The use cases are daily monitoring, asset management, asset monitoring, asset health status monitoring, and alert monitoring. That is the current use case of what SIEM is being used for.

Most of the use cases are based on MITRE ATT&CK, such as phishing email, DDoS attack, privilege escalation, all MITRE ATT&CKs with scanning the environments, using suspicious activity internal to our network. We have thousands of use cases covering different domains at network levels.

We have use cases covering security controls and firewalls. We also have use cases that cover Active Directory, server events, and Citrix. Because we are working in a telecom company, we are covering 5G and 4G logs.

I was a SIEM administrator using IBM Security QRadar for ingesting log sources from all over the digital infrastructure of the organization I worked for. After ingesting logs from all servers and applications, I used the use case manager and offenses.

I managed and handled several incidents in IBM Security QRadar by creating many rules. I created a rule for Dark Web communication from the internal network of the organization. Based on that, I created a rule named Anonymous Tor Connection in which I called the reference set from the reference set type that I created for blacklisted IPs of Tor nodes and called it in the rules. If any of those IPs were detected as the destination IP from an internal network source IP, the alerts would trigger.

I created brute-force attack rules based on Windows Event IDs and created more rules for failed login attempts and audit success.

We use IBM Security QRadar to monitor, and it's our main source of information. It's our main SIEM platform for our SOC, and we've collected everything on that platform.

We don't use IBM Security QRadar's Risk Manager; mainly, it was our main tool to collect information and conduct some analytics on logs and events. That's the primary use case we've been utilizing.

In IBM Security QRadar, I used to work for a company that wanted to implement AI, generative AI, to help financials and banks improve their process of software development, including testing for their tools and all the releases they are doing for the improvements of the applications of software on the cloud.

I use IBM Security QRadar to collect logs, analyze them, and share details. When I began investigating incidents and working with the SOC team, I was using IBM Security QRadar.

For incident investigating, IBM Security QRadar is used for logs and management. We get all the traffic from there, which gets logged in our system, and then we investigate it.

IBM Security QRadar is primarily used for orchestration, automation, and incident response in my environment.

I use IBM Security QRadar for automation and incident response through a phishing mail playbook, where an employee sends a malicious phishing email to the SOAR inbox, and SOAR automatically generates an incident based on that email. After the incident is generated, we have created an advanced playbook that analyzes and scans the incident artifacts, extracting malicious elements in the notes. Following the identification of malicious content, another playbook sends an email notification about the findings and integrates with firewalls to automatically block the IOCs identified in the email. This is one of several playbooks we have developed.

Regarding my main use case for IBM Security QRadar, I have used most of IBM Security QRadar by integrating it with IBM Security QRadar SIEM, consolidating many IBM Security QRadar SIEM alerts in IBM Security QRadar SOAR. We have created incident types for each IBM Security QRadar alert and handle each incident carefully in IBM Security QRadar SOAR, automating incidents at an advanced level, including the use of a custom SOAR SDK to develop a custom SOAR application to meet client requirements. We have leveraged the potential of IBM Security QRadar SOAR.

I use it daily because it's shared as a log alert, and we have a security operations center. Every now and then, and almost every day, there are some alerts. I utilize it every day, twenty-four by seven, as you can see.

My main use case for IBM Security QRadar is its good features which create an offense or trigger an offense. This offense has a description and contains many events with sensitive or helpful information about the offense. My daily activity as a SOC analyst L1 is to ensure if the offense is legitimate, if it is truly a suspicious or malicious offense, or a false positive. After that, I create a ticket to close it and determine if it is suspicious or not. If I need to conduct more investigation and delegate the ticket further, I escalate it to SOC L2 or the SOC Manager to take additional activities or conduct more investigation about it.

I have experience with Centimeters solutions, one of which is Microsoft Sentinel. I often confuse the names, but I mean Sentinel. I also have experience with QRadar. In the past, I worked with Elasticsearch. I have generally configured some integrations, for example, between QRadar and other production environments for sending custom logs, though not all of them. I have been doing this for about two to three years. Usually, devices do not send CF in syslog or CS format logs, so we often troubleshoot on a Vural collector. Sometimes a device does not send the packet to a local collector, and we troubleshoot from the local collector's side. My colleagues and I generally use this management for production. I have integrated some network and security devices to send logs. In Turkey, there are regulations by the government that require collecting Internet traffic from VDS users. We need encryption on each log on QRadar. I focus on setting up this configuration. Our customers use Cisco StealthWatch, formerly known as NDR solutions, and we integrated these logs with QRadar and StealthWatch because we prefer not using all of them on NDR solutions. We send specific logs from StealthWatch. This integration is basic, not advanced, though there are some easy API integrations for communication between devices.

