We performed a comparison between ArcSight Logger, Graylog, and IBM Security QRadar based on real PeerSpot user reviews.
Find out what your peers are saying about Splunk, Wazuh, Datadog and others in Log Management."The most valuable feature is the level of detail that you can see about certain events, even when they do not come up in the console."
"The technical support team is good...It is a scalable solution."
"It's a robust, mature product and you can do some really complex operations and analytics."
"ArcSight's robustness is its most valuable feature."
"We check a lot of logs in ArcSight Logger because we're running a massive database platform."
"In our country we are a little bit private in terms of solutions, so we are just starting to use the basic data capture. Now some users can start to use additional features that come with Micro Focus ArcSight like user behavior analytics for investigating."
"The machine learning is a good feature."
"It's an efficient solution."
"The build is stable and requires little maintenance, even compared to some extremely expensive products."
"I like the correlation and the alerting."
"Everything stands out as valuable, including the fact that I can quantify and qualify the logs, create pipelines and process the logs in any way I like, and create charts or data maps."
"Message forwarding through the in-built module."
"Graylog's search functionality, alerting functionality, user management, and dashboards are useful."
"We're using the Community edition, but I know that it has really good dashboarding and alerts."
"Real-time UDP/GELF logging and full text-based searching."
"We run a containerized microservices environment. Being able to set up streams and search for errors and anomalies across hundreds of containers is why a log aggregation platform like Graylog is valuable to us."
"The support is very good. We get support whenever we need it. Sometimes they respond immediately and sometimes it will be within 24 hours. We can ask them to please do it right away and they can get a request done within an hour or two."
"I like the graphical interface. It's so good and easy."
"IBM QRadar Advisor with Watson is a stable solution."
"The solution is flexible and easy to use."
"The feature that I have found most valuable is its artificial intelligence component, Watson. Its contribution is pretty good from a machine-learning artificial intelligence perspective. This compliments the orchestration automation component, as well."
"The best part of this solution is having a third-party SOC."
"It's hard for me to pinpoint any one feature that's most valuable because it is all about consuming logs and analyzing them. We started using QRadar UBA because we needed something that could analyze Linux authentication information. Other products take care of the Windows platform."
"IBM Qradar's ability to simplify the number of events, not only on a technical level but by making that information easy to pan through the orchestration deduplication. It is very impressive given that we have hundreds of devices that send event logs through."
"The solution could be improved in maintenance settings."
"The product's connectors should work better and the user manuals need an update."
"The initial setup was a little bit complex."
"The next release should have AI capabilities."
"The console in older versions is not user-friendly."
"We find that the search and access functionality is quite slow."
"We have had problems with archiving."
"The solution should make it possible to integrate network analysis features."
"More customization is always useful."
"The biggest problem is the collector application, as we wanted to avoid using Graylog Collector Sidecar due to its architecture."
"Dashboards, stream alerts and parsing could be improved."
"I would like to see some kind of visualization included in Graylog."
"Since container orchestration systems are popular and Graylog fits the niche well, perhaps they could officially support running in docker containers on Kubernetes as a StatefulSet as a use case. That way, the declarative nature of Kubernetes config files would document their best case deployment scenario-"
"Graylog can improve the index rotation as it's quite a complex solution."
"The infrastructure cost is the main issue. I like the rest. If the infrastructure costs could be lower, it would be fantastic."
"Over six months, I had two similar issues where searches were performed on field "messages". It exhausted all the memory of the ES node causing an ES crash and a Graylog halt."
"The API integration for AD is a problem when it comes to vulnerability management. If you want to incorporate multiple factor authentication it becomes a problem with the AD. It doesn't integrate well. That needs to be improved."
"There was some complexity in the initial setup due to bandwidth issues."
"IBM QRadar has outdated technology, and this is its area for improvement. When you try to implement an analytic expression, it's not updated. The solution doesn't support newer technologies, and it doesn't update regularly. For example, around the world, others implement new technologies, while IBM updates later than others."
"The tech support is not that good."
"The reporting system could use some upgrading."
"The initial setup requires that you have somebody with the proper skill set, and it would help if the configuration were easier."
"While the interface is easy to use, it could be a little more responsive."
"There should be more opportunity for community kind of distribution where, for example, if there was a zero-day threat targeting companies."