1. Home
  2. Security Information and Event Management (SIEM) Software
  3. IBM Security QRadar SIEM Reviews
  4. User Review of IBM Security QRadar SIEM
Simple, flexible architecture. Easy deployment. Out of the box rules, offenses and reports
April 10, 2019

Simple, flexible architecture. Easy deployment. Out of the box rules, offenses and reports

Anonymous | TrustRadius Reviewer
Score 10 out of 10
Vetted Review
Verified User

Overall Satisfaction with IBM QRadar

We have used IBM QRadar for more than 8 years. We collect and corelate events from Microsoft Servers, SQL, Oracle, Fortigate, Cisco ASA, Active Directory, Linux, Apache and from many other custom services. The out-of-the-box rules, offences, and reports, made SOC's lives easy and more comfortable. DSM Editor is simple and works with simple regex. Now, we integrate into IBM QRadar, Vulnerability Manager and Risk Manager from IBM. This integration helps us to view the problems with the IT infrastructure and resolve them fast. It's the solution for businesses who want to get rapid deployment and instant log visibility to meet security and compliance requirements.
  • Log Sources - QRadar has a lot of built-in log source types, more than 400. If you can't find THE source, you can create your own log source with DSM Editor.
  • DSM Editor - This tool is great and can help you if you have own services and you want to parse the events like you want.
  • Integration with Vulnerability Manager and Risk Manager - Installation is easy and intuitive
  • Built-in Rules, Offences and Reports - for new users it's a great opportunity to learn how QRadar works and how to create new rules and offences.
  • Update procedure between versions, sometimes after update, something doesn't work and you need to contact support or work with command line
  • SE Linux by default is disable
  • Metric events can't be disabled
  • Increase Security
  • Compliance with standards
  • Built in All in One solution
User friendly interface and easy to install and implementation. A lots of Log source types ( more than 400) and DSM Editor with standard regexp. Demo version IBM Qradar CE help to practice and learn how it's work and allow you to test scripts before applying them on deployment infrastructure.
IBM QRadar is perfect if you have Security Operation Center, also it's a great solution to keep logs integrity and safety. User behavior helps to identify some anomalies. Parsing, Rules, Offences, and Reports for Active Directory logs are very deep and granular. On the other hand, Network Activity disappointed me a little and the dashboard it's kind of poor compared to other solutions.

IBM Security QRadar SIEM Feature Ratings

Security Information and Event Management (SIEM)
9.9
Centralized event and log data collection
10
Correlation
10
Event and log normalization/management
10
Deployment flexibility
10
Integration with Identity and Access Management Tools
10
Custom dashboards and workspaces
9
Host and network-based intrusion detection
10