We performed a comparison between IBM Security QRadar, Quest InTrust, and Splunk Enterprise Security based on real PeerSpot user reviews.
Find out what your peers are saying about Splunk, Wazuh, Datadog and others in Log Management."Log correlation is very useful for processing alerts. It serves to follow up alerts in real-time, building an entire workflow."
"The feature that I have found most valuable is its artificial intelligence component, Watson. Its contribution is pretty good from a machine-learning artificial intelligence perspective. This compliments the orchestration automation component, as well."
"IBM Security QRadar has significantly improved our incident response procedures."
"The most valuable feature is the integration with the GRD, for banking."
"It's hard for me to pinpoint any one feature that's most valuable because it is all about consuming logs and analyzing them. We started using QRadar UBA because we needed something that could analyze Linux authentication information. Other products take care of the Windows platform."
"It's user-friendly when compared to other products."
"It's quite scalable. We have upgraded some solutions from 1000 APS up to 3500 APS to 5000 APS. It's a good solution, they have no scalability issues."
"We've found the solution to be scalable."
"I would rate the technical support very well as they are knowledgeable and quick to respond."
"Splunk is stable, and this is why many customers want it."
"Splunk has machine learning which is a valuable feature."
"Out-of-the-box, it seems very powerful."
"It has virtual visualization, and other products do not."
"It is easy to use, and easy to implement."
"Speeds up root cause analysis and can help identify issues that your organization never realized were occurring."
"The most valuable features for us include its robust log management capabilities, which allow us to efficiently handle and retain logs for extended periods as needed."
"The correlation capabilities are the first value that our clients say they like with Splunk."
"The weak signal detection with QRadar needs improvement. You can detect what you know, but what is unknown to the rule engine can't be detected."
"There is a shortage of skilled individuals with knowledge about the solution. There is training required."
"I would suggest QRadar release any documentation or give an online demo, like videos on YouTube. It would increase publicity and public appeal."
"The playbook guide which specifies the rules for security use cases needs to be provided to support in case the organization needs help."
"IBM Security QRadar’s GUI could be improved."
"There are reports that I would like to generate that are either not included, or I cannot find."
"The solution is difficult to understand in the beginning and has complex management configurations that can be improved."
"The released patch quality is poor. IBM should test those patches on their side, not on the client's side."
"It needs to have better reporting. "
"It was very complex. There was poor native correlation. "
"Splunk needs local technical support."
"The product is relatively expensive."
"When we do a rollout from the server or host or anything, we'd like to see more automation. It would save us time."
"While Splunkbase (the app repository) has a lot of great content, some apps are terribly old and could stand to be updated or purged."
"Splunk ES could have more pre-built integrations and rules. The detection is fairly accurate, but it depends on the rules you create. Splunk's out-of-the-box configuration isn't that useful."
"The solution could improve by giving more email details."
"Endpoint access is the only issue I can think to mention, even though the endpoint access we have with Cisco is fine."
"Features related to content management must be improved."
Earn 20 points