Must have SIEM for SOC
July 01, 2021

Must have SIEM for SOC

Anonymous | TrustRadius Reviewer
Score 9 out of 10
Vetted Review
Verified User

Overall Satisfaction with IBM QRadar

It helps me eliminate and reduce manual workload for my team by detecting threats and prioritizing them for further investigation.Integration with quite a lot of other tools, software, and portals. Integration with Xforce Threat Intelligence as well we can integrate plugins from App Exchange platform too.
A Complete tool that includes the Zero Trust cybersecurity model, in addition to being incorporated with many products on the market as well as its easy handling and the components that can be incorporated. This tool has a high level of analysis of the offenses with the use of X-Force and Watson, also the generation of the graphical relationships of these offenses are very structured and allow a greater vision of each event.
  • includes the Zero Trust cybersecurity model
  • high level of analysis of the offenses with the use of X-Force and Watson
  • eliminate and reduce manual workload for my team
  • QRadar SIEM facing issue while integrating third party threat tool
  • Device automatically un synced from Qradar server, even there is no network issue
  • Lack of dashboard functionality unlike Kibana

Do you think IBM Security QRadar SIEM delivers good value for the price?

Yes

Are you happy with IBM Security QRadar SIEM's feature set?

Yes

Did IBM Security QRadar SIEM live up to sales and marketing promises?

Yes

Did implementation of IBM Security QRadar SIEM go as expected?

Yes

Would you buy IBM Security QRadar SIEM again?

Yes

The most powerful tab of Qradar is to make custom rules where you can configure alerts for SOC analyst to identify threats or any policy violations within your environment. But It's logs parsing engine must be some maturity to parse raw events received from different log sources. Most of the time you need to manually write regex to extract the desired data.


IBM Security QRadar SIEM Feature Ratings

Centralized event and log data collection
9
Correlation
9
Event and log normalization/management
9
Deployment flexibility
9
Integration with Identity and Access Management Tools
8
Custom dashboards and workspaces
8
Host and network-based intrusion detection
9
Log retention
9
Data integration/API management
9
Behavioral analytics and baselining
9
Rules-based and algorithmic detection thresholds
9
Response orchestration and automation
9
Reporting and compliance management
9
Incident indexing/searching
9