I have worked on several use cases, including creating custom ones. QRadar also provides built-in use cases.

I am using QRadar, like standard centimeters, for security monitoring for information systems.

We use IBM Security QRadar for storage. These tools are setting high tools on the usage of the logs from multiple devices. It manages millions of logs from multiple devices, such as firewalls, routers, switches, etc. The solution is stable and has better support than LogRhythm. It doesn't have multiple components or servers, troubleshooting, or remote servers. It is based on a CentOS platform, and implementation is difficult.

Basically, it is a product that serves as an SIEM solution, and its main competitor is Splunk. Splunk and IBM are lookalike tools. IBM Security QRadar hosts a panel where you can feed just about anything you can think of in terms of electronics as it relates to security, along with other elements of infrastructure. The tool provides notification of events.

I’m working with the on-prem version of IBM Security QRadar. We initially deployed it with the help of IBM’s professional services for a client, but now we handle deployments ourselves. The process is quite straightforward for us because we gained knowledge from our first implementation and used the available documentation. Deployment takes a couple of hours the first time, including configuration and integration with third-party devices. I usually work with a colleague, so two people handle the deployment. Our environment is well-suited for this, and we’re using it on a virtual appliance. The experience has been smooth and efficient.

We are promoting QRadar to various financial institutions, including banks and microfinances, as a superior option compared to other vendors like Fortinet. While some institutions are using other solutions, we are encouraging them to switch to QRadar for better security.

The product is a threat detection and response solution. It is useful for consultants or security analysts. It is an incident management tool.

As a security professional, I rely on IBM Security QRadar for a variety of use cases tailored to our security needs. With over 200 implemented, these range from real-time threat detection and incident response to compliance reporting and user behavior analytics.

I've got use cases where we monitor positive controls wherein something doesn't allow something to happen. It alarms when somebody changes the control.

We use the product to customize rules and detect malicious behavior. 

We utilize the product for our Security Operations Center operations. Additionally, we extend its use to our customers, employing it for tasks such as threat hunting, investigation, and triage analysis.

The UBA component is something that is there. However, it's something that honestly hasn't been leveraged as much. It's probably not a UBA feature like the ones we’ve used in the past. In any case, the UBA feature is there. You can look at the users and look at any risky activity or use cases. I tend to look at it. However, it's not my main source in terms of leveraging it as a UBA.

We analyze all our authentication traffic in QRadar UBA using the solution's AI module to detect and understand uncommon authentication patterns. There is also the rule logic, but we don't use that much. Instead, we mostly rely on AI to do that. In that respect, I wouldn't say we are using the product to the fullest extent because we only have the AI and what the CM is providing. We have a suite of security products, and QRadar UBA is only one source of information that we rely on.

QRadar UBA collects information on 16,000 employees in the company, including when they log in and out or when they launch applications. We have a team of 10 security analysts who go into the solution to check the alarms. IBM has set the solution up so that we only need to react to the alarms. The UBA will flag it if someone does something weird, and our security team will investigate the anomaly to see if that was valid or malicious. 

We are currently on QRoC — short for QRadar for Cloud — so it's the latest and greatest solution. It was originally on a private cloud, but we moved to the public cloud three years ago.

Currently, our main use case for IBM QRadar User Behavior Analytics revolves around investigating user activity: specific user activity which we find suspicious. We don't monitor the dashboard of IBM QRadar User Behavior Analytics actively, but whenever we have an alert from other tools, we use it to check whether the user has triggered rules in our SIEM, whether the risk score is high, and other suspicious behaviors we can track.

We use QRadar to collect logs and monitor user activity and traffic from one network to another. The SOC team is in a room watching the logs from the tool live most of the time. 

QRadar monitors all internet activity and the output of every device configured to send a log. All traffic from various networking devices passes through the QRadar servers, and we can view it live.

