IBM Security QRadar SIEM Review
September 11, 2024
IBM Security QRadar SIEM Review

Score 5 out of 10
Vetted Review
Verified User
Software Version
QRadar Advisor with Watson (legacy branding)
Overall Satisfaction with IBM Security QRadar SIEM
We use IBM Security QRadar SIEM as a SIEM in a few of our internal customer environments. This helps us provide security monitoring to those environments once we onboard the relevant logs. In each environment we onboard 20+ different hosts and log types and write detections for threat cases that we've identified.
Pros
- Easy to onboard generic sources
- Easy to normalize generic sources
- Easy to write basic detections
- Maintenance and updates are user friendly
Cons
- The UI is not pleasant to look at and can be a pain to navigate
- It's hard to write DSM's for custom log sources
- Complicated detections (RBA alerting and chaining detections together)
- Money saved compared to other SIEMs
- Reduced manual work on onboarding generic log sources
- Easy integration with other tools
- Splunk Enterprise Security (ES) and Splunk Enterprise
I would always recommend Splunk over IBM Security QRadar SIEM unless you're trying to save money or only onboarding and normalizing well known data sources. IBM Security QRadar SIEM doesn't seem to handle RBA and complicated, chaining correlation rules very effectively and if I had to write a custom add-on for custom data, I found it easier to do so in Splunk.
Do you think IBM Security QRadar SIEM delivers good value for the price?
Yes
Are you happy with IBM Security QRadar SIEM's feature set?
No
Did IBM Security QRadar SIEM live up to sales and marketing promises?
No
Did implementation of IBM Security QRadar SIEM go as expected?
Yes
Would you buy IBM Security QRadar SIEM again?
No


Comments
Please log in to join the conversation