1. Home
  2. Security Information and Event Management (SIEM) Software
  3. IBM Security QRadar SIEM Reviews
  4. User Review of IBM Security QRadar SIEM
Good Correlation Rule Capabilities with Legacy Dashboard.
July 18, 2023

Good Correlation Rule Capabilities with Legacy Dashboard.

Anonymous | TrustRadius Reviewer
Score 8 out of 10
Vetted Review
Verified User

Software Version

Other

Modules Used

  • SIEM

Overall Satisfaction with IBM Security QRadar SIEM

Qradar is a leader SIEM solution and we are consulting companies for installation, technical issues, correlation rules etc. Most of the problem is about the legacy dashboard. Many companies want to see like splunk view and usage but less than Qradar price. Qradar is trying to improve this side like Users, log source management tabs but it is relatively slow. However, the solution mostly stable for working. Another issue is related to upgrades. When we uppgrade the solution, many issues are solved but many problems are coming together. Sometimes, finding the suitable version can be hard. Another issue, IBM support. It is better than many other products' support but it is not enough. Escalation period is relatively long and they can reject your escalation request. Finally, when you find some notification or error logg about an issue. However there is no solution for these issues in troubleshooting guide.
  • Mostly stable.
  • Strong Threat Intelligence.
  • Correlation Rules.
  • Log collection and auto-parser.
  • Support
  • Documentation
  • The custom rule engine is successful.
  • Rule creation is very easy with predefined sentences.
  • Ease of use.
Actually, it can be successfully integrated with 3rd party solutions like virus total or SocRadar, but it is a bit hard to understand for API integration even if it has an API Guide.
Support is not bad. However some situations make me a bit nervous. I take screenshots, collect logs and notifications and upload them to the case. The analyst wants them again without any suggestion or question. I add possible solution but it wrote in the guide make it with support however they don't return me and I apply this solution and return to the case I made and solved. They say "ok good I am closing the case then". Another case I cannot reached to the assigned analyst due to power outage. That is so unprofessional. Despite all this, many cases are solved in an acceptable time period and these are exceptions.
Correlation rule capabilities are very good. Maybe that is not best but its ROI is best. In addition, it is IBM and in my region, Qradar is one of the best SIEM solutions with good quality local and global support.

Do you think IBM Security QRadar SIEM delivers good value for the price?

Yes

Are you happy with IBM Security QRadar SIEM's feature set?

Yes

Did IBM Security QRadar SIEM live up to sales and marketing promises?

I wasn't involved with the selection/purchase process

Did implementation of IBM Security QRadar SIEM go as expected?

Yes

Would you buy IBM Security QRadar SIEM again?

Yes

I added some logs and screenshots to support portal but the analyst wants the same things again without any questions or suggestions. Also, log parser can be time consuming. As some of the other SIEM solutions, Qradar need to be improve itself. Offenses page is very legacy and case process can be visualized. Annotation part must be grafically for better understanding.

IBM Security QRadar SIEM Feature Ratings

Security Information and Event Management (SIEM)
8.0
Correlation
9
Integration with Identity and Access Management Tools
8
Custom dashboards and workspaces
6
Behavioral analytics and baselining
8
Rules-based and algorithmic detection thresholds
9
Reporting and compliance management
8

Using IBM Security QRadar SIEM

20 - They are consultants and SOC Analysts.
8 - We are consulting company, and we are a partner of IBM. So, we have Qradar consultants.
  • We can install and make Qradar ready in one day.
  • Support capabilities are very high but a bit slow.
  • The dashboard is legacy, but Qradar works well.
  • Local partnership is better than other SIEM solutions, so it is more preferred.
  • ROI is very high.
  • IBM is hard to work with.
  • Dashboard renovation.
  • Automatic parser mechanism must be improved like elastic/Wazuh/Splunk...
  • Offense workflow must be more readable.

Evaluating IBM Security QRadar SIEM and Competitors

  • Scalability
  • Integration with Other Systems
  • Ease of Use
We know the product, and this is the solution that best meets our expectations. Maybe we can add a new solution for SMEs because of price.