No answers on this topic
Return on Investment
IBM
  • It provides comprehensive MTTD and MTTR metrics and we are aware of how secure our systems are at any given moment.
  • We use linux 7.7, therefore the integrations are smooth.
  • We've been able run our online shops securely for so long.
Verified User
Anonymous
Read full review
StrangeBee
No answers on this topic
ScreenShots

IBM Security QRadar SOAR Screenshots

Screenshot of the IBM Security QRadar SOAR Breach Response solution. The software helps customers manage more than 180 global privacy reporting regulations including GDPR.Screenshot of the Playbooks Landing page, that shows all active playbooks in a single view, including how many are actively running, disabled, or are in draft.Screenshot of IBM Security QRadar SOAR’s Playbook Designer canvas, designed to lower the barrier to entry necessary to build automations through a graphical interface.Screenshot of the Tasks view shows all response tasks, organized by phase, that have either completed or are set to be executed.Screenshot of Threat Investigator automatically correlates incident information, curating an incident timeline from start to finish, including related artifacts and MITRE ATT&CK mappings.

TheHive Screenshots

Screenshot of Alert Management: Go through your dedicated and detailed Alert page, make comments, identify similar Alerts, define custom statuses and fields. Then decide whether or not they should be escalated to investigations or to incident response.Screenshot of Case Management: Create cases and associated tasks and observables. Identify similar cases and alerts, define the PAP (Permissible Actions Protocol) level on each Observable, or improve your Incident Response process using a simple yet powerful template engine.Screenshot of Muti Tenant Environments: Define the different organizations and teams and get them to work in a dedicated or collaborative mode: tenants' cases can be isolated or investigated by users from different organizations based on customizable roles and permissions.Screenshot of User Management: Define and customize user profiles, assign them to users within their organizations and synchronise them via LDAP or AD.Screenshot of Metrics and Dashboards: Compile and correlate statistics on cases, tasks, observables, metrics and more to generate useful KPIs and MBOs with our dynamic dashboard engine.Screenshot of MISP Integration: Get shared Indicators of compromise quickly imported and ready to use or share yours easily with your communities by connecting TheHive with MISP.