IBM Security QRadar SIEM v7.4.3 (BYOL)
IBM Security | IBM Security QRadar SIEM v7.4.3 (BYOL)Linux/Unix, Red Hat Enterprise Linux RHEL-7.7 - 64-bit Amazon Machine Image (AMI)
Reviews from AWS Marketplace
0 AWS reviews
-
5 star0
-
4 star0
-
3 star0
-
2 star0
-
1 star0
External reviews
External reviews are not included in the AWS star rating for the product.
QRadar's Strengths: Impact of Intuitive Interface and Easy Integration
What do you like best about the product?
One of Qradar's strenghts is certainly the intuitive user interface, which can help less experienced users move more easily within SIEM pages. One other good thing is the scalability and easy integration with most of the products on the market, which is critical for correlating events from different log source types.
What do you dislike about the product?
The main problem encountered in 5 years of product is the the technical support received from IBM in case of major problems. Working in cyber security, I believe that response times are a fundamental point, in a world where even a few minutes can make the difference
What problems is the product solving and how is that benefiting you?
Working in a Cyber Security Operating Center with IBM QRadar Siem i can monitoring a lot of different types of host oncustomer's infrastrcuture.
- Leave a Comment |
- Mark review as helpful
QRadar- an ideal SIEM solution
What do you like best about the product?
The features like advanced threat detection, user friendly UI, scalability, AI powered automation etc. are good offerings from QRadar. And I like these features.
What do you dislike about the product?
I found some difficulties in the initial setup , customization limitation, delayed response time when load is high. If the organization size is small, then cost to acquire QRadar license can be high which makes it inaccesible.
What problems is the product solving and how is that benefiting you?
IBM Security QRadar SIEM is solving log management, risk management, incident response, threat detection etc. And prevention is better than cure. It is good to remain alerted before threat agent could do any harm.
IBM Qradar review
What do you like best about the product?
It helps into deep packet inspection to identify threat as well correlate the data for analysis and threat hunting.
What do you dislike about the product?
Cannot handle large data sets requires and ELK for data injections, memory intensive which increases the chances of instability, the latest version doesn't have a gpt kind of functions which helps adminstrator run simple query to get output as not every one can learn the query language
What problems is the product solving and how is that benefiting you?
Qradar help provide a good siem function which strengthen our society team in deep packet analysis to identify threats and help mitigate via incident response.
Intuitive after prolonged use
What do you like best about the product?
It has several options and the API ends up being very interesting to use for those who understand the subject.
It ends up being easy to implement using the documentation presented.
It ends up being easy to implement using the documentation presented.
What do you dislike about the product?
Several tabs are opened when viewing an event, something that was supposed to be simple ends up getting in the way.
What problems is the product solving and how is that benefiting you?
Making the environment we use safe
Siem since the implementation and exploitation of the application
What do you like best about the product?
easy deployment and integration with your collectors
What do you dislike about the product?
When integrating equipment that is not natively registered, parcing is cumbersome.
What problems is the product solving and how is that benefiting you?
Critical equipment alerts and active monitoring, benefiting possible attacks or vulnerabilities to the monitored systems
Qradar - A Complete SIEM Platform
What do you like best about the product?
Qradar is easy to handle tool. Qradar provides a good log or flow search experience. It is easy to handle the offenses as correlation works great and we are able to see any previous offense from the same attacker.
What do you dislike about the product?
There is only one thing which I dislike about Qradar is its dashboard experience. Qradar has very old fashioned dashboard. They added pulse for better dashboards but they discontinued it.
What problems is the product solving and how is that benefiting you?
Qradar is a complete SIEM tool platform which provides great correlation of the events so that we can get concrete offenses rather than false positives. Multiple search filters allow us to get data more accurately and precisely. Using its UEBA we can generate offenses related to user or behaviour anomalies.
Best SIEM tool I've worked with for complex environments
What do you like best about the product?
- AQL language have the same syntax as SQL, making it easy and fast to create fine grained searches;
- AQL also makes it easy to create Dashboards, really helpful to our clients;
- Rule creation is easy enough to understand and implement;
- Integration with IBM X-Force is fundamental to our operation;
- New UI's visual builder makes it super easy to search for events and flows;
- Easy to setup multiple domains for everyday use in multiple environments;
- IBM's employees provide great support;
- AQL also makes it easy to create Dashboards, really helpful to our clients;
- Rule creation is easy enough to understand and implement;
- Integration with IBM X-Force is fundamental to our operation;
- New UI's visual builder makes it super easy to search for events and flows;
- Easy to setup multiple domains for everyday use in multiple environments;
- IBM's employees provide great support;
What do you dislike about the product?
- New UI (QRadar UI (v2.32.0)) have less features than the old one, we can't search for offenses as easily: we can't search for offenses that started in an specific date, only predefined timeranges (hour, 12h, 7d, 30d etc);
- Pulse only allows to edit a dashboard if you're the one who created it. All admins should be allowed to edit them;
- We can't create notes on an offense from the new UI, notes are really helpful;
- Report building is terrible, clumsy and slow, and not a lot of customization;
- Pulse only allows to edit a dashboard if you're the one who created it. All admins should be allowed to edit them;
- We can't create notes on an offense from the new UI, notes are really helpful;
- Report building is terrible, clumsy and slow, and not a lot of customization;
What problems is the product solving and how is that benefiting you?
QRadar was our SIEM choice for it's leading position in the industry, it's easy to setup new Log Sources and it's documentation is a great resourse, although sometimes difficult to find (like API and AQL docs). We're using it to sell our SOC as a Service solution and all clients are satisfied with the tool.
Qradar Working experience in corporate
What do you like best about the product?
Dashbord and Layout for understanding for anynon tech user.
What do you dislike about the product?
No same time when the networking traffic is incress that time This tools is not working proparly.
What problems is the product solving and how is that benefiting you?
When we identifying our cloud networking and security that time qradar is helping to in our organization for incressing our detection.
A must have SIEM tool - IBM Qradar
What do you like best about the product?
Qradar acts as a one stop solution to manage, correlate and investigate all the network, application events. The product makes it easy to remediate threats while maintaining the bottom line. IBM Qradar offers a vast insights of all the activities happening across our network. The tool also enables to identify the abnormalities in the user behaviour analytics. The eas of implementation and integration with other platforms is a feather in one's cap for Qradar.
What do you dislike about the product?
As a ardent customer of IBM Qradar for past five years, there is nothing to dislike about the product.
What problems is the product solving and how is that benefiting you?
The tool enables our organization to be more efficent in identifiying the abnormalities and act upon it before hand. IBM Qradar SIEM acts as a one place stop solution for our Security Operations team for everything right from monitoring to acting upon the offense.
perfect harmony
What do you like best about the product?
simple and professional.
its range is wide enough for all teams.
its range is wide enough for all teams.
What do you dislike about the product?
almost perfect,
there is no problem.wincollect operation is sometimes a problem
there is no problem.wincollect operation is sometimes a problem
What problems is the product solving and how is that benefiting you?
logs on servers and active network devices,
accurate events with advanced integrations.
accurate events with advanced integrations.
showing 1 - 10