IBM Security QRadar SIEM v7.3.2 P1 - Managed Host (BYOL)
IBM Security | QRadar MH v7.3.2 Patch 1Linux/Unix, Red Hat Enterprise Linux RHEL-7.5 - 64-bit Amazon Machine Image (AMI)
Reviews from AWS Marketplace
0 AWS reviews
-
5 star0
-
4 star0
-
3 star0
-
2 star0
-
1 star0
External reviews
External reviews are not included in the AWS star rating for the product.
Privileged Cyber Security Visibility
What do you like best about the product?
The learning curve is very fast
Layer-7 Inspection
Full visibility for your cyberspace
Layer-7 Inspection
Full visibility for your cyberspace
What do you dislike about the product?
QRadar is eager to resources
Licencing model
Risk manager not comprehensive
Very expensive
Licencing model
Risk manager not comprehensive
Very expensive
What problems is the product solving and how is that benefiting you?
Threat hunting
Visibility on the IT infrastructure
Visibility on the IT infrastructure
Recommendations to others considering the product:
I advise you to go ahead but be careful, QRadar is eager to resources.
Buy the QFlow license.
Buy the QFlow license.
- Leave a Comment |
- Mark review as helpful
proactive approach to resolve threat
What do you like best about the product?
QRadar provides customizable dashboards, compliance templates, and data archiving
What do you dislike about the product?
he only downside is the alerting capabilities to know if a new update or patch has been
What problems is the product solving and how is that benefiting you?
IBM QRadar is a tightly integrated solution, that allows you to protect your environment
One of the best SIEM
What do you like best about the product?
Easy to create content rules and correlating. It is easy to integrate with tools
What do you dislike about the product?
everyone must get a training before implementing this
What problems is the product solving and how is that benefiting you?
Integrating with other apps easily
IBM Qradar: A Powerful and Intelligent SIEM solution
What do you like best about the product?
Performance- The processing capability of Qradar is excellent. Qradar can filter you data through millions of logs in just few seconds.
Threat Hunting: If you are bored with normal alerts and want to explore the possibility of attacks which your default correlation can't detect, you can use deep drive to the raw logs and can get into the details of information.
Filters: Qradar comes with excellent filter module which can be used to get the specific result.
Netflow:
Threat Hunting: If you are bored with normal alerts and want to explore the possibility of attacks which your default correlation can't detect, you can use deep drive to the raw logs and can get into the details of information.
Filters: Qradar comes with excellent filter module which can be used to get the specific result.
Netflow:
What do you dislike about the product?
Reports: If you want to design the custom report for you customer or management. It's gonna be difficult for you because Qradar has very limited features.
Visuals: The defaults graphs and other visuals should be more specific and meaningful.
Visuals: The defaults graphs and other visuals should be more specific and meaningful.
What problems is the product solving and how is that benefiting you?
Qradar was helping with In depth analysis of alerts, raw log, identify the suspicious traffic, create custom use cases.
Recommendations to others considering the product:
If you dealing with medium of large size organization and asset, I would recommend you to use Qradar. For small organization it's going to be difficult in terms of commercials.
It's very good I love this tool
What do you like best about the product?
Vanurability logs siem clod platform also
What do you dislike about the product?
Just only the heavy setup nothing else .
What problems is the product solving and how is that benefiting you?
Logs siem odc information security
About the Qradar Productivity and features.
What do you like best about the product?
The benefits are flexible and scalable architecture, efficient reporting, The data consolidation and search capabilities, Integrate with solutions like IBM BigFix, MaaS360.
What do you dislike about the product?
Need to more focus on false positive cases, for that develop with more features and detection capabilities.
What problems is the product solving and how is that benefiting you?
So flexible, scalability architecture, Efficine reporting worked with other tools but for QRadar will having many solutions,l. if you comparing with other tools will get actually scenario of QRadar tool.
Recommendations to others considering the product:
Need to focus on false positive cases.
Best SIEM product found so far.
What do you like best about the product?