We have two data centers, and QRadar is deployed in one. It comes with two physical appliances to allow failover capability. There's a management interface that binds them together, and we set up an interface for each device connected to the network that sends a log.  

I use IBM Security QRadar in my company as it provides features like SIEM, SOAR, and QNI.

I use IBM Security QRadar in my company for authentication of users and to block the access of a user to the internet. In my company, we have only used the basic version of the solution, and currently, we don't have a license for the product since we didn't renew it. The basic version of the solution fits my company's basic requirements.

Our primary use case is in the banking industry in two banks here in Egypt. We generally are monitoring the user behavior of the employees, For example, working after working hours, and signing into the machines after working hours.

The primary use case of this solution is to help customize the workflows and dashboards for our clients in a secure manner.

Our company includes 20 senior engineers and analysts who use the solution to detect viruses on Windows servers and critical assets.

We also track user activity such as connections during travel. 

We have many use cases and playbooks in our portfolio. 

We use the blocking mode and spam mode for the IPS - XGS 5000 series and use of QRadar as a SIEM Solution for logging and monitoring network security, security analysis, and monitoring for network-related attacks. 

The playbook is defined with identified use cases. IPS acted as an inline to the firewall. It helped to track and sniff the packet and match the details. It helped to reduce the insider and outsider attacks. The traffic is analyzed and helped users to know the patters and access level in the network and resource being used.

Currently, we are using only Amazon Web Services for monitoring. We have CloudTrail, GuardDuty, Avast, and some Kubernetes security we have installed on Amazon AWS. By getting these logs, we have created the uses for these components.

We are a product-based organization. We use this solution for a shared SOC service and security audits and compliance.

My use case for IBM QRadar User Behavior Analytics is to consolidate all the logs and events from a different tool so that I can see the alerts from that other tool on the dashboard.

My company connects the Windows event logs to the Xfinity router deployed on the main server, but I have to make some configurations to detect activities.

My team is working on reinforcing IBM QRadar User Behavior Analytics features since the solution has not been used for a while because there's a new generation of engineers in my company. My team has to reconfigure almost every screen, including IBM QRadar User Behavior Analytics.

Our primary use case for the solution is providing visibility for what occurs in our security system and IT assets. So all our event logs and information from a setting and criticality level go there. Additionally, there's AI used to trigger alerts when things are going bad, and then we can action them.

We are using it for visibility and compliance.

We are mainly using predefined rules on IBM QRadar User Behavior Analytics

Our primary use case is logging for any anomalous traffic in terms of access times and deviations when users are in different groups within the AD. When a user deviates from their functionality, it's flagged in the UBA and for VPN traffic. I also use it for geolocation functionality. We are partners of IBM and I'm a system engineer. 

I'm an administrator. I have been leading the security operation center for the past four years. I have more than 12 members or SOC analysts for our 24/7 operations. I have been pitching the solutions to multiple customers, and I have also designed, implemented, and administered customer projects and completed them at the specified timeline.

We have many use cases. The most common use cases are related to insights into any threats from the inside and outside. I have also configured X-Force with QRadar, and we are getting all the feeds showing malware-based IPs, etc. I also have designed some anomaly-based rules in case anyone has logged in from outside Pakistan. Most of the rules are custom-based.

I am a Product Manager. I am managing the inventory and the logs. For R&D purposes, we downloaded various SIEM solutions from the internet to analyze their performance, and QRadar was one of them. I downloaded the Community Edition of QRadar to check its capabilities and see how to integrate various log sources in our network. It is in my lab, and I have tested it with a few hardware devices and a few computers and servers.

We are using mixed solutions. We are currently working with IBM solutions and Azure system services. We are using two SIEM solutions: Azure Sentinel and QRadar. Azure Sentinel is covering our cloud-based solutions, and QRadar is covering our on-premise solutions.

QRadar is our SIEM solution. Our use cases include authentication between logins, database security, monitoring, and user behavior analytics.

We are users and implementers of this solution. 

I was initially a reseller before selling the solution from within IBM. I'm currently a freelance security sales consultant. 

We're a customer, partner, or reseller. We use QRadar on our own internal SOC. We are also a reseller of QRadar for some of the projects. So, we sell QRadar to customers, and we're also a partner because we have different models. We roll the product out to a customer as part of our service where we own it, but the customer is paying. We also do a full deployment that a customer owns. So, we are actually fulfilling all three roles.

