IBM Security QRadar SIEM v7.4.3 (BYOL)
IBM Security | IBM Security QRadar SIEM v7.4.3 (BYOL)Linux/Unix, Red Hat Enterprise Linux RHEL-7.7 - 64-bit Amazon Machine Image (AMI)
Reviews from AWS Marketplace
0 AWS reviews
-
5 star0
-
4 star0
-
3 star0
-
2 star0
-
1 star0
External reviews
External reviews are not included in the AWS star rating for the product.
Security Analyst & Admin
What do you like best about the product?
Qradar is user-friendly and easy to use.
What do you dislike about the product?
Log retention period.
Restoration
Down-time activity
Version upgradation
Restoration
Down-time activity
Version upgradation
What problems is the product solving and how is that benefiting you?
All functionality is easy to find.
Faster than other SIEM tool
Multi-Language
Threat intelligence website Plugins are available.
Dig-down of any data is easy (IP, Hostname, UserID)
New Watchlist, rule creation, Health checkups and data extraction are so smooth and easy.
Nontechnical candidates can learn quickly.
Faster than other SIEM tool
Multi-Language
Threat intelligence website Plugins are available.
Dig-down of any data is easy (IP, Hostname, UserID)
New Watchlist, rule creation, Health checkups and data extraction are so smooth and easy.
Nontechnical candidates can learn quickly.
Recommendations to others considering the product:
Learn log analysis and admin tasks. It will be fun while use Qradar
- Leave a Comment |
- Mark review as helpful
Loved the tool.
What do you like best about the product?
Very helpful for dfir.Really helped in going in depth for analyzing the digital forensics part.
What do you dislike about the product?
Nothing as of now. Currently practicing it.
What problems is the product solving and how is that benefiting you?
Everything is benefitiing me.
SIEM
What do you like best about the product?
SIEM product is the best and i am using it
What do you dislike about the product?
dsm feauteru needs to be a bit tricky can be omproved
What problems is the product solving and how is that benefiting you?
secuirty events and coorelation engine
A decent SIEM solution
What do you like best about the product?
*we use around 1500 EPS*
The SIEM offers an impressive parse logging ability.
The SIEM offers an impressive parse logging ability.
What do you dislike about the product?
In general I think that the integrations offered by QRadar are not being kept up to date (Sometimes some integrations that I think are pretty standard just don't exist).
In addition i think that the system itself demands tons of resources and can be quite expensive in terms of infratstructure
In addition i think that the system itself demands tons of resources and can be quite expensive in terms of infratstructure
What problems is the product solving and how is that benefiting you?
it helps us monitor applications and evnironments that do not have out-of-the-box alerts such as CSP's, server logging (syslog level).
QRadar
What do you like best about the product?
Single window into your network and risks of the assets.
What do you dislike about the product?
Legacy Ticketing system..but older one..
What problems is the product solving and how is that benefiting you?
Granular log and root cause analysis
Excellent
What do you like best about the product?
I love the integrations of log sources easy parsers
What do you dislike about the product?
Unncessary plugins and bundles. Also work on robustness on long queries
What problems is the product solving and how is that benefiting you?
its basically giving us insights of intrusions catering mostly and very important insider threat i.e. TOP RISK
Recommendations to others considering the product:
My Advice is to must do POC IBM Qradar while evaluating different SIEM solutions
It is good experience working with IBM QRadar for the last 4 years
What do you like best about the product?
choice of log collection from different protocols and narrow down the searches adding field like domain, log source type .
I like to work more on Redhat Linux.
I like to work more on Redhat Linux.
What do you dislike about the product?
Sometimes delay in response from support when having issue with product.
Also no detailed note on the case how the issue got resolved.
Also no detailed note on the case how the issue got resolved.
What problems is the product solving and how is that benefiting you?
Data can be corelate with different data, can be parsed some custom fields of our own.
Also creating custom DSM when it is not supported.
Also creating custom DSM when it is not supported.
IBM QRadar : The SIEM Solution
What do you like best about the product?
There are many log ingestion built-in connectors, This makes our task easier for ingestion of logs.
What do you dislike about the product?
The QRadar User Interface looks very complex and need a lot of time to understand where some features are present.
What problems is the product solving and how is that benefiting you?
We use QRadar to ingest logs from various sources and based on rules offense gets triggered and passe into our SOAR platform where our SOC team resides.
Protect your networks with this intelligent platform - IBM Security Radar
What do you like best about the product?
Real-time monitoring: This tool provides you with the capability to scan your network in real-time. Incidents can be identified and captured based on live network traffic and by using IBM's intelligence service which is backing this tool, it sends out notifications which can help prevent malicious activities, before they even happen.
Simple Implementation: The deployment of this platform in your company's environment is very easy and on top of that it has a Cloud-based offering as well, which can easily be integrated with your company's network services and you need not worry about the platforms updates and maintenance activities as well.
Logs retention capacity: is huge. Years of logs can easily be stored within the tool for compliance purposes.
Simple Implementation: The deployment of this platform in your company's environment is very easy and on top of that it has a Cloud-based offering as well, which can easily be integrated with your company's network services and you need not worry about the platforms updates and maintenance activities as well.
Logs retention capacity: is huge. Years of logs can easily be stored within the tool for compliance purposes.
What do you dislike about the product?
The initial collection so logs can be slow with older versions of operating systems. This can be fixed by using better algorithms under the hood. For example: If integration happens with Windows XP or equivalent, the logs will be pulled in a lot longer time as compared to the latest versions of Windows.
What problems is the product solving and how is that benefiting you?
This tool is being used as a network security perimeter within our organisation. All the network traffic, to and fro from companies' assets is being monitored by dedicated teams via this tool.
Siem Qradar and I have ever best experience with with Qradar as compared to other SIEM.
What do you like best about the product?
Ioc based hunting and fetching massive accurate logs form various devices. User interface was simple and easy to understand for new comers. Reporting made more easy from Qradr.
What do you dislike about the product?
As per current era IBM should have to update its products because from starting onwards they have not highlighted any new functionality. Some forensics features they have removed.
What problems is the product solving and how is that benefiting you?
Working on Alerts which triggers on daily basis. Maintain all log sources data on priority. Easy to create daily, monthly dashboard from Qradr. Reduces some level of time to do IOC based hunting.
Recommendations to others considering the product:
Strong
showing 101 - 110