Sold by: IBM Security
Deployed on AWS
The threat detection and response suite built to help your security teams outsmart threats with speed, accuracy and efficiency. IBM Security QRadar SIEM (Classic) and QRadar SOAR are customer deployed software.
4
Overview
Threats are increasing in volume and sophistication at a staggering pace. Real-time monitoring and visibility are required to detect threats like ransomware, insider threats, and cloud attacks before they cause disruption.
IBM Security® QRadar® Suite is a modernized threat detection and response solution designed to unify the security analyst experience and accelerate their speed across the full incident lifecycle. The portfolio is embedded with enterprise-grade AI and automation to dramatically increase analyst productivity, helping resource-strained security teams work more effectively across core technologies.
IBM Security QRadar SIEM (Classic): Market-leading Security Information and Event Management (SIEM) solution enables you to run your business in the cloud and on premises with visibility and security analytics built to rapidly investigate and prioritize critical threats.
IBM Security QRadar SOAR: Recent winner of a Red Dot Design Award for interface and user experience, QRadar SOAR helps organizations automate and orchestrate incident response workflows and ensure their specific processes are followed in a consistent, optimized and measurable way.
For more information, visit https://www.ibm.com/qradar
For customized QRadar SIEM (Classic) / QRadar SOAR pricing or if you are interested in additional product capabilities such as Threat Intelligence, Data Explorer, or EDR - contact your IBM Sales Representative or email us at SecurityOrdersAWS@wwpdl.vnet.ibm.com .
Highlights
- Find the right size for your solution and estimate your IBM QRadar SIEM (Classic Software) price: https://www.ibm.com/qradar/security-qradar-siem/pricing?mpid=aws
- Gain centralized visibility across AWS and hybrid cloud environments via a single pane of glass. Leverage deep integrations with AWS security services including AWS Security Hub, CloudTrail, GuardDuty, Network Firewall, WAF, Amazon Detective, CloudWatch, VPC Flow Logs and more.
- Correlate data across users, networks, and AWS native services to gain deep insights into key threats including cloud misconfigurations, policy changes and suspicious user activity. Connect related events to ensure teams only receive a single alert for an incident.
Details
Sold by
Categories
Delivery method
Deployed on AWS
New
Introducing multi-product solutions
You can now purchase comprehensive solutions tailored to use cases and industries.
Features and programs
Buyer guide
Gain valuable insights from real users who purchased this product, powered by PeerSpot.
Financing for AWS Marketplace purchases
AWS Marketplace now accepts line of credit payments through the PNC Vendor Finance program. This program is available to select AWS customers in the US, excluding NV, NC, ND, TN, & VT.
Pricing
Pricing is based on the duration and terms of your contract with the vendor. This entitles you to a specified quantity of use for the contract duration. If you choose not to renew or replace your contract before it ends, access to these entitlements will expire.
Additional AWS infrastructure costs may apply. Use the AWS Pricing Calculator to estimate your infrastructure costs.
Dimension | Description | Cost/12 months |
|---|---|---|
QRadar SIEM | 500 Events Per Second, 10000 Flows Per Minute | $12,074.40 |
QRadar SOAR | 2 Authorized Users | $22,704.00 |
Vendor refund policy
All orders are non-cancellable and all fees and other amounts that you pay are non-refundable. If you have purchased a multi-year subscription, you agree to pay the annual fees due for each year of the multi-year subscription term.
Legal
Vendor terms and conditions
Upon subscribing to this product, you must acknowledge and agree to the terms and conditions outlined in the vendor's End User License Agreement (EULA) .
Content disclaimer
Vendors are responsible for their product descriptions and other product content. AWS does not warrant that vendors' product descriptions or other product content are accurate, complete, reliable, current, or error-free.
Delivery details
Software as a Service (SaaS)
SaaS delivers cloud-based software applications directly to customers over the internet. You can access these applications through a subscription model. You will pay recurring monthly usage fees through your AWS bill, while AWS handles deployment and infrastructure management, ensuring scalability, reliability, and seamless integration with other AWS services.
Support
Vendor support
For Sales Inquiries Contact: SecurityOrdersAWS@wwpdl.vnet.ibm.com To contact IBM Security QRadar Suite Software support:
AWS infrastructure support
AWS Support is a one-on-one, fast-response support channel that is staffed 24x7x365 with experienced and technical support engineers. The service helps customers of all sizes and technical abilities to successfully utilize the products and features provided by Amazon Web Services.
