IT Central Station is now PeerSpot: Here's why
Buyer's Guide
Log Management
June 2022
Get our free report covering Elastic, Splunk, Graylog, and other competitors of Wazuh. Updated: June 2022.
608,713 professionals have used our research since 2012.

Read reviews of Wazuh alternatives and competitors

IT Solutions Product Manager at SMTSTECH
Real User
It is very easy to install and configure, but after restarting the server, you need to manually start some of the services
Pros and Cons
  • "What I like the most about it is that you can very easily install and configure it. As compared to other SIEM solutions, for which you need to know and do a lot more to prepare your SIEM environment, QRadar is much simpler to install and configure. There are various options in the Admin console. In the Admin tab, you can design dashboards and view various graphs. It has a lot of attractive features, and you don't need to configure everything on your own."
  • "I have noticed a few things while working on this. After the restart of the server, sometimes, the services misbehave, and you need to manually start or restart the service. I have seen that specifically with the Tomcat service. Sometimes, when you click on log sources, instead of opening the log source extension, it redirects you over the internet."

What is our primary use case?

I am a Product Manager. I am managing the inventory and the logs. For R&D purposes, we downloaded various SIEM solutions from the internet to analyze their performance, and QRadar was one of them. I downloaded the Community Edition of QRadar to check its capabilities and see how to integrate various log sources in our network. It is in my lab, and I have tested it with a few hardware devices and a few computers and servers.

What is most valuable?

What I like the most about it is that you can very easily install and configure it. As compared to other SIEM solutions, for which you need to know and do a lot more to prepare your SIEM environment, QRadar is much simpler to install and configure. There are various options in the Admin console. In the Admin tab, you can design dashboards and view various graphs. It has a lot of attractive features, and you don't need to configure everything on your own.

What needs improvement?

I have noticed a few things while working on this. After the restart of the server, sometimes, the services misbehave, and you need to manually start or restart the service. I have seen that specifically with the Tomcat service. 

Sometimes, when you click on log sources, instead of opening the log source extension, it redirects you over the internet. 

There are two types of dashboards in QRadar. One is the conventional or old one, and the other one is Pulse. The Pulse dashboard is better, but we would like to have more options in the dashboard.

Additionally, if possible, there should be a single product for SIEM and SOAR. Instead of having QRadar and Resilient separately, there should be a combined solution to benefit from both. Furthermore, there should be a built-in mechanism to configure it in the cluster mode and high availability mode.

For how long have I used the solution?

I tested this product in the last two, three months. It is not implemented in our company.

How was the initial setup?

Its installation is very simple. You can install it and configure it very easily.

Which other solutions did I evaluate?

We are looking at implementing a SIEM solution, and currently, we're comparing various commercial and open-source SIEM solutions. We have tested Wazuh, which is an open-source SIEM solution, but we have not finalized anything.

What other advice do I have?

I would rate it a seven out of 10. It is good, but when a product doesn't behave in a good manner, it creates confusion. Its behavior isn't consistent.

Disclosure: I am a real user, and this review is based on my own experience and opinions.
Flag as inappropriate
Chief Operating Officer / SR. Project Manager at SCS
Real User
Top 5
A flexible, cost-effective, and reliable solution
Pros and Cons
  • "One of the most valuable features of this solution is that it is more flexible than AlienVault."
  • "It is difficult to anticipate and understand the space utilization, so more clarity there would be great."

What is our primary use case?

We use it as a SIEM for monitoring a client's environment.

What is most valuable?

One of the most valuable features of this solution is that it is more flexible than AlienVault. 

What needs improvement?

It is difficult to anticipate and understand the space utilization, so more clarity there would be great.

For how long have I used the solution?

My company has been using this solution for two years.

What do I think about the stability of the solution?

It is a very stable solution.

What do I think about the scalability of the solution?

The solution is very scalable.

How are customer service and support?

The technical support is adequate.

How would you rate customer service and support?

Neutral

Which solution did I use previously and why did I switch?

We currently use AlienVault for some clients and Elastic Security for others. We chose Elastic Security because we felt it was the most flexible, cost-effective solution to provide the results needed.

How was the initial setup?

In certain respects, the setup of this solution is more straightforward than other solutions, but in other respects, it's more complex because it needs more fine-tuning than Splunk or AlienVault.

What about the implementation team?

We implemented through an in-house team and it took about two months.

What's my experience with pricing, setup cost, and licensing?

The licensing cost depends on the size of the environment it's monitoring. Everything is based on volume, as with all SIEMs. When compared to other products, the price is average or on the low side.

Which other solutions did I evaluate?

We evaluated several options, including Monster SIEM, Splunk, and Wazuh.

What other advice do I have?

There's a lot of fine-tuning involved with this solution. When you go to a diner, and the menu has everything on it, and you can't figure out which part to look at first, it's a double-edged sword. You can do everything with this solution, which means you have to figure out which part of "everything" makes sense for your company to do.

I would rate this solution as an eight out of ten. It's a good value for money and a  reliable solution, but it's heavily reliant on appropriate configuration.

Disclosure: I am a real user, and this review is based on my own experience and opinions.
Flag as inappropriate
Buyer's Guide
Log Management
June 2022
Get our free report covering Elastic, Splunk, Graylog, and other competitors of Wazuh. Updated: June 2022.
608,713 professionals have used our research since 2012.