We performed a comparison between IBM Security QRadar, Splunk Enterprise Security, and VMware Aria Operations for Logs based on real PeerSpot user reviews.
Find out what your peers are saying about Splunk, Wazuh, Datadog and others in Log Management.
"I have found the most important features to be the flexibility, tech framework, and disk manager."
"It integrates very easily with other solutions. The solution is flexible. We can add anything to it, as it is a good companion to other tools."
"It also has a graph that shows the traffic history. I can see what happened yesterday or today. If there's an incident, I can check the traffic behavior on QRadar."
"It's a state-of-the-art product for security information and event management (SIEM)."
"Providing real-time visibility for threat detection and prioritization - QRadar SIEM provides contextual and actionable surveillance across the entire IT infrastructure."
"A nice benefit is when we go to the process of selecting our youth cases, they go by building blocks. QRadar links it to building blocks."
"It'll get you from point A to B."
"This solution has allowed us to correlate logs from multiple sources."
"Alerts when a server is malfunctioning, monitors external attacks, and takes action to stop spreading viruses."
"Easy to deploy and simple to use."
"The additional vendors we've brought on board, particularly the elastic, have been quite beneficial."
"The most valuable feature of Splunk is the management and built-in workflows."
"Splunk Enterprise Security's dashboards are a key asset."
"The most valuable feature of Splunk Enterprise Security is website activity monitoring."
"Splunk has machine learning which is a valuable feature."
"Splunk setup is easy and straightforward. "
"I like the interface."
"The virtualization solution supports data center virtualization, network and security."
"The solution's simplicity, flexibility, and extensibility are valuable features as we can integrate everything in vRealize."
"It is a highly stable solution...It is a highly scalable solution."
"The setup and installation are very easy."
"The trace log is the solution's most valuable feature. It's very helpful in troubleshooting problems."
"The interface of the solution is good."
"It is very scalable and can handle a large workload."
"IBM Security QRadar lacks automated response. With this feature, there's no need to visit VirusTotal or other sites for IP reputation. There should be a small plug-in where users can click to retrieve details about the reputation and organization of public IP."
"A lot of information that we receive for the devices is IP-based, but it would help if we could have a default dashboard in which we can add more details about the assets for which we are receiving the information. For example, if it is a Windows or Linux device, we only get the IP for that particular device. We don't really get the name and other details of that particular device. For that, you have to drill down into your own asset management system. It would be good to have a place where we can probably add this information so that we don't have to look into other tools."
"QRadar needs to be improved on the storage side, particularly when the disc exceeded the maximum threshold."
"The implementation and configuration are not easy."
"IBM QRadar User Behavior Analytics could improve machine learning use cases because they are limited and most of the use cases are rule-based. They should develop more use cases, such as in Securonix or Exabeam because they will detect a threat. Using machine learning is mainly on the correlation rules, but if you think about Exabeam or Securonix, they detect using machine learning or machine learning-based algorithms."
"QRadar needs to be more specialized, along the lines of what other SIEM solutions are."
"There is one problem with QRadar in regards to the add-on apps. The apps can be frustrating. For example, when I add a big app like one of the add-ons for resiliency, add-on applications for QRadar, these applications require different hardware to implement and to deploy. The resiliency connector because there's a considerable amount of data scanning, operates for these apps correctly."
"QRadar log integration of various applications can be a tough job at times. There may be occasions when you will not find any QRadar guide on adding logs of a particular application. Even if you come across one, adding a log process is not an easy one."
"I'd like to see more integration with more antivirus systems."
"An improved user interface along with multi-tenancy support would be beneficial."
"Splunk Enterprise Security has not helped reduce our alert volume."
"If you monitor too much, you can lose performance on your systems."
"I would like some additional AI capabilities to provide additional information about things going wrong and things going well."
"From the commercial point of view, they have to bring down their costs."
"If you have to do your own stuff, such as customized charts, it is a little bit more work, but once you're familiar with the Splunk query language, you can pretty much do whatever you want. In terms of features, it should probably have the features that other competitors provide."
"It takes time to train people."
"Paid or free does not matter, but it is complex to find good training material for vRealize Log Insight."
"The solution is a very good tool, but it has a lot of limitations. One of the main issues is around how you define your retention policy, for instance, in Log Insight. It doesn't have it. You can't define a log retention policy. You also can't define the destination or location for your logs. All of the logs are in one index or one bucket."
"I don't use the solution on a day to day basis, so I'm not sure what specifically can be improved."
"It's great for VMware, but it would be good if they had third-party logins."
"The solution should be more user-friendly. The user interface and dashboard could be simplified."
"Log Insight should be better at dealing with audits and security logs. We use another product called QRadar for that."
"The solution isn't user-friendly for admins."
"The tool is expensive."
More VMware Aria Operations for Logs Pricing and Cost Advice →
