IBM Security QRadar SIEM v7.4.3 (BYOL)
IBM Security | IBM Security QRadar SIEM v7.4.3 (BYOL)Linux/Unix, Red Hat Enterprise Linux RHEL-7.7 - 64-bit Amazon Machine Image (AMI)
Reviews from AWS Marketplace
0 AWS reviews
-
5 star0
-
4 star0
-
3 star0
-
2 star0
-
1 star0
External reviews
External reviews are not included in the AWS star rating for the product.
Logs at one place
What do you like best about the product?
Tagging of log is the best thing which I feel in this app.
What do you dislike about the product?
When huge bunch of logs streaming. It becomes little slow.
What problems is the product solving and how is that benefiting you?
Log forensic
- Leave a Comment |
- Mark review as helpful
Great tool for an enterprise network.
What do you like best about the product?
It can hold and parse a large amount of data and it very quick.
What do you dislike about the product?
Sometimes parsing data is little low, so may be they have to improve on that.
What problems is the product solving and how is that benefiting you?
Well I do troubleshoot on daily basis with the issues we have. Its basically hard to explain as its scenario based.
Recommendations to others considering the product:
Nothing as such
IBM QRadar SIEM Solution Review
What do you like best about the product?
IBM Security QRadar is an excellent solution that provides wonderful centralized monitoring. It is very scaleable, having rich functionality, and very easy to integrate with other products required in running a Next-Generation Security Operations Center during rapidly emerging cyberspace.
It is a very valuable product for us and helps us in creating custom and dynamic use cases, conducting security incidents investigations, performs digital forensics especially network forensics, fulfilling internal and external audit requirements, carrying out many security and risk assessment exercises.
The best we like about is its integrations with out of the box many products and its support in doing custom applications.
As far as its co-relation engine is concerned its best of all SIEM solutions that I have seen in the market and there is no match of it.
It is a very valuable product for us and helps us in creating custom and dynamic use cases, conducting security incidents investigations, performs digital forensics especially network forensics, fulfilling internal and external audit requirements, carrying out many security and risk assessment exercises.
The best we like about is its integrations with out of the box many products and its support in doing custom applications.
As far as its co-relation engine is concerned its best of all SIEM solutions that I have seen in the market and there is no match of it.
What do you dislike about the product?
User Interface is once of the essential component when it comes to any SIEM solution. The user interface needs some improvements for enhancing user exeperience. May be HTML5 based some additions will bring some good value addition.
Secondly, the reporting component becomes a bit confusing some times, and its also not easy to do so it definitely needs some improvements in the future.
Secondly, the reporting component becomes a bit confusing some times, and its also not easy to do so it definitely needs some improvements in the future.
What problems is the product solving and how is that benefiting you?
IBM Security is very valuable for us and its benefits include the following:
1. Centralized Monitoring and Security Operations
2. Custom Use Cases
3. Threat Hunting
4. User Profiling
5. Incident Analysis
6. Forensic Investigations
7. Audit Requirements
8. Data Retention
9. Risk Assessments
1. Centralized Monitoring and Security Operations
2. Custom Use Cases
3. Threat Hunting
4. User Profiling
5. Incident Analysis
6. Forensic Investigations
7. Audit Requirements
8. Data Retention
9. Risk Assessments
Recommendations to others considering the product:
QRadar is an excellent tool if you are looking for SIEM solutions and developing the Security Operations Center, especially in the currently emerging cybersecurity threats landscape. IBM provides excellent threat intelligence, out of the box integration with many products and integration with custom applications. The correlation engine is very robust and good. It will be a definite value addition in your organization if you choose it.
A good SIEM tool but lacking in some small features
What do you like best about the product?
Starting with GUI, GUI of Qradar is easier as compared to work with other SIEM tools. Qradar is very good tool when we consider scalability, customization, visibility, performance and support. We can implement advanced correlation rules as per our requirement. We can do analysis very fast and efficiently because of its structure and visibility. Various features like assigning, adding notes, hiding and prioritizing alerts are very helpful while working on Qradar. Correlation engine is also good and it is easier to deploy. Overall it's good tool for security and threat monitoring.
What do you dislike about the product?
One thing which I don't like is logs are appended in the alerts. If alerts are in open state and if new logs generated related to that alert then the logs are appended into that alert only. Generally It has to give new alert for this. Because of this we can loss some important logs.
What problems is the product solving and how is that benefiting you?
Sometimes all alerts generated goes into inactive state, resulting all the alerts generated again like flood and it's very stressful. Other one is reporting feature is not that markable. They should give advanced reporting feature.
Recommendations to others considering the product:
It's good tool for security operations center. It helps in all the task needed into SOC. It's user-friendly, nw people can adapt it quickly.
Basic installing and configuring QRadar
What do you like best about the product?
Easy finding required logs, easy parsing logs
What do you dislike about the product?
huge usage of performance of server RAM, CPU and Disk
What problems is the product solving and how is that benefiting you?
Finding Domain Controler user logins
Recommendations to others considering the product:
Best tool for Everyday use
Good tool for SIEM testing
What do you like best about the product?
The UI - is user friendly and log debugging is so easy with QRadar
What do you dislike about the product?
Community is not available to help and not so much of documentation.
What problems is the product solving and how is that benefiting you?
We have used QRadar for cloud-integrated product testing including logs processing.
