Item: IBM Security QRadar SIEM
Rating: 8
Author: Marco Mondelli

Use Cases and Deployment Scope

Use cases monitored 24x7 from SOC Team about traffic and user abnormal behaviour, EDR monitor and Cloud.

Pros and Cons

Dashboard
Log source integration portfolios support
Application
Extension on the Marketplace IBM
Query
Pre-made Use Case
INterconnection beetween application and log sources

Query Speed UP
Intuitive correlation
Report improvement

Return on Investment

We are currently implemented Qradar in various enterprise company.
Quality alert if finely tuned for a 24x7 SOC
Still lack on hardware cost

RHEL Enterprise gives you the ability to move very quickly on the backend side, if you are an expert Linux user you will find the open source architecture very intuitive and usefull for issue fixing and so on.

Support Rating

Very good support, both from the Ireland expert guys and the teams from all around the world.

Alternatives Considered

Splunk Enterprise, Microsoft Sentinel and ArcSight Logger

It's in the middle of this chart, Splunk from my point of view it's still the best SIEM actually and Sentinel it's very easy to use.

Key Insights

Do you think IBM Security QRadar SIEM delivers good value for the price?

Yes

Are you happy with IBM Security QRadar SIEM's feature set?

Yes

Did IBM Security QRadar SIEM live up to sales and marketing promises?

I wasn't involved with the selection/purchase process

Did implementation of IBM Security QRadar SIEM go as expected?

Yes

Would you buy IBM Security QRadar SIEM again?

Yes

Other Software Used

Splunk Enterprise, Palo Alto Networks Cortex XSOAR, CrowdStrike Falcon, Palo Alto Panorama

Likelihood to Recommend

A very good SIEM, needs to be undestood very well before to use it with it's full power.

QRadar review

Software Version

Modules Used

Overall Satisfaction with IBM Security QRadar SIEM