We performed a comparison between Graylog, IBM Security QRadar, and Splunk Enterprise Security based on real PeerSpot user reviews.
Find out what your peers are saying about Splunk, Datadog, Wazuh and others in Log Management."The ability to write custom alerts is key to information security and compliance."
"Everything stands out as valuable, including the fact that I can quantify and qualify the logs, create pipelines and process the logs in any way I like, and create charts or data maps."
"The best feature of Graylog is the Elasticsearch integration. We can integrate and we can run filters, such as an event of interest, and those logs we can send to any SIEM tool or as an analytic. Additionally, there are clear and well-documented implementation instructions on their website to follow if needed."
"Open source and user friendly."
"I like the correlation and the alerting."
"This had increased productivity for the dev and support teams, because we are directly notifying them."
"What I like about Graylog is that it's real-time and you have access to the raw data. So, you ingest it, and you have access to every message and every data item you ingest. You can then build analytics on top of that. You can look at the raw data, and you can do some volumetric estimations, such as how big traffic you have, how many messages of data of a type you have, etc."
"The product is scalable. The solution is stable."
"This is a good tool to have because it gives you the ability to track what is currently happening in your environment."
"The tool's most valuable feature is log source management. It enables us to connect to various log sources, including content, authentications, or other customized integrations. These integrations can be tailored for use with other platforms that don’t already have built-in IBM add-ons."
"It's hard for me to pinpoint any one feature that's most valuable because it is all about consuming logs and analyzing them. We started using QRadar UBA because we needed something that could analyze Linux authentication information. Other products take care of the Windows platform."
"The most valuable feature is the machine learning module."
"The most valuable features of IBM Security QRadar are flexibility, IBM support, and scalability."
"What I like about IBM QRadar User Behavior Analytics is that it uses machine learning algorithms to generate risk scoring for the user activity. I also like that it syncs with our Active Directory users, so it really has full coverage for all users in our environment."
"The event collector, flow collector, PCAP and SOAR are valuable."
"The most valuable features are the AI assistant, which is good at detecting known types of behavior."
"The product has a good security posture."
"We solve issues that we previously could not since we now have the data."
"The consolidated overview of all the events that come in through our environment and an easy-to-access interface for all our end users are valuable."
"My favorite example of improving of organization is saving a $60k/mo in payroll fraud and $10k/mo in wasted API credits by using simple searches and clear reports."
"Visualizations are the best way to understand deviation techniques from the norm."
"Our clients are easily able to modify and evolve their implementations."
"The client site login is pretty extensible and probably cost-effective."
"The most valuable feature of Splunk Enterprise Security is the comprehensive logging capabilities it provides."
"Dashboards, stream alerts and parsing could be improved."
"Lacks sufficient documentation."
"Since container orchestration systems are popular and Graylog fits the niche well, perhaps they could officially support running in docker containers on Kubernetes as a StatefulSet as a use case. That way, the declarative nature of Kubernetes config files would document their best case deployment scenario-"
"The infrastructure cost is the main issue. I like the rest. If the infrastructure costs could be lower, it would be fantastic."
"I hope to see improvements in Graylog for more interactivity, user-friendliness, and creating alerts. The initial setup is complex."
"I would like to see a default dashboard widget that shows the topology of the clusters defined for the graylog install."
"Its scalability gets complicated when we have to update or edit multiple nodes."
"I would like to see some kind of visualization included in Graylog."
"I'm not sure about the stability just yet. We've observed a few issues and we raised a supporting ticket for it."
"They should speed up the incident response and also, at the same time, reduce the amount of manual effort that is required."
"We sometimes get an error about the hard drive. Approximately once in two months, we can't find the logs, and they go missing, which is a terrible issue. We are getting support for this issue from our support company."
"If you have too many events that occur, then the storage capacity becomes a problem. You need to have more storage."
"The AI engine could be smarter."
"IBM QRadar Advisor with Watson could be more user-friendly. You need some skills and understanding of what you're looking at, especially if you're going to draw down specific information."
"It would be good if the program allowed certain profiles to only see certain customer information."
"The product needs to improve its GUI."
"Splunk's ability to analyze malicious activities scores an 8 out of 10, but there's room for improvement. By analyzing emerging patterns, Splunk could identify and predict potential threats more effectively."
"The threat detection library needs to increase the frequency at which the playbooks are updated."
"We had some connections issues with the solution at the beginning."
"The UI can be difficult to understand for non-technical people."
"Being a SIEM solution with a centralized dashboard, we would like to have more options to customize it."
"It needs integration with a configuration management solution."
"The threat management part is still lagging. There are some gaps in threat management. Other vendors have built-in threat management systems, but Splunk lacks the threat management component in its portal. The UEBA and everything else is perfect, but it lacks a unified threat intelligence and management part."
"Integrating tools and creating use cases could be easier. It's hard for a junior security engineer with only a couple of years of experience to write use cases. They can do it, but it's much easier in a solution like IBM QRadar. Setting conditions is like a multiple-choice type of thing. It's a more user-friendly process."