IBM Security QRadar SIEM v7.4.3 (BYOL)
IBM Security | IBM Security QRadar SIEM v7.4.3 (BYOL)Linux/Unix, Red Hat Enterprise Linux RHEL-7.7 - 64-bit Amazon Machine Image (AMI)
Reviews from AWS Marketplace
0 AWS reviews
-
5 star0
-
4 star0
-
3 star0
-
2 star0
-
1 star0
External reviews
External reviews are not included in the AWS star rating for the product.
QRadar helping university IT department with the many threats that are bombarding it
What do you like best about the product?
I like QRadar's intuitiveness and ease of use. As a member of the IT department I use QRadar daily to look for anomalies and troubleshoot issues. QRadar helps all our staff from the systems and network teams to the security analysts.
What do you dislike about the product?
There are some search features that are disappointing. If I put a filter on a search, but make a mistake with it, I have to delete the filter and then add the proper one instead of just editing the one I made the mistake in.
What problems is the product solving and how is that benefiting you?
We have it daily for troubleshooting network issues. Looking for troublesome users, bots, malicious actors and much more. As a University we have to look at threats coming from the outside world, as well as troublesome students trying things out due to curiosity or unfortunately the occasional one who is being malicious.
Recommendations to others considering the product:
Don't expect it to be the tool that will save your day by just turning it on. It takes time to tune the product. It is a little bit of rinse and repeat. You tune QRadar and let it sit for a bit and then you find some offenses that aren't really offenses and you tune some more. Overall QRadar is exactly what you put into it. If you spend the time investigating issues and tuning rules you will get a clean set of offenses for you to investigate.
- Leave a Comment |
- Mark review as helpful
the most competent SIEM
What do you like best about the product?
all in one, integrations, scalability.
It is the most competent product on the market with many thing out of the box and easy to build own integrations
It is the most competent product on the market with many thing out of the box and easy to build own integrations
What do you dislike about the product?
pricing, the pricing by EPS and Flows can be very very expensive, its hard for a small company to invest in this product
What problems is the product solving and how is that benefiting you?
Normalizing by many different products
Most comprehensive and security focused SIEM
What do you like best about the product?
Most broad variety of features. Every feature is done with security monitoring focus.
What do you dislike about the product?
Some features could be more configurable.
What problems is the product solving and how is that benefiting you?
Improved SOC operations.
Pros and cons of Qradar
What do you like best about the product?
It has huge potential due to the way the underlying mechanism or engine has been conceived.
What do you dislike about the product?
Lack of control over QID and event categorisation. There is no way to safely delete some bloated inbuilt content
What problems is the product solving and how is that benefiting you?
Monitoring of client infrastructures. One of the greatest benefit is the highly customisable aspect of Qradar.
Recommendations to others considering the product:
Check your building blocks and system settings!
Log monitoring and Custom actions
What do you like best about the product?
Qradar is built on MySQL database so the query output is very fast and also liked the offense feature. We can write our custom rules and it is like English grammar and you can create a role for the offense. We created custom rules for our customer and provided insights into their deployment. I like the log source implementation. This will help us to extract the values and enrich your data. I like the docker concept for app so that it will give us the total security and isolated app from each other.
What do you dislike about the product?
UI is not so interactive. We faced a lot of issues on UI. It will reload the whole page and the back button was not working. This would be a headache for customers. I didn't like the development toolkit which was provided by IBM. Development of any integration is very hard compared to others.
What problems is the product solving and how is that benefiting you?
We are helping a customer who is in the security domain. We are helping them to create log source for data extraction and enrichment.
We have created custom alerts for one of our customers and provided them to isolate the endpoint if any malicious activity occurs.
We have created custom alerts for one of our customers and provided them to isolate the endpoint if any malicious activity occurs.
Recommendations to others considering the product:
If you are not so worried about UI, you should go with IBM qrdar. It's very safe to use and will provide you a good amount of insights for your security data.
SIEM tool
What do you like best about the product?
The best features of Q-Radar are that all the logs are captured in one go
What do you dislike about the product?
Just need to do reasearch for someof the system logs
What problems is the product solving and how is that benefiting you?
All the logs are collected as well any authorized changes or access will be alerted
Recommendations to others considering the product:
Q radar is very much effective tool in order to get all.the system alerts
QRadar
What do you like best about the product?
Monitoring the bulk amount of servers and bulk amount of request like ga generated in those servers
What do you dislike about the product?
Not much, it was great experience in working in IBM QRadar
What problems is the product solving and how is that benefiting you?
Monitoring the servers, monitoring who are accessing the application from which locations, can be able to trace the requestor through IP and location as country, monitor the logs in one place in one interface
Recommendations to others considering the product:
Monitor the request logs in a radar range
QRadar :NextGen security Tool
What do you like best about the product?
This tool has very intelligent Inbuilt correlation mechanism which takes variety of alerts/event information and gives insights which help analysts to take proper actions. It will tell you in advance about the threats and impact by analyse all the information in real time.
What do you dislike about the product?
The architecture of the product is very detailed and complex. Filter property is not detailed clearly.
What problems is the product solving and how is that benefiting you?
Using Qradar to save our systems from malicious activities and critical data leak.
Recommendations to others considering the product:
Yes this product offers a lot of features and worth in spending for security.
Excellent tool
What do you like best about the product?
The way the tool interacts with the end user is amazing.
What do you dislike about the product?
Less options for now. I guess more update will do the work.
What problems is the product solving and how is that benefiting you?
As it is owned by IBM support is good and the security tool works as expected.
A little complicated to use
What do you like best about the product?
I love the customization and the interface
What do you dislike about the product?
I dislike the difficulty, I feel like it could be more user friendly
What problems is the product solving and how is that benefiting you?
Solving threat detection. It does detect lots of threats and responds quickly
Recommendations to others considering the product:
Use it if you’re very comfortable with threat detection
showing 321 - 330