Efficient in SOC
May 11, 2021
Efficient in SOC
Score 9 out of 10
Vetted Review
Verified User
Overall Satisfaction with IBM QRadar
IBM QRadar is mainly used for security and network monitoring in our organization. IBM QRadar is mainly used by the SOC. It has multiple dashboards available which make day-to-day security monitoring easy and efficient. It also makes the process of investigation and data gathering fast, easy and reliable.
Pros
- QRadar is best used in large networks - one of the best features is you're able to do a query for a particular subnet range.
- AQL - advanced search queries are easy to understand. This allows you to perform specific searches that really speeds up the investigation process.
- Graphical representation of the volume of events [at] a specific time in relation to an offense/alarm
Cons
- I think it would be better in the offense tab to have a right-click filter for the offense description. It's kind of time-consuming to edit the searches as it opens to another page.
- Highly efficient in SOC
- Capable of Network monitoring and providing logs up to 90 days.
I previously used AlienVault OSSIM in my former job and I can really tell that QRadar is a much more powerful SIEM as compared to AlienVault OSSIM. In QRadar, you can perform advanced queries that make use of AQL. This makes my investigation a lot easier. One of the things I truly adore in QRadar is that you can perform queries to see all the events for an offense or multiple offenses. You can also see which of the events were seen on an offense in the Log activity view. I think the only thing I liked in AlienVault is their UI, QRadar may need to up its game on that but overall a really great SIEM solution.
Do you think IBM Security QRadar SIEM delivers good value for the price?
Not sure
Are you happy with IBM Security QRadar SIEM's feature set?
Yes
Did IBM Security QRadar SIEM live up to sales and marketing promises?
I wasn't involved with the selection/purchase process
Did implementation of IBM Security QRadar SIEM go as expected?
I wasn't involved with the implementation phase
Would you buy IBM Security QRadar SIEM again?
Yes
Comments
Please log in to join the conversation