IBM Security QRadar SIEM v7.5.0UP4 (BYOL)
IBM Security | IBM Security QRadar SIEM v7.5.0UP4 (BYOL)Linux/Unix, Red Hat Enterprise Linux 7.9 - 64-bit Amazon Machine Image (AMI)
Reviews from AWS Marketplace
0 AWS reviews
-
5 star0
-
4 star0
-
3 star0
-
2 star0
-
1 star0
External reviews
External reviews are not included in the AWS star rating for the product.
System analysts
What do you like best about the product?
Offense's generation, logs build up. Centralized system for monitoring and management
What do you dislike about the product?
Nothing. But this product take times to make it stable. Parsing is lingering method.
What problems is the product solving and how is that benefiting you?
Vulnerability scanning, trigger false positive and much more
- Leave a Comment |
- Mark review as helpful
Very easy to use. User friendly
What do you like best about the product?
User friendly gui and easy to implement.
What do you dislike about the product?
Nothing as such noted,but as per market more features can be added
What problems is the product solving and how is that benefiting you?
It provides detailed analysis of user,server,system, and any activity going in the enviroment.It is bebeficial for detecting threats and attacks and helps ti prevent them.
Must needed SIEM tool - QRadar
What do you like best about the product?
To manage all critical events it is not simple. But IBM QRadar SIEM can help you. We are sing BM QRadar and it's really one of the best SIEM. IBM suuport makes it very issue to implement QRADAR. The IBM Qradar SIEM accurately detect and prioritize threats across the enterprise. Collect log events and network flow data from our critical devices, endpoints and applications distributed throughout our network. Quickly identify the top threats and reduce the total alert volume. Help us to investigate incidents.
What do you dislike about the product?
QRADAR data gateway is only available for QRoC also QRadar Event Collector can't be centrally managed. QRadar is more purpose-built, which means faster time to initial value, but potentially more expensive to extend.UEBA application within QRadar iss not complete, the rules are good however, a more detailed list of categorizations per users type is needed in order to have a more accurate risk scores per user sessions.
Vulnerability Scan: The outcome of the missing vulnerability patches are not quite Real-Time, it has a delay of 1 to 3 weeks in relation with the releases done by Microsoft.
SIEM: Is not build for MSSP, even if there are workarounds to it, splitting the licensing for different customers is not advantageous however, for a single environment it works good;
Vulnerability Scan: The outcome of the missing vulnerability patches are not quite Real-Time, it has a delay of 1 to 3 weeks in relation with the releases done by Microsoft.
SIEM: Is not build for MSSP, even if there are workarounds to it, splitting the licensing for different customers is not advantageous however, for a single environment it works good;
What problems is the product solving and how is that benefiting you?
The complexity of items and analytics that you can extract using this SIEM, basically as long as you have the required logs, you can customize rules, use cases, reports, statistic graphs as per your needs.Very good documentation offered by IBM for this tool.
Recommendations to others considering the product:
QRadar is must needed SIEM tool.
The best SIEM tool!!
What do you like best about the product?
QRadar has proven a really competitive product being available as cloud & Automated Intelligence solutions. It has been very effective in the overall security of Data by monitoring the systems, detecting the threats & investigating accordingly. It's a complete solution.
What do you dislike about the product?
The unwanted notifications sometimes. This generates a kind of distraction.
What problems is the product solving and how is that benefiting you?
The real-time threat detection is pretty helpful. I can take quick actions against the threats.
Recommendations to others considering the product:
Absolutely yes!
IBM Qradar actually working as real Radar. It maximize our visibility on network.
What do you like best about the product?
As my experience QRadar correlation engine in is the best of any SIEM. There are major features,
- Analyzing bulk Data
- Testing new rules
- Re-creating offenses that were lost or purged
- Identifying previously hidden threads
- Historical correlation overview
- Creating historical correlation profile
- Viewing information about historical correlation runs
- Analyzing bulk Data
- Testing new rules
- Re-creating offenses that were lost or purged
- Identifying previously hidden threads
- Historical correlation overview
- Creating historical correlation profile
- Viewing information about historical correlation runs
What do you dislike about the product?
Unsupported for SE (Security Enhanced) linux - This is mandatory
API integrations with some products - It's good to have support for some custom made applications
API integrations with some products - It's good to have support for some custom made applications
What problems is the product solving and how is that benefiting you?
