IBM Security QRadar SIEM v7.4.3 (BYOL)
IBM Security | IBM Security QRadar SIEM v7.4.3 (BYOL)Linux/Unix, Red Hat Enterprise Linux RHEL-7.7 - 64-bit Amazon Machine Image (AMI)
Reviews from AWS Marketplace
0 AWS reviews
-
5 star0
-
4 star0
-
3 star0
-
2 star0
-
1 star0
External reviews
External reviews are not included in the AWS star rating for the product.
Very good for security related use cases.
What do you like best about the product?
Log source Management and parsing helps a lot.
What do you dislike about the product?
Support for other SIEMs there should be some strong integration platform.
What problems is the product solving and how is that benefiting you?
Detecting user's behavior from logs and managing company wide security.
- Leave a Comment |
- Mark review as helpful
Very user friendly and secure
What do you like best about the product?
The visualization which is very easy to understand..the threat intelligence is such a great feature
What do you dislike about the product?
I suggest to decrease the price of the product
What problems is the product solving and how is that benefiting you?
Log analysis,real time monitoring and analysis of firewall logs,windows log,and syslogs
Recommendations to others considering the product:
Very very useful product...i have used splunk,elk and arcsight,in which i suggest qradar the primary solution
Use Case expertise and User Friendly GUI
What do you like best about the product?
The friendly GUI support Analyst to identify each and every thing related to there needs.
What do you dislike about the product?
EPS calculation and Offense Custom Dashboard not created
What problems is the product solving and how is that benefiting you?
Incident Monitoring
the security radar
What do you like best about the product?
the security enhancements and process provides the malware protection
What do you dislike about the product?
the process needs long time for the installation and more time to understand
What problems is the product solving and how is that benefiting you?
by this malware protection can be enhanced for the various users and getting the privacy and security with the same security software
Recommendations to others considering the product:
security software
QRadar app development
What do you like best about the product?
The ease of integration, correlation,distributed environment setup.
What do you dislike about the product?
Highly unstable when creating or deploying custom apps.
What problems is the product solving and how is that benefiting you?
Creating efficient apps .
Recommendations to others considering the product:
It's a good product,easy to use product.
Qradar: Bringing Security Into Focus
What do you like best about the product?
I enjoy and appreciate the ecosystem surrounding Qradar. Between the support community and the X-Force Exchange, there is a wealth of resources to ensure success.
What do you dislike about the product?
Qradar is a very complex product that takes a LOT of care and feeding.
What problems is the product solving and how is that benefiting you?
Qradar allows me to bring my entire environment into quick focus to find and realize issues and incidents effectively.
Recommendations to others considering the product:
Like any other enterprise tool, much of your success is contingent on your manpower and understanding of the underlying technology. A lot of companies are under staffing SIEM technology which severely degrades the value add.
Good correlation
What do you like best about the product?
Good correlation and easy to use. Lot of OOTB rules with use cases.
What do you dislike about the product?
Web user interface usability could be better.
What problems is the product solving and how is that benefiting you?
very good as siem.
The best SIEM Available
What do you like best about the product?
Great tuning capability, intelligence service allows to automatically generate offenses and the capability of adapting to any kind of infrastructure.
What do you dislike about the product?
Visually is not the best, the web browser offers an intuitive GUI but some functions are not presented really well.
What problems is the product solving and how is that benefiting you?
Monitoring customers infrastructure from deployment to full installation, giving also SOC service.
Good security system
What do you like best about the product?
The security system we just started to use. it helps identify and prioritize many threats. menu seems a bit complicated, but you can filter by yourself. All available in offenses
What do you dislike about the product?
everything looks nice now. We did not encounter any problems.
What problems is the product solving and how is that benefiting you?
To be aware of the advanced threats such as security of all devices in our corporate network, opening user account other than information outside of working hours, long-term usage of VPN.
Excellent tool for SIEM Technology
What do you like best about the product?
The ability to write complex rules with lot of ease. It helps correlate lot of log sources and can help write/define better rules which can help address complex rules. The features to add multiple apps from various vendors to better represent the dashboards and various lookup integrations. Incident Management and Automation for the script triggers and having them integrated with tools like IBM Resilient which helps managing the incident response process.
What do you dislike about the product?
There is nothing much to dislike in the system, however the Dashboard options and representation can be better. Pulse has some compensation however, we need to share those JSON files and all which is complex and not user friendly again.
Also the support for OT environment related log sources can be looked into as well. However, the dashboards and reports are the main concern points which we have seen with multiple customers.
Also multiple threat intel features can be recommended just like the IBM Resilient free threat intelligence options, instead of just keeping the TAXI/STIX feeds available, it would be great if you can recommend the customer on what and how to use them based on the open feeds that are actively available in opem.
Also the support for OT environment related log sources can be looked into as well. However, the dashboards and reports are the main concern points which we have seen with multiple customers.
Also multiple threat intel features can be recommended just like the IBM Resilient free threat intelligence options, instead of just keeping the TAXI/STIX feeds available, it would be great if you can recommend the customer on what and how to use them based on the open feeds that are actively available in opem.
What problems is the product solving and how is that benefiting you?
Complex rule monitoring. Multiple Correlation rules. Automatic Trigger of Incident Response tickets. Better visibility to the network and event logs.
showing 311 - 320