We performed a comparison between IBM Security QRadar and Splunk Cloud Platform based on real PeerSpot user reviews.
Find out in this report how the two Security Information and Event Management (SIEM) solutions compare in terms of features, pricing, service and support, easy of deployment, and ROI."Sentinel pricing is good"
"Free ingestion for Azure logs (with E5 licence)"
"It is easy to implement (turn on) - does need a skilled analyst to develop queries and playbooks."
"Sentinel also enables you to ingest data from your entire ecosystem and not just from the Microsoft ecosystem. It can receive data from third-party vendors' products such firewalls, network devices, and antivirus solutions. It's not only a Microsoft solution, it's for everything."
"The analytic rule is the most valuable feature."
"It is always correlating to IOCs for normal attacks, using Azure-related resources. For example, if any illegitimate IP starts unusual activity on our Azure firewall, then it automatically generates an alarm for us."
"The log query feature has been the most valuable because it's very good. You can put your data on the cloud and run queues from Sentinel. It will do it all very fast. I love that I don't have to upload it to an Excel file and then manually look for a piece of information. Sentinel is much faster and is good for big databases."
"It's pretty powerful and its performance is pretty good."
"Senses, tracks, and links significant incidents and threats."
"The threat protection network is the most valuable feature, because when you get an offense, you can actually trace it back to where it originated from, how it originated, and why."
"QRadar shows very effective correlations. If you combine all the logins plus user behavior and the current intelligence, it gives a very good correlation for business. I think it reduces the false positives in user activity monitoring because there is a lot of social information to correlate with other data."
"The UBA feature is the most valuable because you can see everything about users' activities."
"It helps us discover any threats with their alerts and tracking."
"The scalability is good."
"IBM has everything you need in a cybersecurity solution. If you want to build a cybersecurity operation center version then I think QRadar is a perfect solution."
"Integration is very easy and the reporting is good."
"The most valuable feature is we don't have to deal with any back-end server maintenance because the solution is cloud-based."
"The Splunk Cloud Platform has reduced our mean time to resolve. It has easily saved 20 to 30 minutes every time someone gets locked out. We get 10 or 15 instances per day where people get locked out. It definitely saves a few hours per day."
"Index manager is most valuable because we do not have to bother about internal storage. It is all managed by the Splunk team."
"I like the Cloud monitoring console feature."
"Dashboards and alerting are the most valuable features. The dashboards let us see how the system looks in terms of anomalies, and the alerts trigger us to go and look at what possible problems are happening."
"Splunk has sped up our response and reduced the time we spend manually monitoring any logs for ticketing tools or servers. It saves us around two hours daily."
"This is a complete log reporting tool."
"The initial setup was straightforward."
"The playbook development environment is not as rich as it should be. There are multiple occasions when we face problems while creating the playbook."
"It has been a challenge with Azure Sentinel to onboard the Syslog server from FortiGate. Azure Sentinel can work better on that shift between the Syslog server and a firewall."
"Microsoft Defender has a built-in threat expert option that enables you to contact an expert. That feature isn't available in Sentinel because it's a huge product that integrates all the technologies. I would like Microsoft to add the threat expert option so we can contact them. There are a few other features, like threat assessment that the PG team is working on. I expect them to release this feature in the next quarter."
"If I see an alert and I want to drill down and get more details about the alert, it's not just one click. In other SIEM tools, you just have to click the IP address of the entity and they give you the complete picture. In Sentinel, you have to write queries or use saved queries to get details."
"Sentinel can be used in two ways. With other tools like QRadar, I don't need to run queries. Using Sentinel requires users to learn KQL to run technical queries and check things. If they don't know KQL, they can't fully utilize the solution."
"I believe one of the challenges I encountered was the absence of live training sessions, even with the option to pay for them."
"The built-in SOAR is not really good out-of-the-box. The SOAR relies on logic apps and you almost need to have some kind of developer background to be able to make these logic apps. Most security people cannot develop anything..."
"If you're looking to use canned queries, the interface could be a little more straightforward. It's not immediately intuitive regarding how you use it. You have to take a canned query and paste it into an operational box and then you hit a button... They could improve the ease of deploying these queries."
"The usability of interfaces could be improved."
"For the common needs of clients to fulfill requirements, a real integration with Blueworks Live (BPA modeling tool also from IBM) and a more suitable BPM on cloud solution for midsize customers."
"Before we didn't have any security issues but recently a few of the user emails were hacked. We had to actually recreate their emails for them."
"Needs better visualization options beyond the time series charts and a few other options that they have."
"The API integration for AD is a problem when it comes to vulnerability management. If you want to incorporate multiple factor authentication it becomes a problem with the AD. It doesn't integrate well. That needs to be improved."
"QRadar UBA only keeps the data for a short while (it's refreshed every five minutes) and would be improved if this were extended to a week or month."
"I would like to see the update process simplified."
"In a future release, the solution could provide malware analysis."
"The Splunk Cloud Platform dashboard could benefit from some improvements."
"The dashboards should be easier to customize."
"Splunk should increase the frequency of new feature releases, particularly those related to real-time operational flow monitoring and analytics reporting."
"Splunk Cloud Platform should improve its integrations and consider multiple integrations or direct integration with other platforms like Microsoft Azure, Google Cloud, or AWS."
"Its stability and performance can be better. Very rarely does a day go by when we do not see an error in the console, such as a health check error. Because it is cloud-hosted, we do not have access to the backend to figure it out ourselves. We are reliant on their support to figure it out, and a couple of days later, the error comes back or it is a different error. It is a never-ending cycle of support tickets. Their support is also not great."
"When one of my customers needs an app, and I am able to find that app on the Splunk base, I have to create a ticket and wait for five days for them to download the app into the cloud environment. That is probably one of the main things. It is painful because I have to wait to get that app in the cloud."
"There is sometimes no documentation or updated documentation available."
"They need to provide more training options."
IBM Security QRadar is ranked 4th in Security Information and Event Management (SIEM) with 198 reviews while Splunk Cloud Platform is ranked 3rd in Data Visualization with 34 reviews. IBM Security QRadar is rated 8.0, while Splunk Cloud Platform is rated 8.0. The top reviewer of IBM Security QRadar writes "A highly stable and scalable solution that provides good technical support". On the other hand, the top reviewer of Splunk Cloud Platform writes "Does not require backend maintenance, is easily integrated and utilized". IBM Security QRadar is most compared with Splunk Enterprise Security, Wazuh, LogRhythm SIEM, Elastic Security and Sentinel, whereas Splunk Cloud Platform is most compared with Wazuh, Splunk Enterprise Security, AppInsights, Check Point Security Management and Fortinet FortiAnalyzer. See our IBM Security QRadar vs. Splunk Cloud Platform report.
We monitor all Security Information and Event Management (SIEM) reviews to prevent fraudulent reviews and keep review quality high. We do not post reviews by company employees or direct competitors. We validate each review for authenticity via cross-reference with LinkedIn, and personal follow-up with the reviewer when necessary.