We performed a comparison between IBM Security QRadar, USM Anywhere, and VMware Aria Operations for Logs based on real PeerSpot user reviews.
Find out what your peers are saying about Splunk, Wazuh, Datadog and others in Log Management."The features that I have found most valuable in QRadar are its data enrichment, use case creations, and adding references - those kinds of features are very good. Also QRadar's event filtration and device integration are perfect."
"It showed us where weaknesses were in our environment, so we could actively target those patches first."
"It is a very good SIEM."
"Most of our clients are interested in automation. The automation part is good because they are able to detect threats and vulnerabilities in real time. It's very fast."
"The monitoring and dashboards are great."
"Flexible and valuable product that is modular, so you can easily set up a roadmap for your clients."
"We run 65 servers globally with just two people: an engineering person and me."
"I have found IBM QRadar to be stable."
"We're using it more for reporting, that's all. We're using it to help our customers to pass any kind of audits that they receive."
"It provides a single pane of glass view, coupled with a whole security ecosystem. The ability to manage everything from a central point, including vulnerability assessments, asset management - including the services provided by the various hosts, NIDS, HIDS, etc. - provides a very efficient way of dealing with things."
"The solution has all the features that we need, however they do not work correctly."
"Asset discovery and vulnerability scanner are good features. The integration between this solution and OTX, which is an AlienVault platform for Open Threat Exchange, is also a valuable feature. It is also quick and easy to deploy, so you can quickly engage with a customer's environment."
"The new cloud-based panel is excellent both for client review as well as for our SOC to review and respond to threats. It is much easier to configure and use than the previous solution from AlienVault."
"AlienVault's reporting is good. I like that vulnerability assessment is part of the solution, and the UI is intuitive. Also, the overhead is low, which is to say we don't need a dedicated SOC team to manage and analyze things constantly. We're a small company that doesn't have those resources."
"Reports are customized, so you can present them to executives or engineers."
"Our main focus was intrusion detection, alerts, and correlation. It's easy to use AlienVault and integrate it with other alert tools because it includes lots of connectors. Either the tool is already there, or AlienVault will write an API for us if they don't have a connector for the solution that is providing the logs."
"We are using it because we have a VMware product. It has its own built in dashboards for VMware products, and that's a good thing."
"One of the most valuable features of vRealize Log Insight is that it gives you a clear forecast about your existing machines, for example, how long your machines could be supported and how long the remaining capacity is to host your machines. This is one of the best options available within vRealize Log Insight. Another valuable feature of the solution is automation. My company deploys a lot of automation when required in a very, very short period, and in a very uniform manner, and even if the automation is being deployed for different processes and departments, it's pretty much the same across the environment, so vRealize Log Insight helps reduce a lot of ambiguities and helps my company manage operational efficiencies well."
"The interface of the solution is good."
"The tool helps my company deal with security and log analysis, which are very important areas for us...It is a scalable solution."
"vRealize Log Insight has been running without any issues."
"Log Insight correlates with the VMware product log. It can assemble the logs you want, making it easier to find the output, incident, or keyword you want to search."
"The setup and installation are very easy."
"What I like is that you can have different storage locations for different applications."
"With IBM Security QRadar, my company faced issues with the support we received for the product."
"IBM QRadar has a margin for development, for out-of-the-box use cases. It can be enhanced with better support and automate the use cases for that."
"I have also been working with other SIEM solutions, and I have observed that they have extensive Linux-based and Unix-based integrations. They have been able to support some of the Linux-based agents, which is useful to investigate and process the information on the Linux and Unix side."
"The whole process for support is something that needs to be improved."
"The solution lacks vendor support."
"The dashboards are all legacy and old."
"The tool is very complicated. One place for improvement would be to have a more user-friendly interface. Having better support in Spanish would be cool."
"Pricing model could be more cost-effective."
"they seem to have bugs from time to time that go unfixed for a while and that is frustrating. I'm not saying the product needs to be bug-free, but they need to be responsive to bugs."
"The AT&T AlienVault USM is okay, but the relational database is not very good for large amounts of data. For example, many logs cannot be processed. It has been very slow for the queries and some data which are large, it is not very good in this case."
"The reporting is mediocre and is something that needs to be improved."
"Windows log collection works with HIDS, but documentation is sparse and confusing."
"The other thing is the agent is OSSEC. They needed to create its own agent to help to find threats on the devices that it happens to be installed."
"Support can be slow at times, but the quality is high. Posted knowledge base articles could use improvement."
"I want to see more compliance management capability. The quality of integrations seems to be a little bit low."
"AlienVault cannot automatically respond to threats like other SIEM solutions, such as Sentinel and LogRhythm. Most of our clients are far away, so it's often challenging to handle alerts when they come up on our dashboard."
"Log retention should have more options for user control."
"Integration with other vendors is something that could be improved, they could add more vendors."
"Log Insight should be better at dealing with audits and security logs. We use another product called QRadar for that."
"The solution is a very good tool, but it has a lot of limitations. One of the main issues is around how you define your retention policy, for instance, in Log Insight. It doesn't have it. You can't define a log retention policy. You also can't define the destination or location for your logs. All of the logs are in one index or one bucket."
"The dashboard needs to be improved because this is what I need to monitor my infrastructure."
"In vRealize login files, we have limitations regarding log partitions."
"The tool does not provide a centralized pane for monitoring."
"The monitoring landscape is getting bigger. When it comes to infrastructure monitoring, we need more visibility. VMware needs to integrate more related applications and third-party products. That would make it more appealing to an audience beyond the VMware team."
More VMware Aria Operations for Logs Pricing and Cost Advice →