We performed a comparison between IBM Security QRadar and SolarWinds Security Event Manager based on real PeerSpot user reviews.
Find out in this report how the two Security Information and Event Management (SIEM) solutions compare in terms of features, pricing, service and support, easy of deployment, and ROI."One of the most valuable features is that it creates a kind of a single pane of glass for organizations that already use Microsoft software. So, when they have things like Microsoft 365, it is very easy for them to kind of plug in or enroll those endpoints into the Azure Sentinel service."
"The pricing of the product is excellent."
"The AI and ML of Azure Sentinel are valuable. We can use machine learning models at the tenant level and within Office 365 and Microsoft stack. We don't need to depend upon any other connectors. It automatically provisions the native Microsoft products."
"It has basic out-of-the-box integrations with multiple log sources."
"Free ingestion for Azure logs (with E5 licence)"
"The part that was very unexpected was Sentinel's ability to integrate with Azure Lighthouse, which, as a managed services solution provider, gives us the ability to also manage our customers' Sentinel environments or Sentinel workspaces. It is a big plus for us. With its integration with Lighthouse, we get the ability to monitor multiple workspaces from one portal. A lot of the Microsoft Sentinel workbooks already integrate with that capability, and we save countless amounts of money by simply being able to almost immediately realize multitenant capabilities. That alone is a big plus for us."
"We have no complaints about the features or functionality."
"Microsoft Sentinel enables you to ingest data from the entire ecosystem and that connection of data helps you to monitor critical resources and to know what's happening in the environment."
"It'll get you from point A to B."
"It's a state-of-the-art product for security information and event management (SIEM)."
"There is a single dashboard that gives us a complete overview of what is happening around the globe."
"The most valuable feature is user behavior analytics (UBA)."
"The most valuable feature is the DSM Editor. The custom parsing tool is very nice, outstanding."
"IBM QRadar Advisor with Watson is a stable solution."
"Blocks of predefined conditions can be used to configure detection rules without having to write complicated script."
"The most valuable features are the versatility of this solution and the variety of things you can do with it."
"The most valuable feature is the reporting."
"The solution helps me to go back in time and search for different events. For example, if you wanted to know who activated an account; you could go back in time and find out."
"It's easy to build rules and actions based on the logs and event types we collect with the software."
"The most valuable feature of this solution is the visibility into both attempted and failed logins."
"SolarWinds' stability is fine. I don't think we've had any software issues."
"The graphical user interface is very user-friendly. SolarWinds is a hybrid solution so you can use it across many platforms."
"It supports high availability, which is very helpful."
"The most valuable feature is the ease of use for the end user."
"The dashboards can be improved. Creating dashboards is very easy, but the visualizations are not as good as Microsoft Power BI. People who are using Microsoft Power BI do not like Sentinel's dashboards."
"If you're looking to use canned queries, the interface could be a little more straightforward. It's not immediately intuitive regarding how you use it. You have to take a canned query and paste it into an operational box and then you hit a button... They could improve the ease of deploying these queries."
"Documentation is the main thing that could be improved. In terms of product usage, the documentation is pretty good, but I'd like a lot more documentation on Kusto Query Language."
"The solution should allow for a streamlined CI/CD procedure."
"The data connectors for third-party tools could be improved, as some aren't available in Sentinel. They need to be available in the data connector panel."
"Everyone has their favorites. There is always room for improvement, and everybody will say, "I wish you could do this for me or that for me." It is a personal thing based on how you use the tool. I do not necessarily have those thoughts, and they are probably not really valuable because they are unique to the context of the user, but broadly, where it can continue to improve is by adding more connectors to more systems."
"We do have in-built or out-of-the-box metrics that are shown on the dashboard, but it doesn't give the kind of metrics that we need from our environment whereby we need to check the meantime to detect and meantime to resolve an incident. I have to do it manually. I have to pull all the logs or all the alerts that are fed into Sentinel over a certain period. We do this on a monthly basis, so I go into Microsoft Sentinel and pull all the alerts or incidents we closed over a period of thirty days."
"They're giving us the queries so we can plug them right into Sentinel. They need to have a streamlined process for updating them in the tool and knowing when things are updated and knowing when there are new detections available from Microsoft."
"I would like to see more integration in place after the security lock."
"The product needs to improve its GUI."
"The product does not have a team for investigating malware."
"IBM QRadar Advisor with Watson could be more user-friendly. You need some skills and understanding of what you're looking at, especially if you're going to draw down specific information."
"I think QRadar is very complex. It's a distributed system and IBM QRadar has an all-in-one solution which is not like that distributed solution but it's a good product. IBM needs to consider the user interface because if we compare it with AlienVault, the AlienVault user interface is fantastic but the IBM QRadar user interface is very complex. They should focus on how to make it easier for the client."
"The AI engine could be smarter."
"The technical support is poor. Mostly because when I open a PMR for IBM, I am stuck with Level 1 staff. As an engineer, nothing that I am bringing them does not require Level 2 or Level 3 support."
"AI is superb but need improvements."
"The reporting could be more robust. It can be a lot more granular and that will make it a lot more useful in comparison to how it is incorporated at the moment."
"I would like to be able to dig deeper into the visibility of events or incidents to determine whether they are malicious, such as by doing behavior analysis."
"Training for this solution needs to be improved, as new employees are sometimes unfamiliar with the product."
"The product should improve the ease with which you can create event alerts. They are not as hard now but you need to have an easier way."
"One of the drawbacks of being so flexible is that it is also a fairly complicated software application to install, configure, and maintain."
"The solution's technical support is okay, but we don't have an SLA, and sometimes the response times are very slow."
"It won't tell you when your backups are failing, but it will give you hints when your database is running on full recovery."
"I would like to have a more customizable dashboard."
More SolarWinds Security Event Manager Pricing and Cost Advice →
IBM Security QRadar is ranked 4th in Security Information and Event Management (SIEM) with 198 reviews while SolarWinds Security Event Manager is ranked 21st in Security Information and Event Management (SIEM) with 24 reviews. IBM Security QRadar is rated 8.0, while SolarWinds Security Event Manager is rated 7.8. The top reviewer of IBM Security QRadar writes "A highly stable and scalable solution that provides good technical support". On the other hand, the top reviewer of SolarWinds Security Event Manager writes "A comprehensive network security with robust technical capabilities, effective threat response, and centralized management". IBM Security QRadar is most compared with Splunk Enterprise Security, Wazuh, LogRhythm SIEM, Elastic Security and Fortinet FortiSIEM, whereas SolarWinds Security Event Manager is most compared with ManageEngine Log360, Splunk Enterprise Security, Wazuh, Microsoft Defender XDR and LogRhythm SIEM. See our IBM Security QRadar vs. SolarWinds Security Event Manager report.
See our list of best Security Information and Event Management (SIEM) vendors.
We monitor all Security Information and Event Management (SIEM) reviews to prevent fraudulent reviews and keep review quality high. We do not post reviews by company employees or direct competitors. We validate each review for authenticity via cross-reference with LinkedIn, and personal follow-up with the reviewer when necessary.