Updated weekly
By IBM Security
By Rapid7
By Panther
Sentiment is AI generated from actual customer reviews on AWS and G2
Functionality
Ease of use
Customer service
Cost effectiveness
Positive reviews
Mixed reviews
Negative reviews
AI generated from product descriptions
Threat Detection and Analytics
Advanced security information and event management (SIEM) solution with real-time monitoring and threat detection capabilities
Cloud Security Integration
Deep integration with AWS security services including Security Hub, CloudTrail, GuardDuty, Network Firewall, and VPC Flow Logs
Incident Response Automation
Enterprise-grade AI and automation to orchestrate and streamline incident response workflows across security technologies
Event Correlation
Ability to correlate data across users, networks, and cloud services to provide comprehensive threat insights and minimize alert fatigue
Multi-Environment Monitoring
Unified security analytics platform supporting monitoring and visibility across cloud and on-premises infrastructure
Log Aggregation and Monitoring
Monitors entire IT environment by ingesting logs from CloudTrail, GuardDuty, EC2 network traffic, multiple AWS accounts, cloud services, on-premises networks, and remote endpoints
Threat Detection Analytics
Utilizes user and attacker behavior analytics with 900+ out-of-the-box detections and community threat intelligence to minimize false alarms
Compliance Monitoring
Supports log, event, and File Integrity Monitoring (FIM) requirements for compliance frameworks like PCI, HIPAA, and GDPR
Advanced Defense Mechanisms
Implements layered security defenses through honeypots, honey credentials, and honey files to detect potential intrusions
Investigation Capabilities
Provides detailed log timelines and automated response workflows to cut investigation times and enable rapid incident response
Log Analysis
Real-time security log processing and analysis of terabytes of raw logs per day using cloud-native architecture
Detection Methodology
Detection-as-code implementation using Python programming language for threat detection rules
Cloud Log Integration
Native integrations with AWS log sources including S3, CloudTrail, and VPC Flow Logs
Security Data Lake
Transforms raw log data into structured security data lake for comprehensive threat investigation and incident response
Scalable Architecture
Highly scalable data lake infrastructure designed for processing and querying large volumes of security logs efficiently
Standard contract
No
No
No
Customer reviews
reviewer2795490
Automation has reduced phishing response effort but interface and dashboards still need improvements
Reviewed on Jan 08, 2026
Review provided by PeerSpot
What is our primary use case?
IBM Security QRadar is primarily used for orchestration, automation, and incident response in my environment.
I use IBM Security QRadar for automation and incident response through a phishing mail playbook, where an employee sends a malicious phishing email to the SOAR inbox, and SOAR automatically generates an incident based on that email. After the incident is generated, we have created an advanced playbook that analyzes and scans the incident artifacts, extracting malicious elements in the notes. Following the identification of malicious content, another playbook sends an email notification about the findings and integrates with firewalls to automatically block the IOCs identified in the email. This is one of several playbooks we have developed.
Regarding my main use case for IBM Security QRadar, I have used most of IBM Security QRadar by integrating it with IBM Security QRadar SIEM , consolidating many IBM Security QRadar SIEM alerts in IBM Security QRadar SOAR. We have created incident types for each IBM Security QRadar alert and handle each incident carefully in IBM Security QRadar SOAR, automating incidents at an advanced level, including the use of a custom SOAR SDK to develop a custom SOAR application to meet client requirements. We have leveraged the potential of IBM Security QRadar SOAR.
What is most valuable?
The best features of IBM Security QRadar, in my experience, include multiple application integrations available through the IBM App Exchange, and I particularly appreciate the Playbook Designer feature, which allows me to design playbooks on a canvas, making it user-friendly and efficient.
The Playbook Designer in IBM Security QRadar has specifically helped my workflow by allowing the creation of advanced SOAR playbooks, with many sub-playbooks integrated into the main playbook itself. This feature enables me to create great workflows using functions, scripts, and rules tailored to client requirements, and the integration of applications enhances the feasibility of using Playbook Designer while allowing me to expand playbooks as necessary.
IBM Security QRadar has positively impacted my organization by enabling me to mitigate many incidents and reduce manual tasks by up to 40%. I have noticed a decrease in incident response time and a significant reduction in the number of manual tasks performed, leading to more efficient overall operations.