The solution is primarily used for threat detection and response. QRadar can be integrated with other services from IBM such as Watson, among others. The main need is for threat detection, incident response, and dealing with threats or hunting threats. 

What else? I mean, it's always you're looking for threats. Usually, whoever buys this SIM solution or buys QRadar, for example, is looking for hidden threats and they get the logs to see what's happening within their system. They want a solution that looks very deep inside in order to correlate those logs and see if there's any information that they can get out of those logs or even live packets that are spanning through their networks. Therefore, it's usually threat hunting. That's the main thing, Others might use it to understand the system, and how it's performing overall.  However, that's the lesser use case.

We use the solution for network behavior and log analytics. We wish to procure one for behavior analytics.

I am not certain which version we are using. 

There is a need for a behavior analytics solution in the environment. We use the solution to highlight unusual traffic for a single particular link or even single particular user traffic. 

There are many use cases for this solution. One example is we are using this solution to monitor user site access to band sites. 

We make some special demos that we sell to our customers. We work as a technical support L1/L2 for our customers in these cases as well.

The solution allows organizations to check people who work from home or in the office. It can help a company understand who is connected from home. 

Sometimes people give a login and password to colleagues. The security can see the situation when someone logs in locally, and they can see a remote connection. They can see this is from the login and password. They'd be able to tell if something was shared and could dig deep to figure out if it is a breach or if it is something that has been properly shared. 

We mostly use the product for PCI compliance.

We provide cloud services to the users, and we have our own cloud setup over here. The major use case is when clients require the SOC to be set up.

Setting up the SOC itself is a huge investment. A customer has to invest a lot to build up the whole SOC environment, so, rather than the customer investing in the SOC environment and building up the SOC, we provide it as a service. Customers don't need to do any up-front investment. They use our service. We manage their security tools and security environment as per the compliance guidelines that come from the Indian government. We follow all those practices, and we help them procure more for their network and infrastructure.

I am a system integrator. We have installed it on-premises, on the cloud, in distributed environments, and all other environments for our clients.

It is used to dive deep into threat analysis. It is a SIEM solution that can be hooked up with some of the endpoint security or threat discovery solutions such as Forescout, Qualys, Sophos, and MDM. After the endpoint security or threat discovery solution discovers the threat, QRadar takes it further from that point onwards and allows you to go deep into the threat analysis. It has a lot of integrations, such as with CMDB, and it can do the asset classification. It can also tell the CVSS score. These are the capabilities or use cases. 

We use the solution for a variety of tasks. We use it, for example, for authentication, network-related authentication, user-related tasks, and Windows UNIX servers. It's a lot. There's a ton of use cases. I really can't sync right now about every single use case, however, the main things are authentication and network-related systems and all flavors of UNIX Windows. 

We use this solution for deploying and integrating log sources and use cases.

We use it to generate offensives based on normal behavior and suspicious behavior from our security tools, firewalls, and other solutions.

We have applied a set of old and new rules to QRAdar that aim to detect persistent abnormalities in our environments.

Within our organization, our security operations center and users from our local security team — roughly 10 to 12 users — use QRadar. We plan to expand to other areas of the company so that other people can use QRadar for different use cases. But right now only the security teams use it.

The tool helps with infrastructure, application, and network monitoring. 

Our clients who are implementing or trying to implement a Security Operations Center use the IBM QRadar SIEM solution. This solution helps automate incident processing and provides visibility into the incident management process.

We are implementors and implement this solution for our clients, who use it for analytics. 

We are using IBM QRadar for log reviews, particularly logs that come and go from the IPS, firewall, etc.

We have different dashboards for different technologies such as our firewall, IPS, and domains for our main website, so we use IBM QRadar to observe the logs from our website, and we try to make internal and external connections for better domain security.

First, I used the manual to learn, then I tried to merge it with my company's needs, and there weren't any problems.

IBM QRadar Advisor with Watson is aligned with regards to what's happening in the public space in terms of the Phishing attacks that we are seeing prevalent in the market. In the campaigns that which hackers are trying to obtain information, the use cases are very practical. The solution offers quite a bit of protection.  

I am an integrator of this solution, my customers use this as a SIEM solution for log management.

