Get to the head of the Q
Overall Satisfaction with IBM QRadar
QRadar is being used for incident detection and escalation, as well as reporting of metrics of interest on top of some KPIs for response times.
- Correlation
- Ease of use for data
- Customization for custom applications
- Reporting configuration is still too convoluted
- Coalescing is too tied down. I recommend an ability to adjust, with an appropriate limit, the fields used: in general, by log source type, and/or by log source.
- Immediate perceived ROI by leadership using reporting data.
- Splunk Enterprise, LogRhythm, Arcsight Enterprise Security Manager (formerly HP Arcsight), RSA NetWitness Logs & Packets and Sumo Logic
It was on the easier side for use and can be stable.