What needs improvement?
IBM Security QRadar needs to be more user-friendly; the current build is based on basic code and could benefit from updates. Making IBM Security QRadar's interface more intuitive, similar to that of Splunk, would enhance usability. Additionally, improving the installation and deployment processes to minimize setup time compared to other SIEM and SOAR tools is necessary.
I gave IBM Security QRadar a score of six or seven out of ten because it has a very basic interface; the dashboards require extension management for better usability. There should be an effort to build more effective dashboards within IBM Security QRadar itself without relying on additional applications. Additionally, maintaining good compatibility with IBM App Exchange applications is crucial, as IBM Security QRadar SIEM is an older product that would benefit from code updates.
For how long have I used the solution?
I have been using IBM Security QRadar for more than two years.
What other advice do I have?
For others looking into using IBM Security QRadar, my advice is to first learn IBM Security QRadar SOAR. Training is essential, but IBM Security QRadar SOAR is not overly complicated, and the documentation from IBM's portal is quite good. By learning IBM Security QRadar SOAR first, users can operate it more efficiently and leverage its versatile features, including rules, workflows, and various custom properties. I would rate IBM Security QRadar a score of six out of ten.
Mohamed Fouad
Security monitoring has improved and helps us detect threats faster while building our SOC
Reviewed on Dec 22, 2025
Review from a verified AWS customer
What is our primary use case?
My main use case for IBM Security QRadar is implementing it as a SIEM solution to collect logs and correlate events so we can have offenses inside our organization.
Acting as a SIEM solution, IBM Security QRadar helps us deep dive into what happened in our network by collecting network flows and network events, and correlating events to generate incidents or offenses so we can stop attacks.
What is most valuable?
The best features IBM Security QRadar offers include its stability.
What makes IBM Security QRadar's stability stand out for me is that I am currently using FortiSIEM , but implementing IBM Security QRadar is a more advanced and more stable product, making it reliable for me to use.
IBM Security QRadar helps my organization correlate events and gain insight into our network traffic and security events.
Since using IBM Security QRadar, it has helped reduce security risks as we have a risk manager module, which is really helpful for us, and the response to an incident is very quick, so we have reduced the mean time to detect attacks.
What needs improvement?
I think the support for IBM Security QRadar needs improvement as it is a big product and needs more support engineers to help customers.
The time to support and providing more engineers for support are the needed improvements.
For how long have I used the solution?
I have been working in my current field for about ten years.
What do I think about the stability of the solution?
IBM Security QRadar is stable.
What do I think about the scalability of the solution?
IBM Security QRadar's scalability is great.
How are customer service and support?
The customer support for IBM Security QRadar needs improvement.
How would you rate customer service and support?
Negative
Which solution did I use previously and why did I switch?
I did not previously use a different solution.
What was our ROI?
I have seen a return on investment in terms of time saved and money saved as we stopped attacks, which also means fewer employees are needed.
What's my experience with pricing, setup cost, and licensing?
Regarding the setup cost, it is great; the licensing module is very powerful and has a granular structure, so the licensing is great, but the price needs more focus to be compared to other vendors.
Which other solutions did I evaluate?
I did not evaluate other options before choosing IBM Security QRadar.
What other advice do I have?
I would advise others looking into using IBM Security QRadar that it can help your organization reduce the mean time to detect and mean time to respond, and also in building a SOC. I would rate this product a ten out of ten.
Which deployment model are you using for this solution?
Public Cloud
If public cloud, private cloud, or hybrid cloud, which cloud provider do you use?
Amazon Web Services (AWS)
Abhimanyu Das
Improved phishing investigations and threat hunting have strengthened our security operations
Reviewed on Dec 14, 2025
Review from a verified AWS customer
What is our primary use case?
I use IBM Security QRadar to collect logs, analyze them, and share details. When I began investigating incidents and working with the SOC team, I was using IBM Security QRadar .
How has it helped my organization?
IBM Security QRadar has been a game-changer for our SOC at Kantar. It pulls everything together—logs from endpoints, networks, you name it—letting us spot threats faster and cut down response times by about 40% on stuff like phishing alerts and endpoint issues across our 6,000 machines.
What is most valuable?
