IBM Security QRadar SIEM Review
September 11, 2024

IBM Security QRadar SIEM Review

Anonymous | TrustRadius Reviewer
Score 5 out of 10
Vetted Review
Verified User

Software Version

QRadar Advisor with Watson (legacy branding)

Overall Satisfaction with IBM Security QRadar SIEM

We use IBM Security QRadar SIEM as a SIEM in a few of our internal customer environments. This helps us provide security monitoring to those environments once we onboard the relevant logs. In each environment we onboard 20+ different hosts and log types and write detections for threat cases that we've identified.

Pros

  • Easy to onboard generic sources
  • Easy to normalize generic sources
  • Easy to write basic detections
  • Maintenance and updates are user friendly

Cons

  • The UI is not pleasant to look at and can be a pain to navigate
  • It's hard to write DSM's for custom log sources
  • Complicated detections (RBA alerting and chaining detections together)
  • Money saved compared to other SIEMs
  • Reduced manual work on onboarding generic log sources
  • Easy integration with other tools
IBM Security QRadar SIEM integrates out of the box with every large scale, well known vendor tool that I've run into. This make it easy to ingest new log sources and normalize them automatically, but it can be harder to write the DSM yourself if it's a custom source or from an obscure vendor.
We have often received quick response from support and an opportunity to give suggestions for future releases, but to my knowledge most of our suggestions haven't been incorporated and some of our support requests related to RBA problems tend to go on for a long time without being resolved effectively.
I would always recommend Splunk over IBM Security QRadar SIEM unless you're trying to save money or only onboarding and normalizing well known data sources. IBM Security QRadar SIEM doesn't seem to handle RBA and complicated, chaining correlation rules very effectively and if I had to write a custom add-on for custom data, I found it easier to do so in Splunk.

Do you think IBM Security QRadar SIEM delivers good value for the price?

Yes

Are you happy with IBM Security QRadar SIEM's feature set?

No

Did IBM Security QRadar SIEM live up to sales and marketing promises?

No

Did implementation of IBM Security QRadar SIEM go as expected?

Yes

Would you buy IBM Security QRadar SIEM again?

No

Splunk Enterprise Security (ES), ExtraHop Reveal(x)
I would only recommend IBM Security QRadar SIEM in a few situations. For one, it's very easy to setup and use if all your log sources are generic from known vendors. It's also significantly cheaper than Splunk, which is nice if you're trying to save money or be more efficient. I would not recommend IBM Security QRadar SIEM for environments with a lot of custom logs and complicated detection requirements.

IBM Security QRadar SIEM Feature Ratings

Security Information and Event Management (SIEM)
6.7
Correlation
6
Integration with Identity and Access Management Tools
10
Custom dashboards and workspaces
6
Behavioral analytics and baselining
6
Rules-based and algorithmic detection thresholds
6
Reporting and compliance management
6

Comments

More Reviews of IBM Security QRadar SIEM

  1. Home
  2. Security Information and Event Management (SIEM) Software
  3. IBM Security QRadar SIEM Reviews
  4. User Review of IBM Security QRadar SIEM