Skip to main content
TrustRadius
IBM Security QRadar SIEM

IBM Security QRadar SIEM

Overview

What is IBM Security QRadar SIEM?

IBM Security QRadar is security information and event management (SIEM) Software.

Read more
Recent Reviews
Read all reviews

Awards

Products that are considered exceptional by their customers based on a variety of criteria win TrustRadius awards. Learn more about the types of TrustRadius awards to make the best purchase decision. More about TrustRadius Awards

Popular Features

View all 13 features
  • Rules-based and algorithmic detection thresholds (34)
    9.1
    91%
  • Correlation (54)
    8.8
    88%
  • Integration with Identity and Access Management Tools (50)
    8.2
    82%
  • Custom dashboards and workspaces (54)
    7.4
    74%

Reviewer Pros & Cons

View all pros & cons
Return to navigation

Pricing

View all pricing
N/A
Unavailable

What is IBM Security QRadar SIEM?

IBM Security QRadar is security information and event management (SIEM) Software.

Entry-level set up fee?

  • No setup fee
For the latest information on pricing, visithttps://www.ibm.com/products/qradar…

Offerings

  • Free Trial
  • Free/Freemium Version
  • Premium Consulting/Integration Services

Would you like us to let the vendor know that you want pricing?

11 people also want pricing

Alternatives Pricing

What is Microsoft Sentinel?

Microsoft Sentinel (formerly Azure Sentinel) is designed as a birds-eye view across the enterprise. It is presented as a security information and event management (SIEM) solution for proactive threat detection, investigation, and response.

Return to navigation

Features

Security Information and Event Management (SIEM)

Security Information and Event Management is a category of security software that allows security analysts to look at a more comprehensive view of security logs and events than would be possible by looking at the log files of individual, point security tools

8.6
Avg 7.8
Return to navigation

Product Details

What is IBM Security QRadar SIEM?

IBM QRadar SIEM helps users to remediate threats faster by prioritizing high-fidelity alerts to help catch threats.

QRadar analytics monitor threat intel, network and user behavior anomalies to prioritize where immediate attention and remediation is needed. When threat actors trigger multiple detection analytics, move across the network or change their behaviors, QRadar SIEM will track each tactic and technique being used. More important, it will correlate, track and identify related activities throughout a kill chain, with a single high-fidelity case, automatically prioritized for the user.


https://ibm.biz/QRadar_SIEM_product_page



IBM Security QRadar SIEM Features

Security Information and Event Management (SIEM) Features

  • Supported: Correlation
  • Supported: Integration with Identity and Access Management Tools
  • Supported: Custom dashboards and workspaces
  • Supported: Behavioral analytics and baselining
  • Supported: Rules-based and algorithmic detection thresholds
  • Supported: Reporting and compliance management

Additional Features

  • Supported: Open architecture to deploy on premises, on cloud, or as a service.
  • Supported: Investigation speed faster with automated triage and contextual intelligence
  • Supported: Better visibility by removing silos and unifying input and shared insights
  • Supported: Integrates with existing tools to leave data where it is and leveraging current environment.

IBM Security QRadar SIEM Technical Details

Deployment TypesSoftware as a Service (SaaS), Cloud, or Web-Based
Operating SystemsUnspecified
Mobile ApplicationNo

Frequently Asked Questions

IBM Security QRadar is security information and event management (SIEM) Software.

Microsoft Sentinel, Splunk Enterprise Security (ES), and LogRhythm NextGen SIEM Platform are common alternatives for IBM Security QRadar SIEM.

Reviewers rate Centralized event and log data collection highest, with a score of 9.9.

