QRadar SOAR - good as IMS terrible as SOAR.
January 05, 2024
QRadar SOAR - good as IMS terrible as SOAR.
Score 4 out of 10
Vetted Review
Verified User
Overall Satisfaction with IBM Security QRadar SOAR
QRadar SOAR is mainly used for incident response and rapid threat detection. When an alert is triggered by any of our security systems, the data is integrated and aggregated and then sent to Qradar SOAR. It then initiates predefined actions, such as notifying our security team of the threat. Unfortunately, the automation mechanisms lack maturity and are not stable. Therefore, the solution is only suitable for collaboration and security event management.
- Manual Incident Management.
- Security mechanisms are at a high level.
- Interface clarity.
- You still have to generate reports manually. Reports are very limited and practically not useful.
- The solution should not be SOAR class. Automations usually don't work. It's apparent that it's not designed for that.
- Lack of flexibility.
- Practically no support. The reported integration problems have not been resolved.
- Like any IMS, it accelerates the handling of security events.
- It is friendly to the new user. It speeds up the implementation of the platform.
- The core component (Resilient) is easy to maintain and configure. Apphost, which is the add-on responsible for integration, in my opinion is not stable and is a nightmare for any administrator.
Do you think IBM Security QRadar SOAR delivers good value for the price?
Yes
Are you happy with IBM Security QRadar SOAR's feature set?
Yes
Did IBM Security QRadar SOAR live up to sales and marketing promises?
No
Did implementation of IBM Security QRadar SOAR go as expected?
No
Would you buy IBM Security QRadar SOAR again?
No