IBM QRadar User Behavior Analytics has a dedicated application for user behavior analytics and must be installed separately on an application server. It is valuable if you created the setup for the use cases. It needs additional customization to have a good value. You will have to point the solution to the suitable data sources that will feed the user analytics in a good manner. You will have good user behavior analytics, based on the created use cases.

The use cases that are widely used across the globe are related to ransomware phishing, lateral movement, et cetera.

We are a solution provider and QRadar is one of the products that we implement for our customers.

The majority of our clients for IBM products are financial institutions. By law, to be compliant, they are only allowed to run the current version of any solutions that have been procured. Specifically for our area, all of the financial institutions such as banks are mandated to use the latest version.

The use cases include the logging and reporting of servers. These are typically operations servers and critical servers. You can also use it to monitor network devices such as switches, routers, and firewalls.

Endpoints are not included for most of the clients.

I deploy the IBM QRadar for many organizations, and I've been performing analyses for those organizations as well.

These organizations use the tool for monitoring of their environment. It's a basic SIEM product. So we just log each and every data source, perform an analysis, and create rules. We also create advanced use cases to cater the advanced threat(s).

IBM QRadar is used to help our customers collect information. It collects the information from other tools on the firewall, network devices, cyber tools with both Carbon Black, Cortex, Cynet, and Darktrace.

We primarily use QRadar for monitoring and preparing use cases. 

This solution is deployed on-prem. 

We use IBM QRadar for user behavior analytics and incident handling.

I use IBM QRadar for user behavior analytics, and mostly incident handling.

The main tool for this operation center for collectings events from different devices, whatever server or network devices, such as switches and routers. It handles anything related to data that can be harmful related to security. Those events can be mapped to promote the threat, it creates another event for promoted threats.

We are a service provider and we provide services to our customers. We use IBM QRadar for many types of businesses, such as banks and telecom. It has a good reputation.

We use this solution both in our company and those of our clients. We are resellers of QRadar. 

This is a solution you use when you have many security products that you want to manage in one monitor, one analytic. We are partners with IBM and provide implementation services to our customers. I'm a solution security architect.

I use QRadar for cybersecurity defense, operation, and to improve performances.

Our primary use case is for monitoring global infrastructure.

We primarily use the solution for breach management. We use it for identifying rogue IPs and picking up anomalies in terms of the network traffic coming in. We've seen a year of use cases in terms of breach management and incident management. We find IBM QRadar quite relevant in terms of protecting against potential malicious traffic coming into your organization. 

Obviously, it is evolved, and where we're utilizing IBM QRadar is to do other analytical capabilities, which include identity and access management. We've got a unique way where we use the platform to generate a view of all your identities and access that is granted within your environment and so forth. We are able to map that using IBM QRadar, which is not a use case that is normally thought about, however, we found from an analytical point of view, this is what we can do because we get all the information we need here.

We are using IBM QRadar for threat protection and management.

We use IBM QRadar to monitor security logs across the network.

We use IBM QRadar for threat protection.

We have a POC environment but have not onboard it to any of our clients.

We are using the current version.

This product helps to build a strong architecture, which is important to avoid problems.

We are service providers, and we are always exploring tools to accompany existing tools. I am always searching for the best products to meet my clients' requirements. I always look to understand the technology first, learn what benefits we can get from the product, how competitive is it with other tools such as DarkTrace, and Palo Alto.

We are working with this solution, but it is being managed by another vendor.

We are service providers. We are providing SOC service and MSSP services for our clients. 

We are working on various products, not one specific product. We can provide services for any product, in fact, any security solution.

This a Security Information and Event Management (SIEM) solution and we use it for many purposes.

We use this solution for advanced threat detection, insider threat monitoring, risk and vulnerability management, and unauthorized traffic detection regarding our network. We can monitor and detect web attacks with it as well. 

Within our organization, there are roughly 2,000 to 3,000 employees using this solution. As of now, we don't have any plans to increase our usage of IBM QRadar.

Depending on the organization's needs the solution can monitor different types of security through logs.

We are a service provider and we are providing the solution as a managed service for multitenancy security.

I am currently working in the Brazilian operation of my company. I have a project in the airline industry in Brazil. This project improves the correlation of logs. There is another company I ticket to improve the solution, they have chosen to correlate the logs. We have SOC, Security Operation Center in Brazil, with 53 employees. We developed all these solutions in Brazil and it is in operation in 34 countries. 