- Log Sources - QRadar support various range of log sources. Also we can customize and create custom log sources with DSM Editor. (out of the box features on QRadar - IAM, Data Security, Network & Host, IPS ..)
- Easy as just plug and play, Integration with Vulnerability Manager and Risk Manager.
- Security Intelligence abilities - real time analysis, behavior analysis, anomaly detection.
- Threat intelligence feeds are high quality and very accuracy. Also Threat intelligence information can be inject from sources like IBM X-Force.
- Built-in Rules, Offences and Reports.
- Low level of false positive.
- Graphical dashboards.
- Good solution for any scale of organization
- Easy as just plug and play, Integration with Vulnerability Manager and Risk Manager.
- Security Intelligence abilities - real time analysis, behavior analysis, anomaly detection.
- Threat intelligence feeds are high quality and very accuracy. Also Threat intelligence information can be inject from sources like IBM X-Force.
- Built-in Rules, Offences and Reports.
- Low level of false positive.
- Graphical dashboards.
- Good solution for any scale of organization
Recommendations to others considering the product:
Strongly recommended. Because it fulfill 99% of our requirements. This is not an one of SIEM, this SIEM solution is perfect for collecting all logs from devices and endpoints and it maximize visibility on the network, remove gaps / lapses and lack of monitoring.
Have advanced correlation algorithms, Scalable solution.
Have advanced correlation algorithms, Scalable solution.
The best Cybersecurity Solution that highlights security incidents in Real time
What do you like best about the product?
Its ease of highlighting incidents within the tech infrastructure
What do you dislike about the product?
Graphics.
Some competitors are more attractive
Some competitors are more attractive
What problems is the product solving and how is that benefiting you?
Security monitoring of many It/OT infrastructures
Recommendations to others considering the product:
.
Good for Experts, Bad for beginners
What do you like best about the product?
The complexity of items and analytics that you can extract using this SIEM, basically as long as you have the required logs, you can customize rules, use cases, reports, statistic graphs as per your needs;
Very good documentation offered by IBM for this tool.
Very good documentation offered by IBM for this tool.
What do you dislike about the product?
UEBA application within QRadar: Is not complete, the rules are good however, a more detailed list of categorizations per users type is needed in order to have a more accurate risk scores per user sessions.
Vulnerability Scan: The outcome of the missing vulnerability patches are not quite Real-Time, it has a delay of 1 to 3 weeks in relation with the releases done by Microsoft.
SIEM: Is not build for MSSP, even if there are workarounds to it, splitting the licensing for different customers is not advantageous however, for a single environment it works good;
Vulnerability Scan: The outcome of the missing vulnerability patches are not quite Real-Time, it has a delay of 1 to 3 weeks in relation with the releases done by Microsoft.
SIEM: Is not build for MSSP, even if there are workarounds to it, splitting the licensing for different customers is not advantageous however, for a single environment it works good;
What problems is the product solving and how is that benefiting you?
Offering Cyber Security solutions and services to the required environments; also, a very good tool to monitor the audit performance of the respective domain;
Recommendations to others considering the product:
High knowledge of Computer Networking is a must; Reading the QRadar documentation would help you customize and implementing the desired scopes with this tool.
Good tool
What do you like best about the product?
Good tool as compare with alien vault & mcaffe siem. One of the most valuable feature is it's ability to integrate with other solution. It has a single dashboard that give us a complete overview of what is happening around.the most valuable feature is the Qradar vulnerability manger.
What do you dislike about the product?
May require a considerable amount of tuning during deployment with very little"out of box" offense information.
What problems is the product solving and how is that benefiting you?
May require a considerable amount of tuning during deployment with very little"out of box" offense information.
Recommendations to others considering the product:
Good tool but bit expensive
Powerful SIEM solution
What do you like best about the product?
The Multi-tenancy capabilities
X-Force integration
X-Force integration
What do you dislike about the product?
The price is reasonable but on the high side compared to the competition
What problems is the product solving and how is that benefiting you?
Our customer regained insight in their complex security environent.
Recommendations to others considering the product:
When your comparing SIEM solutions take the TCO into account.
Very good for security related use cases.
What do you like best about the product?
Log source Management and parsing helps a lot.
What do you dislike about the product?
Support for other SIEMs there should be some strong integration platform.
What problems is the product solving and how is that benefiting you?
Detecting user's behavior from logs and managing company wide security.
showing 301 - 310