Reviews from AWS Marketplace
0 AWS reviews
-
5 star0
-
4 star0
-
3 star0
-
2 star0
-
1 star0
External reviews
External reviews are not included in the AWS star rating for the product.
Good correlation
What do you like best about the product?
Good correlation and easy to use. Lot of OOTB rules with use cases.
What do you dislike about the product?
Web user interface usability could be better.
What problems is the product solving and how is that benefiting you?
very good as siem.
- Leave a Comment |
- Mark review as helpful
Excellent and Powerful SOAR Platform
What do you like best about the product?
IBM Security Resilient is a very powerful platform because of the openness of Python and architecture of the product. Resilient makes it easy to develop custom integrations, on top of the 150+ they already have pre-built. The Community is helpful and growing each day. It's easy to get support for the product from the official IBM Support portal as well. Resilient is very configurable and can be used to do about anything in the SOAR realm. Great product overall, and I continue to see it getting better and being built up.
What do you dislike about the product?
Integrations are a bit lackluster in some cases, and often require tailoring to suite needs better.
Resilient is powerful, but this means that it requires time be dedicated to building it out, it's not a quick and easy job necessarily due to its current architecture.
Resilient is powerful, but this means that it requires time be dedicated to building it out, it's not a quick and easy job necessarily due to its current architecture.
What problems is the product solving and how is that benefiting you?
Major FTE productivity gains were realized with Resilient, saving analysts 20-30 minutes per hour of doing tedious or manual work.
Resilient also organizes incident response and makes it easier to report information to leadership.
Resilient also organizes incident response and makes it easier to report information to leadership.
Recommendations to others considering the product:
Great platform. I definitely recommend IBM Resilient, and especially if you have time and some Python programming resources to put into the product (hire an intern!).
The best SIEM Available
What do you like best about the product?
Great tuning capability, intelligence service allows to automatically generate offenses and the capability of adapting to any kind of infrastructure.
What do you dislike about the product?
Visually is not the best, the web browser offers an intuitive GUI but some functions are not presented really well.
What problems is the product solving and how is that benefiting you?
Monitoring customers infrastructure from deployment to full installation, giving also SOC service.
Resilient experience feedback
What do you like best about the product?
Process Oriented ! Product allow to build and use dynamic workflow with very useful. Resilient is very powerful from the user interface to the integration of functions in a BMMN like view. Products integrate a privacy module (have to pay) wich is very helpful too for internationals company and for the DPO.
What do you dislike about the product?
From the action / circuits part (function implementations) you have to download what you need and implement it on your own, you don't to select it directly from the product. Maybe some improvement to do on reporting scheduling.
What problems is the product solving and how is that benefiting you?
Very usefull for incident response, and most of all, to get orchestration and fast answer for the analyst with SI integrations. In the point of Management (dashboard/report) and for the analyst, user. For DevSecOps the API is well documented.
Good security system
What do you like best about the product?
The security system we just started to use. it helps identify and prioritize many threats. menu seems a bit complicated, but you can filter by yourself. All available in offenses
What do you dislike about the product?
everything looks nice now. We did not encounter any problems.
What problems is the product solving and how is that benefiting you?
To be aware of the advanced threats such as security of all devices in our corporate network, opening user account other than information outside of working hours, long-term usage of VPN.
Excellent tool for SIEM Technology
What do you like best about the product?
The ability to write complex rules with lot of ease. It helps correlate lot of log sources and can help write/define better rules which can help address complex rules. The features to add multiple apps from various vendors to better represent the dashboards and various lookup integrations. Incident Management and Automation for the script triggers and having them integrated with tools like IBM Resilient which helps managing the incident response process.
What do you dislike about the product?
There is nothing much to dislike in the system, however the Dashboard options and representation can be better. Pulse has some compensation however, we need to share those JSON files and all which is complex and not user friendly again.
Also the support for OT environment related log sources can be looked into as well. However, the dashboards and reports are the main concern points which we have seen with multiple customers.
Also multiple threat intel features can be recommended just like the IBM Resilient free threat intelligence options, instead of just keeping the TAXI/STIX feeds available, it would be great if you can recommend the customer on what and how to use them based on the open feeds that are actively available in opem.
Also the support for OT environment related log sources can be looked into as well. However, the dashboards and reports are the main concern points which we have seen with multiple customers.
Also multiple threat intel features can be recommended just like the IBM Resilient free threat intelligence options, instead of just keeping the TAXI/STIX feeds available, it would be great if you can recommend the customer on what and how to use them based on the open feeds that are actively available in opem.
What problems is the product solving and how is that benefiting you?
Complex rule monitoring. Multiple Correlation rules. Automatic Trigger of Incident Response tickets. Better visibility to the network and event logs.
QRadar helping university IT department with the many threats that are bombarding it
What do you like best about the product?
I like QRadar's intuitiveness and ease of use. As a member of the IT department I use QRadar daily to look for anomalies and troubleshoot issues. QRadar helps all our staff from the systems and network teams to the security analysts.
What do you dislike about the product?
There are some search features that are disappointing. If I put a filter on a search, but make a mistake with it, I have to delete the filter and then add the proper one instead of just editing the one I made the mistake in.
What problems is the product solving and how is that benefiting you?
We have it daily for troubleshooting network issues. Looking for troublesome users, bots, malicious actors and much more. As a University we have to look at threats coming from the outside world, as well as troublesome students trying things out due to curiosity or unfortunately the occasional one who is being malicious.
Recommendations to others considering the product:
Don't expect it to be the tool that will save your day by just turning it on. It takes time to tune the product. It is a little bit of rinse and repeat. You tune QRadar and let it sit for a bit and then you find some offenses that aren't really offenses and you tune some more. Overall QRadar is exactly what you put into it. If you spend the time investigating issues and tuning rules you will get a clean set of offenses for you to investigate.
the most competent SIEM
What do you like best about the product?
all in one, integrations, scalability.
It is the most competent product on the market with many thing out of the box and easy to build own integrations
It is the most competent product on the market with many thing out of the box and easy to build own integrations
What do you dislike about the product?
pricing, the pricing by EPS and Flows can be very very expensive, its hard for a small company to invest in this product
What problems is the product solving and how is that benefiting you?
Normalizing by many different products
Most comprehensive and security focused SIEM
What do you like best about the product?
Most broad variety of features. Every feature is done with security monitoring focus.
What do you dislike about the product?
Some features could be more configurable.
What problems is the product solving and how is that benefiting you?
Improved SOC operations.
Pros and cons of Qradar
What do you like best about the product?
It has huge potential due to the way the underlying mechanism or engine has been conceived.
What do you dislike about the product?
Lack of control over QID and event categorisation. There is no way to safely delete some bloated inbuilt content
What problems is the product solving and how is that benefiting you?
Monitoring of client infrastructures. One of the greatest benefit is the highly customisable aspect of Qradar.
Recommendations to others considering the product:
Check your building blocks and system settings!
showing 381 - 390