The most common users of IBM Security QRadar SIEM are from Enterprises (1,001+ employees).
Return to navigation

Comparisons

View all alternatives
Return to navigation

Reviews and Ratings

(256)

Attribute Ratings

Reviews

(1-25 of 75)
Companies can't remove reviews or game the system. Here's why
Score 9 out of 10
Vetted Review
Verified User
Incentivized
We use IBM Security QRadar SIEM to help us quickly analyze and respond to potential security incidents. Today it is an indispensable solution for our SOC. By having a centralized interface like IBM Security QRadar SIEM, we are able to investigate and identify with much more precision the various events related to certain suspicious behaviors.
  • The interface in general is clean and complete.
  • There is a satisfactory number of plugins approved for integrations with other vendors. Through DSM Universal, we have the possibility of integrating with any other solution that has these resources (information collection through API).
  • With the UBA feature, we get an excellent behavioral view of the end user.
  • A greater number of DSMs available.
  • The frequency of available updates, I know that in some cases this is good, but when we have a large environment, IBM Security QRadar SIEM upgrades take hours to complete and I see that we always have unnecessary bugs in each version. Not that this interrupts the service, but it is somewhat annoying.
  • Support for third-party applications, IBM is not responsible for the third-party applications that run in its environment, so when we have a problem, we need to contact the suppliers. This is something that I believe should improve, since IBM approves all applications and makes it available in its store, so this "between manufacturers" contact should be more direct between those responsible and not depend on customers.
It is an excellent solution for what is proposed.
Score 9 out of 10
Vetted Review
Verified User
Incentivized
I make the use case based on needs of the bank, based on requests to the entity.
  • Visibility to different log source types
  • Manipulation of use cases to make them conform to the need
  • Long time data correlation in real time
  • Visibility of custom searches in the profiles created for the reach of all users
  • Integration to cloud services
IBM Security QRadar SIEM works well in terms of event correlation, customization of use cases, visibility of log source on premise, however, when moving forward with the integration of log source in the cloud, there is no identification for the correct scope of the events. Additionally, something in visibility is lost for profiles that are not admin.
Score 9 out of 10
Vetted Review
Verified User
Incentivized
The main goal of IBM Security QRadar SIEM is cybersecurity. We provide perimeter monitoring and active defense by blocking "bad" IPs. We monitor unusual user activity, password compromises, etc. We monitor malware activity in our organization using different IOCs from threat intelligence services and feeds. QRadar SIEM provides log storage for a definite period of time.
  • We are monitoring connections from/to the TOR Nodes to detect hidden malware.
  • We are monitoring users' password compromises by typing their password in the login box. Also, we send users notifications to change their passwords immediately.
  • We are monitoring bad HTTP(S) queries to our www sites from external agents and we are blocking bad IP addresses on our perimeter IPS Devices in real-time.
  • Improve the assets management tab as it has poor functionality.
  • Add more options and tests for creating rules and building blocks.
  • Add more options in the rules response tab to use multiple scripts and alerts.
All the Built-in Rules coming out of the box are not good. Need to write their own correlation rules for each organization using their specifics. IBM Security QRadar SIEM is good as a base of SOC.
January 03, 2024