IBM Security QRadar offers a wide range of powerful features. During phishing-related investigations, it greatly assists from an analyst’s investigation point of view. A core capability of IBM Security QRadar is visibility — it collects and normalizes logs and network flow events from multiple tools. It can ingest logs from almost any source. Its advanced, modular architecture supports real-time log collection from diverse systems, making it well-suited for environments using platforms such as CrowdStrike, Microsoft Defender, Trend Micro, and Symantec.
These features are highly beneficial in our environment because, from a security perspective, proper log collection and management are crucial. QRadar streamlines SOC operations by automating alert triggers and providing unified visibility across multiple environments, which enhances our team’s ability to handle phishing and EDR alerts effectively. The shift handover capability is another valuable feature of IBM Security QRadar. Real-time log normalization and its advanced analytics engine help reduce high-risk alerts and false positives by up to 50%.
From an analyst’s perspective, threat hunting and groundwork during rotational shifts, combined with SOAR playbook automation, enable efficient endpoint isolation and quarantine actions. IBM Security QRadar also features a custom rules engine that allows analysts to create dynamic rules using AQL, targeting niche threats such as suspicious domains, all without vendor lock-in. Unlike rigid EDR policies, its petabyte-scale indexing efficiently handles massive event-per-second (EPS) volumes without performance degradation, making it ideal for expanding enterprise environments compared to lighter SIEM solutions.
What needs improvement?
IBM Security QRadar needs improvement in several areas. It should be better integrated with AI, as L1 analysts often deal with noisy rules that require constant fine-tuning. Smarter, out-of-the-box analytics — comparable to CrowdStrike’s low false-positive performance — would significantly enhance efficiency. Additionally, a more intuitive and customizable dashboard would provide better visibility, making it easier to identify available options and streamline operations.
The QRadar mobile app also requires upgrades, as it currently lags behind with limited incident (offense) visibility and lacks push alerts for high-severity events. This becomes challenging during shift rotations. Adding an option for bulk offense closure with multi-select capabilities and predefined reason templates would save time, as manual tagging is currently cumbersome. These improvements are essential for optimizing the overall analyst experience.
For how long have I used the solution?
I have used IBM Security QRadar for more than two years.
What do I think about the stability of the solution?
QRadar scales like a champ for our setup—handles petabyte-scale data
How are customer service and support?
Good
How would you rate customer service and support?
Positive
Which solution did I use previously and why did I switch?
Yeah, before QRadar, we were piecing things together with a mix of Microsoft Defender for logs from endpoints and some basic syslog forwarding from Trend Micro Deep Security , but it wasn't a full SIEM —just siloed tools that made correlation a nightmare.
How was the initial setup?
complex
What about the implementation team?
consultant
What was our ROI?
I can say that almost 35% of time is reduced, specifically 30 to 35% time reduction.
Which other solutions did I evaluate?
We looked at Splunk and Azure Sentinel as main alternatives before landing on QRadar—Splunk for its search power and Sentinel since we're heavy on Azure .
What other advice do I have?
I recommend IBM Security QRadar because it is a trusted IBM product that many organizations and financial institutions use for its strong visibility and analytical capabilities. I have had a great experience working with IBM Security QRadar. From what I know, most SOC professionals agree that once you gain experience with QRadar, adapting to any other SIEM tool becomes much easier. Overall, I would rate my experience with IBM Security QRadar highly due to its robust features and wide industry adoption.
Mohamed Fouad
Building a proactive soc has improved threat correlation and deep log investigation
Reviewed on Dec 03, 2025
Review from a verified AWS customer
What is our primary use case?
My main use case for IBM Security QRadar is building a SOC with IBM Security QRadar as a SIEM.
I use IBM Security QRadar in my SOC operations as an information security management, security and event management tool, to correlate events and build use cases for incident response.
My main use case helps us to deep dive into the logs and correlate events from many other products like firewalls, endpoints, and also a lot of products.
What is most valuable?
The best features IBM Security QRadar offers include vulnerability management, a powerful integration, and being a stable product. The vulnerability management feature helps to build an asset library for our organization, and with integrations, we can integrate this vulnerability with other ticketing systems to discover new vulnerabilities and build a patch management for it.
IBM Security QRadar has positively impacted my organization by allowing me to get offenses and threats into our organization, helping me to discover the real threats attacking our organization. The real threats that IBM Security QRadar helps us with are provided as offenses, real offenses with real examples that allow us to discover new offenses and assist in closing these offenses.