Very good platform for SOC
What do you like best about the product?
In general, large offering availability for add-ons from same company. More specifically, the NBAD features, QRM and Qflow.
What do you dislike about the product?
Support issues, especially competencies.
What problems is the product solving and how is that benefiting you?
Monitoring cybersecurity related events and collection from other sources.
Easy yo use.
What do you like best about the product?
qradar is good for centralized alert system.
What do you dislike about the product?
The dashboard cannot be modified to fit the organization needs.
What problems is the product solving and how is that benefiting you?
the automated ticket creation yo service now is very helpful.
Recommendations to others considering the product:
qradar is good for SIEM as a centralize alert system.
Its really a Real "Radar" from "IBM Qradar" - Powerful tool
What do you like best about the product?
Its Architecture and user friendly interface - like dashboard where we can have full control, admin control and easy to create offense rules.
Automation and visualization seems to be awful. More over it accurately detects the threats and prioritize across the organization or enterprise level .
We are using it in Vulnerability scanning and as well as SIEM tool.
Mostly I recommend this tool as it is great security management tool and I do see you can gain most of the certifications from their websites and leanings as well as great support forums online and blogs too.
This tool mostly important across security systems in the enterprise, whether it may be Identity and access management, Network IPS, IDS, Database security tools. A good SIEM tool today has the ability to put in place an appropriate response to combat both internal and external threats over the traffic and maintain the right consistency identity and session contexts across the layers, devices, endpoints with anomaly detection becomes more important in the IT/cyber world.
Automation and visualization seems to be awful. More over it accurately detects the threats and prioritize across the organization or enterprise level .
We are using it in Vulnerability scanning and as well as SIEM tool.
Mostly I recommend this tool as it is great security management tool and I do see you can gain most of the certifications from their websites and leanings as well as great support forums online and blogs too.
This tool mostly important across security systems in the enterprise, whether it may be Identity and access management, Network IPS, IDS, Database security tools. A good SIEM tool today has the ability to put in place an appropriate response to combat both internal and external threats over the traffic and maintain the right consistency identity and session contexts across the layers, devices, endpoints with anomaly detection becomes more important in the IT/cyber world.
What do you dislike about the product?
I don't see option for cross correlation.
If coming to SIEM tool - missing with char type visuals/diagrams for easy representation to the management
I don't see much down side of it.
If coming to SIEM tool - missing with char type visuals/diagrams for easy representation to the management
I don't see much down side of it.
What problems is the product solving and how is that benefiting you?
We use it for Security incident investigations and more over we can see all logs at single place.
It will update to date with their latest vulnerability patches as related to patch management.
As coming to SIEM kind of tool, we can collect Logs, events, paring the data, analying the data,
Moreover we can pull of getting data analytics, reports of top malicious visits or domains in the enterprise level.
It automatically create the custom parsing easy for us in GUI for raw logs.
Reports can be pulled management directly generated from the tool.
In depth analysis it identifies the suspicious traffic on network or firewalls and create a custom use cases.
It will update to date with their latest vulnerability patches as related to patch management.
As coming to SIEM kind of tool, we can collect Logs, events, paring the data, analying the data,
Moreover we can pull of getting data analytics, reports of top malicious visits or domains in the enterprise level.
It automatically create the custom parsing easy for us in GUI for raw logs.
Reports can be pulled management directly generated from the tool.
In depth analysis it identifies the suspicious traffic on network or firewalls and create a custom use cases.
Recommendations to others considering the product:
We use it for Security incident investigations and more over we can see all logs at single place.
It will update to date with their latest vulnerability patches as related to patch management.
As coming to SIEM kind of tool, we can collect Logs, events, paring the data, analying the data,
Moreover we can pull of getting data analytics, reports of top malicious visits or domains in the enterprise level.
It automatically create the custom parsing easy for us in GUI for raw logs.
Reports can be pulled management directly generated from the tool.
In depth analysis it identifies the suspicious traffic on network or firewalls and create a custom use cases.
Automation and visualization seems to be awful. More over it accurately detects the threats and prioritize across the organization or enterprise level .
We are using it in Vulnerability scanning and as well as SIEM tool.
Mostly I recommend this tool as it is great security management tool and I do see you can gain most of the certifications from their websites and leanings as well as great support forums online and blogs too.
It will update to date with their latest vulnerability patches as related to patch management.
As coming to SIEM kind of tool, we can collect Logs, events, paring the data, analying the data,
Moreover we can pull of getting data analytics, reports of top malicious visits or domains in the enterprise level.
It automatically create the custom parsing easy for us in GUI for raw logs.
Reports can be pulled management directly generated from the tool.
In depth analysis it identifies the suspicious traffic on network or firewalls and create a custom use cases.
Automation and visualization seems to be awful. More over it accurately detects the threats and prioritize across the organization or enterprise level .
We are using it in Vulnerability scanning and as well as SIEM tool.
Mostly I recommend this tool as it is great security management tool and I do see you can gain most of the certifications from their websites and leanings as well as great support forums online and blogs too.
Quality log analyse with IBM QRadar
What do you like best about the product?
Available extensions for Cloud Security and vulnerability Management
What do you dislike about the product?
I didn't face any issues with this solution yet, quick support is available for any errors or help
What problems is the product solving and how is that benefiting you?
Internal loopholes, vulnerability Management
showing 221 - 230