IBM Qradar Review

Umair Javed | TrustRadius Reviewer
Score 8 out of 10
Vetted Review
Verified User
Incentivized
In our organization we use Qradar for network monitoring been in the SOC Team We monitor logs evets and offences triggered. investigate them take action if required and closed them.
as we have integrated most of our sensitive servers in SIEM so it would help to monitor the activity going on these serves.
  • payload done great job to understand the events
  • the extension integrated in SIEM helps alot
  • offence investigation in siem much easier
  • things where i am facing issue is regex langue.
  • making rules and under standing logic also a difficult task
  • integration of any log source need to done in much easier way
monitoring network traffic is much easier while having siem in your organization and the scenario where siem is less apricated is installing adding logs source making rules according to your desire or the last thing ibm support team not proving the good feedback on instant basis in case of any critical scenarios.
Brandon Lowry | TrustRadius Reviewer
Score 9 out of 10
Vetted Review
Verified User
Incentivized
IBM Security QRadar SIEM is a comprehensive, robust and effective platform that plays a critical role in our financial services organization to address cyber security challenges. This platform provides accurate and prioritized alerts that ensure a high level of cyber security, I have witnessed how this platform has enhanced our ability to quickly detect and respond to threats in real time, leading to greater protection of our critical assets and data.
  • Enables identification and prioritization of vulnerabilities in IT infrastructure for corrective action.
  • Facilitates security incident investigation and forensic analysis.
  • Provides a real-time view of security events, enabling immediate incident response.
  • Can integrate with external threat intelligence sources to enrich data and improve threat detection.
  • Enables the generation of detailed and customized reports.
  • It can be complex to use at first, requiring time and training to take full advantage of its capabilities.
  • Implementation requires significant hardware infrastructure and resources, which can be costly for some organizations.
IBM Security QRadar SIEM has all the features to protect real-time threats and protect critical data effectively in a financial services company. It is highly suitable in scenarios where large volumes of data are handled and a fast and effective response to cyber threats is required. However, in smaller or resource-constrained environments.
Score 10 out of 10
Vetted Review
Verified User
Incentivized
We used for security information and event management, helping organizations detect and respond to security threats. Its scope includes log and event analysis, threat intelligence, and compliance reporting, addressing issues like unauthorized access and data breaches. Specific use cases vary depending on organizational needs and security requirements.
  • Monitor
  • Parsing logs
  • User friendly interface
  • Easy managing
  • Less down time outages
  • More automation features
Can implement and use for large and small organisations easily manageable
Paige Jenkins | TrustRadius Reviewer
Score 10 out of 10
Vetted Review
Verified User
Incentivized
This tool is of great help in taking full control of the different IBM options that we are using in the company; it is highly compatible with any other software that is available. Security Qradar will maintain total security in each of the departments of your organization, providing confidence in everything elaborated, so any threat or attack that may exist and damage any result is immediately visualized, so it is constantly analyzed and efficient.
  • Automation capability and control.
  • Supply of information in real time.
  • Server attacks are protected.
  • Excellence technical support.
  • Easy to run.
  • The capacity of tables and graphs should be improved to keep all job environments safe, so those graphs are somewhat uncomfortable for newbies.
It works for any department of the business organization, be it small, medium, or large, as long as you want the entire system to run smoothly and safely. It has, in an integral way, the artificial intelligence processes and above all the essential detection of any threat in real and constant time. It has a very capable technical service and is always willing to help whenever necessary, which is why this tool is necessary for your company.
Score 10 out of 10
Vetted Review
Verified User
Incentivized
Working with total confidence is our goal and with this IBM Security QRadar has come to the organization. A tool that helps to be free of internal threats in our system, analyzes and executes strategies to get rid of all possible threats. It's powerful and feature-rich, which is what we were looking for, with the ability to customize it. QRadar has had the best time in detecting the threats having an immediate response, in addition to giving a report with all the details of what happened.
  • Excellent user interface.