We are using QRadar as a managed service.

We primarily use the solution for log collection and security incidents as well as event management.

IBM QRadar is a FIM component within the security operation center we were deploying in the customer environment. We are managing their cyber defense capability.

We used this product as a SIEM, for information security.

We primarily use the solution for some compliance, including military compliance such as PCIDSL, ISO 27001, and ISO 27002, and then some other specifications around them. There are also some industries that need to analyze the log and events, and then build and create some rules to put forward.

The primary use case of this solution is for monitoring an enterprise data center, globally for 12,000 devices.

We primarily use the solution to develop software, for some device controllers.

We have a lot of use cases with IBM QRadar, but our primary use is for monitoring traffic and detecting tricks.

We use QRadar to detect and gather information about any product vulnerabilities and any sort of attack on the network. It's able to help detect suspicious activity that is coming into the system.

We are also selling this product.

We are using it from the compliance perspective. We need this solution to comply with HIPAA and PCI because our clients require HIPAA and PCI DSS compliance. We also use it for log management, primarily security logs, and to some extent, for operational activities, even though this tool is actually not meant for operational tasks. We do keep track of errors in our appliances like hardware, storage, and network switches through QRadar.

The main or core solution is on-premises. There is an extended arm, which is in the cloud as well for cloud integration.

The primary use case of this solution is for monitoring the network.

We are a system integrator and IBM QRadar is one of the security and monitoring products that we implement for our clients. It is used for monitoring applications such as Windows virtual desktop access (VDA) and computer-managed instruction (CMI).

We do not implement this tool ourselves but have experience implementing it for our clients. There are several use cases. The two most important ones are network analysis and UBA.

This is a security monitoring product and the primary use case is to detect strange behavior by users. For example, if we have a user that has not used the service for a long time and then all of a sudden, somebody logs in one night. This is not normal and the system will detect it. This is just one example of many use cases.

User Behavior Analytics is a part of IBM QRadar. It's a kind of application that can be installed over IBM QRadar SIEM. The primary use case is to detect user behavior anomalies, and through these anomalies, detect and better understand different threats and attacks.

Find the malicious activity via filter, don't rely on the rules which trigger the offenses and fix the suspicious activities.

Our primary use case with IBM QRadar User Behavior Analytics is seeing if there are log-ins from the same ID's but from different locations, this is one use case. Or if MAC addresses keep changing, this is another use case. Lastly, if the risk level is high, like with different IP's. These are the three use cases we have.

The first thing that we implemented for user behavior was to find out whether somebody is logging in at odd hours. It studies user behavior.

We use IBM QRadar for monitoring user behavior in order to baseline the user activity. Then we print use cases around those behaviors to see if anything stands out. We can then see if something is going wrong in the enrollment from a user activity point of view.

Some of these products can be used in any vertical like healthcare, manufacturing, and vehicle. You can use these products in all types of verticals. But I found that there is a limitation in central verticals. These products do not do well in central verticals.

Our primary use case is intrusion prevention and detection. We also use this solution for compliance and assisting in network troubleshooting for IT.

We are a telecom company, and we use it for IT systems, for telecom systems and on various different levels of applications. We use it for web servers, routers, firewalls, and other security components. Our SIEM solution serves technical and non technical business units including customer care, engineering, revenue assurance, and anti fraud. 

We use this solution for log correlation and alerting.

The primary use of the solution in our deployment was for threat detection. 

We are a cybersecurity service provider, and I manage the QRadar service for my customers.

Our primary use for this solution is to collect and correlate our logs. We also create appropriate alarms based on the contents of the logs.

We are a partner and provide this solution to our customers.

We don't have a business relationship with IBM QRadar, our relationship is a customer relationship. We use IBM QRadar as our primary security solution.

We are a reseller of this solution. We have numerous uses cases all dependant on the needs of our customers.

I'm the technical consultant here at ActivEdge Technologies. Our primary use case for this solution is for Security Intelligence and Event Monitoring (SIEM) p. We provide protection services models for an organization's networks through a sophisticated technology which permits a proactive security posture. We have a business relationship with IBM QRadar as well as being a partner. We are a partner and we also use this feature. It's an integrated solution. We design it to be compatible with our client's network devices to maintain real-time monitoring through a centralized console. Our clients rely on us to create value.