Its enablement and customizations. And the idea of extensions make it more valuable.
What do you dislike about the product?
There are less search customisations in offenses tab.
What problems is the product solving and how is that benefiting you?
It pretty much covers everything due to its versatility.
I have a 4 years with Perform tuning of the Qradar SIEM , and integration with various systems
What do you like best about the product?
1. Easy to integration for most devices
2. UBA App and other APP
3. Offences tab easy to tracking logs and events, log activity tab
4.Easy to learn
5.Network hierarchy
2. UBA App and other APP
3. Offences tab easy to tracking logs and events, log activity tab
4.Easy to learn
5.Network hierarchy
What do you dislike about the product?
If they have integrated some applications with QRadar and need support for this application, you will not find full support, as the application works as a third party,
For example, if you have a site error on QRadar and have opened a ticket with the support they reported, you should open a ticket with MaxMind, because the Maxmind database is a third-party tool. IBM doesn't own it, QRadar just uses it There is nothing IBM can do about it.
Or if you encounter any problem with the CISCO FMC app, you should open a ticket with CISCO and I think they should have full support for any merger with any vendor and they have the ability to deal with the third-party linked in the Qardar system in order not to lose the advantage of this added application
I hate filter search as there no option to edit your search, you must delete the filter search and new filter.
Offenses Dashboard has sometimes error on details you need to move deeply analysis to check the MAC address as an example.
For example, if you have a site error on QRadar and have opened a ticket with the support they reported, you should open a ticket with MaxMind, because the Maxmind database is a third-party tool. IBM doesn't own it, QRadar just uses it There is nothing IBM can do about it.
Or if you encounter any problem with the CISCO FMC app, you should open a ticket with CISCO and I think they should have full support for any merger with any vendor and they have the ability to deal with the third-party linked in the Qardar system in order not to lose the advantage of this added application
I hate filter search as there no option to edit your search, you must delete the filter search and new filter.
Offenses Dashboard has sometimes error on details you need to move deeply analysis to check the MAC address as an example.
What problems is the product solving and how is that benefiting you?
You can customize rules, use cases
Real-time analysis
Real-time analysis
Recommendations to others considering the product:
I think QRadar is the best choice for you, but keep adding logs and tune it always
IBM Qradar review
What do you like best about the product?
Applications which give us the more visibility to analyse an incident.
What do you dislike about the product?
Qradar does not allow us the third part integration.
What problems is the product solving and how is that benefiting you?
We can analyse an offense deeply.
Recommendations to others considering the product:
Nice tools for incident response.
It really helped me in many critical situations and i beleive it will continue
What do you like best about the product?
Log Data collection and analyzing is the best part i love in QRadar, it ease of use and customisation for security operations team makes good .These are $M cost projects and will have ROI only it have effectiveness from security operations team.In the actual panorama, an IT staff would face a very hard task without using that tool, not to mention the costs. An organization deploying tools from different vendors to guarantee the digital security is wasting resources and efforts: different results, rules and reports. That´ s why I consider that QRADAR are a great alternative to build and maintain the SOC. We should take into account also that they have greatly evolved.The QRadar market really is evolving from the basic log aggregation, storage and compliance reporting to being the core security intelligence engine of the enterprise's IT infrastructure. What you're looking for today is an SIEM tool that can do real time analysis of large amounts of such event data, correlate them across layers, devices, endpoints, etc. and most importantly across the other security systems in the enterprise, whether they're Identity & Access Management systems, network IPS, database security tools and such. A good SIEM tool today has the ability to put in place an appropriate response to combat both insider and external threats, and maintaining the right consistent identity and session contexts across the layers, devices, endpoints with anomaly detection becomes all the more important.
What do you dislike about the product?
threat hunting comes in premium nothing else,i checked with all other alternatives but QRadar stands on the top
What problems is the product solving and how is that benefiting you?
Log Monitorings ,Threat Hunting
Recommendations to others considering the product:
There are a number of SIEMs on the market today but not all are created equal, QRadar stands the top for ease of use
showing 311 - 320