  • Threat-specific reports.
  • It was characterized by being customizable.
  • Integration with IBM log data.
  • It keeps track of the system to achieve the best security, always with the best tools.
  • Data analysis from other software is quick and easy.
It has adequate and specific functions to have an improved system, such as analysis, threat alerts, monitoring, integration with various platforms, among several other features. QRadar has managed to significantly improve our organization, it is a much freer system to work comfortably. It has the ability to eliminate threats in a short time, always with an ideal alert system to be aware of what is happening instantly. QRadar is the perfect solution to avoid bad times with threats to our system, with perfect detection and elimination of threats.
Abhishek Kumar | TrustRadius Reviewer
Score 8 out of 10
Vetted Review
Verified User
Incentivized
IBM Security Qradar help our Organization by real-time Monitoring of Logs and events to Provide a safe and secured Environment and Interface. we use multiple servers and router switches and end devices are connected to each others ,Qradar helps to monitor all logs and events of all intregated devices and gives update with customs rules engine. If any misbehavior happens in server or in any devices ,it was investigated with Qradar and Creates offenses and give us alert of unethical activity.
  • Log and Event Monitoring
  • open Architecture to integrate with other software's
  • Automate Report
  • Sometime its lag and slow Working
  • Deployment is slow
  • automatic Offences are not updated need to manual.
  • No alarm system for offences
IIBM Security QRadar SIEM is one of the best tools for real-time monitoring of unethical activity or Occurrence on Qradar-connected servers or devices. We can easily find logs and activity by using the AQl and advanced search options. If any occurrence or unethical activity has been identified, the offenses will be automatically triggered using CRE.
NILESH KUMAR | TrustRadius Reviewer
Score 9 out of 10
Vetted Review
Verified User
Incentivized
IBM Security QRadar SIEM is used for real-time monitoring of logs of different servers based on different locations and logs of devices where QRadar agents are deployed to collect logs. The data collector helps to collect all the logs from the device and server. Data processors help a data store and create a custom rule; Data search provides graphs, reports, and offenses. With the help of all of them, we can easily manage the security posture of our clients.
  • Custom rules Engine.
  • Offences
  • Report
  • Parsing Normalization.
  • UI might be improve better.
  • Lag some time.
  • Offence not refresh automatically.
IBM Security QRadar SIEM is the one of best tools for real-time monitoring of unethical activity performed on servers or devices that are connected with Qradar. Using the AQl and advanced search options, we can find easily logs and activity that was performed. If any event is compromised then the offences will automatically triggered with the help of CRE.
Kenhy Dalglish Suarez Jaimes | TrustRadius Reviewer
Score 10 out of 10
Vetted Review
Verified User
Incentivized
At EY, the use of the QRadar SIEM has helped us provide services to clients for threat hunting and continuous monitoring 24 x 7.
  • Personalized and precise queries in investigations
  • Correlation of events and technologies
  • integration of multiple technological sources
  • cac
  • threat hunting
  • Integrations with some sources that are not native
  • simpler functions in the API
IBM Security QRadar SIEM is a powerful and easy-to-learn tool for analysts and its administration is well documented. QRadar can support and be adapted to the client's needs according to their needs and sector
Score 7 out of 10
Vetted Review
Verified User
Incentivized
We are a SOC and a security that is a security operation center and a center of incident response. So we have a lot of clients. All of these clients have a lot of locks, a lot of information security, information security events, and security alarms. We use this product to put each client in a separate bucket and all its security logs in each bucket. So if any of our clients have an incident, an alarm of a cybersecurity threat, we can see it in a dashboard. So we use this tool to correlate all the information so we can alert our clients that they are under attack
  • It is really simple to integrate different technologies because we have to correlate it and if it is difficult to integrate sources, I won't be able to do my job. So one of the best things is the way it integrates with different vendors so it's easy for us to deploy.
  • This product can do better in a lot of things. First, better integrating machine learning and artificial intelligence so all the logs can be integrated and can show threats besides the threats that we program. If we don't program a threat, the tool is not going to show me anything. We have to program it. But there are new technologies like artificial intelligence that could make this for us so we can have more visibility of threats. Right now they don't have these capabilities and there are other products that are incorporating these capabilities.