What needs improvement?
IBM Security QRadar can be improved; perhaps IBM support needs improvement in fast response and also the team response.
For how long have I used the solution?
I have been using IBM Security QRadar for about nine years.
What do I think about the stability of the solution?
IBM Security QRadar is stable.
What do I think about the scalability of the solution?
IBM Security QRadar's scalability is great; you can have a new collector to deploy if you have increased EPS per second.
How are customer service and support?
Customer support for IBM Security QRadar needs improvement.
How would you rate customer service and support?
Negative
Which solution did I use previously and why did I switch?
I have not used a different solution before IBM Security QRadar; this is my first use.
What was our ROI?
I have seen a return on investment; I can share that it includes time saved, money saved, and fewer employees needed.
What's my experience with pricing, setup cost, and licensing?
My experience with pricing, setup cost, and licensing is great compared to the other vendor.
Which other solutions did I evaluate?
I did not evaluate other options before choosing IBM Security QRadar.
What other advice do I have?
IBM Security QRadar is stable and has great support.
I advise others looking into using IBM Security QRadar that it is really helpful for building a SOC and to get a deep dive into your real threats at the earliest time. I have given this product a review rating of 10.
HarshBhardiya
Have managed daily asset and alert monitoring effectively but have encountered limitations with manual processes and interface usability
Reviewed on Oct 28, 2025
Review from a verified AWS customer
What is our primary use case?
The use cases are daily monitoring, asset management, asset monitoring, asset health status monitoring, and alert monitoring. That is the current use case of what SIEM is being used for.
What is most valuable?
The query search and log fetching are really helpful in IBM Security QRadar when compared to other tools.
Compared to ArcSight, Splunk, or any other SIEM tools where you need their processing language such as structured query language, SPL, and in Sentinel there is KQL query languages, IBM Security QRadar doesn't require reliance on query languages. There are filters which you can use directly and apply to get the data you want fairly easily.
What needs improvement?
It's still very manual and doesn't work on its own. It's still in an early stage and not on par where we can consider it a really successful detection system. The accuracy is not there.
The UI could be better when compared to Sentinels where we can use flags and tagging. It could be much more user-friendly. IBM Security QRadar has all features and is fully competitive with other SIEM tools, but when it comes to user-friendliness, a new user takes time to get used to it. More intuitive, user-friendly interfaces and more helpful documentation would be beneficial.
The query searching and data fetching could be faster. In large to very large organizations with around 5,000 or 6,000 assets or beyond, even with proper configurations and RAM and hardware backing up, the query is fairly slow.
For how long have I used the solution?
I have been using it for almost nine months.
What do I think about the stability of the solution?
The solution is extremely stable because it's on cloud. On cloud, you don't see any disconnections or instability. Any solution that is on cloud works really stably.
What do I think about the scalability of the solution?
I am both a customer and we provide service to that.
How are customer service and support?
I never needed to reach out to support because most of the expertise was already available.
How would you rate customer service and support?
Neutral
Which solution did I use previously and why did I switch?
How was the initial setup?
There are analytical workspaces where we create automatic ticket creations and automatic email notifications.
What about the implementation team?
I have worked on technologies including Qualys, Group-IB, and QRadar. I have experience with CrowdStrike EDR and Bitdefender. On the EDR front, I have worked on CrowdStrike and Bitdefender. For SIEMs, I work with IBM Security QRadar and Sentinel. For vulnerability assessments, I work with Qualys.
What was our ROI?
There are no observable benefits on ROI process-wise, workability-wise, or usability-wise.
Which other solutions did I evaluate?
We chose IBM Security QRadar because we were moving to cloud. Previously it was an on-prem solution. Compared to Splunk and Sentinel, it's much more cost-effective.
What other advice do I have?
IBM Security QRadar is capable of handling much of the market requirements. It's comparable to any other SIEM tool without standing out significantly.
It's fairly open for custom integrations, but it depends on what type of logs we are receiving and what kind of parsing we are getting done. The integrations are totally based on the skill sets if third-party or custom integrations are required.
When it comes to log management, it's fairly easy to manage and the log rotate is really good compared to any standard SIEM tool. It just gets the work done.
I rate IBM Security QRadar an 8 out of 10.