Our primary use case for this solution is compliance. 

Our primary use case for this solution for the management of our security services, and our NOC (Network Operations Center) services.

We are partners with IBM. We do simulations for our clients. Then we resolve the issue that they're facing using IBM QRadar.

We are using it for SIEM, for Security Information and Event Management. We're gathering the logs and doing analytics on how we are going to react to security incidents.

Our primary use case is to get logs mainly from firewalls, although you can also get logs from anything that can forward syslogs. We use it to sort events.

The primary use case is for insurance and product manufacturing. We use it to create rules and Windows firewalls.

Our primary use case is for the security. We use it to make sure that the data that is being transferred from one company to the other is being done securely. 

Our primary use case if for security analytics. We do investigation and security analytics, so we collect events and after collecting events we give positive security analytics to clients.

We use it to detect security incidents.

Our primary use case of this solution is to identify threats. 

I use it to analyze incidents. 

It is a requirement for all of the banks to have a security solution in Pakistan. That is the reason most of the banks are using it. In the last one and a half years, Pakistani companies are taking security very seriously, so for that reason, they evaluate these solutions. All in all, it's a good solution. 

Our primary use case of this solution is for our customer's operations. 

The primary use case for us is the plug and play implementation and it is pretty easy to set it up, and scale up the SIEM. It has a kind of a functionality to it. 

My primary use case is for security monitoring. We activated freeze, proxy and firewalls and we collect data from them. We receive alerts and customize that according to our customer environments.

My primary use case for this solution is to monitor security events in our cloud environment.

It is under a non-disclosure agreement (NDA).

• CRM and billing system
• 100 multiple technology servers: Windows AD, Linux, HP-UX, etc.
• 40 firewall multiple routers 
• Cisco Nexus switches

Its primary use case is for people who want to manage all of their logs with analytics and correlate that between different security devices whose logs are related. 

This solution is performing well.

In recent years, our focus has been the third-party integrations. Like most companies, we have several security products. (I hope most other companies are not relying on a single product). The challenge with a SIEM is taking the data produced by a log source and presenting it in a readable manner for technical and non-technical staff. That can be done with custom-built reports or in dashboards. With the IBM Security App Exchange you add a new extension (i.e. download from the App Exchange site) and configure it.

• Origination process in banks.
• Insurance claims on insurance companies.
  

SIEM solutions must be business driven. Utilizing a SIEM solution depends on your enterprise goals, from meeting compliance requirements to implementing security controls and identifying the absence of controls. A SIEM solution can also be used to improve your business and increase your sales. With QRadar, you can do all these, even if you are not a security expert. It comes with a set of default rules which makes your life easier, from ransomware attacks to DDoS attacks. Everything can be detected if your logs are properly integrated into QRadar. 

It gets better with extensions and other rules you install from the IBM Security App Exchange, where you can detect malicious website access (with the intent of ransomware), P2P activity, or someone spamming everything. You can be notified, then you can run scripts to make QRadar take an action. 

I am a security analyst working with QRadar.

I used the IBM QRadar product from 2015 until 2017.

My use case is the deployment of an X-Force successful connection with a botnet and malware website. An X-Force feed is free with QRadar.

I have been using the product for three years now. I used it for six month at an internship to PoC some different SIEM and for two and a half years as an administrator. Now, I am using it as an architect.

We work with it in the banking sector. We had torrent limitations and big banks could join them. It has performed well. However, the limitation is not easy, so the product is not easy.

You cannot get the real value of the product unless you combine it with the other products from IBM, like BigFix, the full integration of Vulnerability Management, and so on. 

We used QRadar SIEM over Juniper Secure Analytics platform. 

The company profile is telecom. The infrastructure has a large geographical spread.

As a PS consultant on projects where the customer is transitioning from a competitor's SIEM to QRadar, they are very pleased when they see the number of quality offenses being caught soon after implementation and integration of log sources just from the out-of-the box rules enabled by default.

• Users' behavior analytics
• Monitor leakage for data
• Payment card industry compliance
• Integration with end points management system
• Integration with Incident Response and Ticketing System

IBM QRadar is typically deployed in a SOC environment for security monitoring. It is used for log and packet capturing. It has some supporting technology, such as data leakage prevention and data encryption.