It's well suited If you have a complex big network when you need a simple but reliable platform. It is not suited for companies that want a tool that does everything because there are some tools that are less reliable, maybe smaller, but have a lot of features. So if you are looking for a lot of features, these might not be the tool, but if you are looking for a reliable platform that integrates well and you know that it is going to work, it is the tool for you.
Piyush Mittal | TrustRadius Reviewer
Score 10 out of 10
Vetted Review
Verified User
Incentivized
It is the best in industry Security information and event management software that we are using in our organisation to tackle cyber threats in real time. It provides us network and user behaviour analystics along with risk score so that analyst can respond to attacks. It basically helping us in securing our end points and network from external and internal attacks.
  • Provides alerts in real time with less false positives.
  • Prioritise the high severity alerts so that analyst can focus on severe ones.
  • Identify external as well as internal attacks and risky user behavior
  • Also comes as SAAS software
  • Collecting logs from windows is somewhat painful
  • Scope for improvement in user interface
  • It ia very costly product which could be reduced.
It is well suited for large scale enterprises who are concerned about their data. It helps them in improving their security posture by giving them insights on possible attacks or can give them insights on risky user behaviour. With the help of its AI and ML technology, analysts can see the attack pattern and respond to them. It is not suited for startups and small scale enterprises because of its cost.
Score 8 out of 10
Vetted Review
Verified User
IBM Security Qradar helps organization to store logs centrally. We can forward all Security devices, network devices, Servers, System etc.
towards the Event controllers. Further Event controller will send to Qradar Console.
  • We can forward all types of logs ex. events log, System log etc to QRADAR
  • We can customize Qradar console according to our requirement.
  • We can user Rsyslog protocol to forward logs.
  • We can download all customize report according to requirement.
  • Sometime passwordless communication getting failed from Qradar EC to Console.
  • Event processor is require to process logs which is again license base.
  • Save search option sometimes not working properly may be because of version bug.
When you are having multiple branch location we need to buy more event processor and event collector to collect log and process.
If you are having few branches then you can forward it to centralized EC.
Stephan van der Merwe | TrustRadius Reviewer
Score 9 out of 10
Vetted Review
Verified User
Incentivized
We use QRadar SIEM at one of our customers to ingest, event and alert data from multiple sources. And then correlate this into actionable data that we for monitoring. Best thing of QRadar SIEM is that you can literally ingest data from any source. And the Built in dashboard library makes visualizing this data so simple.
  • Ingest data from multiple sources
  • Machine Learning helps analyze User behavior for possible insider threats
  • Able to import Threat Intelligence via XForce
  • Sometimes you can get lost in the large volume of data.
If your looking for a robust SIEM solutions that can ingest data from multiple sources, and then visualize this data. The QRadar SIEM is perfect for you. It can also be enhanced with other modules which makes it and easier choice as well
Rahul Deshmukh | TrustRadius Reviewer
Score 8 out of 10
Vetted Review
Verified User
Incentivized
I used IBM Security QRadar SIEM when it was integrated with IBM Watson. We had issues with the analytics of IoC and it was extremely difficult to identify attacks in our customer network. The challenge was to identify the threat actor and the actions they performed to attack our customers' data. Having evaluated IBM Security QRadar SIEM, we found it suitable for our customer environment and expectations.
  • Threat management
  • Dashboards
  • Reports are detailed
  • Mapping of compliance deviation can improve
  • Performance can be improved
  • UEBA can be more specific in anomaly detection
If you are looking for end-to-end visibility of what actions the threat actor performed, which vulnerability he used, or phishing he triggered, you will get to know and be able to plug the loopholes. If you want quick analysis and need results within 1 or 2 minutes then IBM Security QRadar SIEM is not for you.
Score 7 out of 10
Vetted Review
Verified User
Incentivized
We use IBM QRadar as a main SIEM tool and we as a soc team completely depend on it. We do a primary investigation as per the building blocks and rules we organize. Whenever the alert triggers as per the rule we wrote. We go to a particular event and check the payload if we can find any suspicious things and proceed with further investigation.

