IBM Security QRadar SIEM v7.3.2 P1 - Console (BYOL)
IBM Security | QRadar Console v7.3.2 Patch 1Linux/Unix, Red Hat Enterprise Linux RHEL-7.5 - 64-bit Amazon Machine Image (AMI)
Reviews from AWS Marketplace
0 AWS reviews
-
5 star0
-
4 star0
-
3 star0
-
2 star0
-
1 star0
External reviews
External reviews are not included in the AWS star rating for the product.
IBM Qradar actually working as real Radar. It maximize our visibility on network.
What do you like best about the product?
As my experience QRadar correlation engine in is the best of any SIEM. There are major features,
- Analyzing bulk Data
- Testing new rules
- Re-creating offenses that were lost or purged
- Identifying previously hidden threads
- Historical correlation overview
- Creating historical correlation profile
- Viewing information about historical correlation runs
- Analyzing bulk Data
- Testing new rules
- Re-creating offenses that were lost or purged
- Identifying previously hidden threads
- Historical correlation overview
- Creating historical correlation profile
- Viewing information about historical correlation runs
What do you dislike about the product?
Unsupported for SE (Security Enhanced) linux - This is mandatory
API integrations with some products - It's good to have support for some custom made applications
API integrations with some products - It's good to have support for some custom made applications
What problems is the product solving and how is that benefiting you?
- Log Sources - QRadar support various range of log sources. Also we can customize and create custom log sources with DSM Editor. (out of the box features on QRadar - IAM, Data Security, Network & Host, IPS ..)
- Easy as just plug and play, Integration with Vulnerability Manager and Risk Manager.
- Security Intelligence abilities - real time analysis, behavior analysis, anomaly detection.
- Threat intelligence feeds are high quality and very accuracy. Also Threat intelligence information can be inject from sources like IBM X-Force.
- Built-in Rules, Offences and Reports.
- Low level of false positive.
- Graphical dashboards.
- Good solution for any scale of organization
- Easy as just plug and play, Integration with Vulnerability Manager and Risk Manager.
- Security Intelligence abilities - real time analysis, behavior analysis, anomaly detection.
- Threat intelligence feeds are high quality and very accuracy. Also Threat intelligence information can be inject from sources like IBM X-Force.
- Built-in Rules, Offences and Reports.
- Low level of false positive.
- Graphical dashboards.
- Good solution for any scale of organization
Recommendations to others considering the product:
Strongly recommended. Because it fulfill 99% of our requirements. This is not an one of SIEM, this SIEM solution is perfect for collecting all logs from devices and endpoints and it maximize visibility on the network, remove gaps / lapses and lack of monitoring.
Have advanced correlation algorithms, Scalable solution.
Have advanced correlation algorithms, Scalable solution.
- Leave a Comment |
- Mark review as helpful
The best Cybersecurity Solution that highlights security incidents in Real time
What do you like best about the product?
Its ease of highlighting incidents within the tech infrastructure
What do you dislike about the product?
Graphics.
Some competitors are more attractive
Some competitors are more attractive
What problems is the product solving and how is that benefiting you?
Security monitoring of many It/OT infrastructures
Recommendations to others considering the product:
.
Good for Experts, Bad for beginners
What do you like best about the product?
The complexity of items and analytics that you can extract using this SIEM, basically as long as you have the required logs, you can customize rules, use cases, reports, statistic graphs as per your needs;
Very good documentation offered by IBM for this tool.
Very good documentation offered by IBM for this tool.
What do you dislike about the product?
UEBA application within QRadar: Is not complete, the rules are good however, a more detailed list of categorizations per users type is needed in order to have a more accurate risk scores per user sessions.
Vulnerability Scan: The outcome of the missing vulnerability patches are not quite Real-Time, it has a delay of 1 to 3 weeks in relation with the releases done by Microsoft.
SIEM: Is not build for MSSP, even if there are workarounds to it, splitting the licensing for different customers is not advantageous however, for a single environment it works good;
Vulnerability Scan: The outcome of the missing vulnerability patches are not quite Real-Time, it has a delay of 1 to 3 weeks in relation with the releases done by Microsoft.
SIEM: Is not build for MSSP, even if there are workarounds to it, splitting the licensing for different customers is not advantageous however, for a single environment it works good;
What problems is the product solving and how is that benefiting you?
Offering Cyber Security solutions and services to the required environments; also, a very good tool to monitor the audit performance of the respective domain;
Recommendations to others considering the product:
High knowledge of Computer Networking is a must; Reading the QRadar documentation would help you customize and implementing the desired scopes with this tool.
Good tool
What do you like best about the product?
Good tool as compare with alien vault & mcaffe siem. One of the most valuable feature is it's ability to integrate with other solution. It has a single dashboard that give us a complete overview of what is happening around.the most valuable feature is the Qradar vulnerability manger.
What do you dislike about the product?
May require a considerable amount of tuning during deployment with very little"out of box" offense information.
What problems is the product solving and how is that benefiting you?
May require a considerable amount of tuning during deployment with very little"out of box" offense information.
Recommendations to others considering the product:
Good tool but bit expensive
Powerful SIEM solution
What do you like best about the product?
The Multi-tenancy capabilities
X-Force integration
X-Force integration
What do you dislike about the product?
The price is reasonable but on the high side compared to the competition
What problems is the product solving and how is that benefiting you?
Our customer regained insight in their complex security environent.
Recommendations to others considering the product:
When your comparing SIEM solutions take the TCO into account.
Very good for security related use cases.
What do you like best about the product?
Log source Management and parsing helps a lot.
What do you dislike about the product?
Support for other SIEMs there should be some strong integration platform.
What problems is the product solving and how is that benefiting you?
Detecting user's behavior from logs and managing company wide security.
Very user friendly and secure
What do you like best about the product?
The visualization which is very easy to understand..the threat intelligence is such a great feature
What do you dislike about the product?
I suggest to decrease the price of the product
What problems is the product solving and how is that benefiting you?
Log analysis,real time monitoring and analysis of firewall logs,windows log,and syslogs
Recommendations to others considering the product:
Very very useful product...i have used splunk,elk and arcsight,in which i suggest qradar the primary solution
Use Case expertise and User Friendly GUI
What do you like best about the product?
The friendly GUI support Analyst to identify each and every thing related to there needs.
What do you dislike about the product?
EPS calculation and Offense Custom Dashboard not created
What problems is the product solving and how is that benefiting you?
Incident Monitoring
SOC monitoring alerts and respond
What do you like best about the product?
api integrations, QROC and threat intelligence.
What do you dislike about the product?
on premise sometimes depends on system performance.
What problems is the product solving and how is that benefiting you?
none. I haven't experienced a major issue, only on premises system performance.
Recommendations to others considering the product:
go for cloud QROC
the security radar
What do you like best about the product?
the security enhancements and process provides the malware protection
What do you dislike about the product?
the process needs long time for the installation and more time to understand
What problems is the product solving and how is that benefiting you?
by this malware protection can be enhanced for the various users and getting the privacy and security with the same security software
Recommendations to others considering the product:
security software
showing 311 - 320