Overall Satisfaction with IBM QRadar
I had the privilege to install and deploy QRadar for my customers, to respond to many problems like managing logs and detecting advanced attacks to the platform. In many cases, people can't see human behaviors. With QRadar UBA, they can finally profile and use UBA capabilities to anticipate and respond to attacks. QRadar has a greater ability to integrate with many other solutions with more than 200 apps developed, and this helps to harmonize customer fabric security.
- Rich functionality.
- Analyze Flows.
- UBAI Analyses capability.
- Integrations with SOAR and other SIEM platforms.
- It's a good product. I can do all security investigations within one single point.
- A very rich product with many useful cases and apps added.
There is a full integration between QRadar and Resilient. This two-way integration helps investigators to enhance and use the strongest version of QRadar, more so than the use of Xforce and other threat sources to investigate and get the IOC feeds. There are many applications to use and integrations with many threat sources. To put it simply, I like to use QRadar!
I've had many issues with QRadar, and the support would hear and respond to my question all the time (more so than in the case of IBM Resilient support). They were very quick to respond, were helpful, and provided remote access.
Do you think IBM QRadar delivers good value for the price?
Are you happy with IBM QRadar's feature set?
Did IBM QRadar live up to sales and marketing promises?
I wasn't involved with the selection/purchase process
Did implementation of IBM QRadar go as expected?
Would you buy IBM QRadar again?
Some use cases for QRadar include:
- Detect advanced attacks with upgraded functionality systems when activating systems and auditing advanced logs on owers server to detect hidden infections.
- Detecting and monitoring the behavior of Active directory users to know the possibility of malicious infection.
- Analysing third-party applications, and writing parsers quickly.
- Investigate threats and write new rules for detecting new and correlated unknown attacks.