  • Parsing
  • Payload
  • Integrations
  • User interface
  • Easy to operate
  • Loading speed
IBM QRadar as an SIEM tool is very good at parsing the Microsoft events when properly integrated and behaves well with the firewall events. This will be very useful in such scenarios, but, in some cases, the log sources will not parse properly that time it will be very difficult to troubleshoot.
August 10, 2023

Goes above and beyond

Score 9 out of 10
Vetted Review
Verified User
Incentivized
In my organization, IBM Security QRadar SIEM is used to manage data collected from logs. In addition, it is also used to monitor general network activity and to analyze and monitor the behaviors of the organization's users. This is a fairly large organization with a significant number of employees, so it is important to ensure that departments are kept abreast of trends in activity.
  • Collecting data from logs
  • Identifying threats
  • Rapid processing speed
  • Sometimes poor technical support
  • Search queries do not always go as planned
  • Asset management can seem somewhat disorganized at times
The IBM Security QRadar SIEM tool is a proper management tool that performs exactly as you would hope. If you and/or your organization are in need of a screening and management tool that will assist you in compiling data from organizational logs; detecting threats in what is close to real time; and analyzing the behavior of your users, this is the tool for you.
August 09, 2023

User friendly Qradar

Score 9 out of 10
Vetted Review
Verified User
Incentivized
I used it to onboard various devices. Extract the logs and parsing logs is very easy in Qradar. Creating use cases and creating dashboard is very user friendly. Rule management also support Mitre mapping which helps in fine tune security posture.
  • Use case creation is user freindly
  • Grouping of log source makes easy to segregate devices
  • Parsing is very easy to handle.
  • Alert management dashboard to find previous alerts
User friendly and as reliable solution qradar is best.
Mahmoud younis | TrustRadius Reviewer
Score 10 out of 10
Vetted Review
Verified User
Incentivized
Our company are MSSP service provider, and most of our customers are integrated with our XDR ( SEIM & SOAR ) IBM Security QRadar SIEM resolved many issues with our customers, plus IBM Security QRadar SIEM has many add-ons and DSM for most endpoint and security controllers, and it's easy also to integrate it with threat intelligent platformswe have more than 300 Usecase for cloud .endpoind and firewalls
  • parsing
  • event correlation
  • Ease of searching and viewing payload and events
  • eps sizing
  • auto refresh on offenses page
  • develop use case manager add-one
IBM Security QRadar SIEM is commonly used in Security Operations Centers to provide security analysts with a centralized console for monitoring, investigating, and responding to security events, For organizations with relatively small and straightforward IT infrastructures, the deployment and maintenance of IBM Security QRadar SIEM might be overly complex and costly compared to simpler SIEM solutions
Score 10 out of 10
Vetted Review
Verified User
Incentivized
IBM QRadar is one of the best SIEM available. Year of experience, continous improvements and constant innovations makes this product one of the most stable and reliable Cybersecurity platforms in commerce. I use QRadar on a daily basis both on operational and administrative levels in order to address the cybersecurity issues in my company and other companies.
  • Event correlation
  • Rule Alerting and Response
  • Data parsing and normalization
  • Customizations
  • User interface
  • Cloud services integration
  • NDR Integration like QNI can improve a lot
IBM QRadar is well suited for medium/large companies that needs to monitor their IT infrastructure on a trasversal level. Given that a SIEM is fundamental for a good cybersecurity environment, IBM QRadar is the rocksteady answer to all the needs that an IT Operation or SOC team may ask. Both on premise or in cloud, all-in-one or distributed, QRadar is scalable for any kind of scenario. This is a cutting edge product that needs to be followed constantly so it can be less appropriate for companies that doesn't have the required workforce to keep the product healty and up to date.
August 04, 2023

Senior Analyst review

Score 9 out of 10
Vetted Review
Verified User
Incentivized
Security Use cases and rules to monitor our infrastructure, applications and network
  • Use case building and rules creation
  • Testing and investigation of logs
  • Log source management
  • GUI
  • Search speed
Is suited for creating monitoring and security rules. Is not so appropriate for handling larges volumes of data and the speed of searching
August 04, 2023

QRadar review

Score 8 out of 10
Vetted Review
Verified User
Incentivized
Use cases monitored 24x7 from SOC Team about traffic and user abnormal behaviour, EDR monitor and Cloud.
  • Dashboard
  • Log source integration portfolios support
  • Application
  • Extension on the Marketplace IBM
  • Query
  • Pre-made Use Case
  • INterconnection beetween application and log sources
  • Query Speed UP
  • Intuitive correlation
  • Report improvement
A very good SIEM, needs to be undestood very well before to use it with it's full power.
Score 8 out of 10
Vetted Review
Verified User
Incentivized
I am using it in our day today operations and for security monitoring it is helping us to achive log monitoring and SOC alerts.
  • Security Monitoring
  • Log Collection
  • Compliance
  • Need to add more integrations
  • Should for more customization to exclude few details from the logs
It's less suited for environment where you have more out of scope integrations or where you are doing big data.
Score 8 out of 10
Vetted Review
Verified User
Incentivized
The IBM QRadar provides quiet robust security incident and event manager. It's functionalities including CRE, tenant management is also very good and functional. The event collector and processor works exceptionally. Also, the X-force threat intel helps to detect and mitigate potential threats in a good manner. The interface is user friendly and allows analysts to analyse the alerts in more efficient manner. The UBA also works as per the expectations and allows to monitor insider threats very efficiently.But we expect more development with the integration of Qradar with various 3rd party tools for example EDR.As a MSSP sometimes it is necessary to put the client demands on front while deploying such powerful tools and integrating it with the 3rd party ones. In conclusion, IBM QRadar SIEM has become an indispensable part of our cybersecurity arsenal. Its sophisticated threat detection, user-friendly interface, and seamless integrations have significantly improved our security operations. We highly recommend IBM QRadar SIEM to any organization looking to enhance their cybersecurity posture and gain better control over their network security.,
  • Log Analysis
  • Log collection
  • Offense investigation
  • User behaviour detection
  • Integration with 3rd party tools including EDRs
  • Syslog integration with some of the latest network devices
  • Interface efficiency
As a MSSP for healthcare and banking sector we use the QRadar as a pilot project for investigating security events and incidents. But for in-house and small environment it's not much suitable as a whole.
Return to navigation