We performed a comparison between IBM Security QRadar and Zabbix based on real PeerSpot user reviews.
Find out what your peers are saying about Splunk, Microsoft, Wazuh and others in Security Information and Event Management (SIEM)."The connectivity and analytics are great."
"Sentinel pricing is good"
"We have no complaints about the features or functionality."
"I like the KQL query. It simplifies getting data from the table and seeing the logs. All you need to know are the table names. It's quite easy to build use cases by using KQL."
"Sentinel is a Microsoft product, so they provide very robust use cases and analytic groups, which are very beneficial for the security team. I also like the ability to integrate data sources into the software for on-premise and cloud-based solutions."
"Sentinel has an intuitive, user-friendly way to visualize the data properly. It gives me a solid overview of all the logs. We get a more detailed view that I can't get from the other SIEM tools. It has some IP and URL-specific allow listing"
"It is easy to implement (turn on) - does need a skilled analyst to develop queries and playbooks."
"Sentinel also enables you to ingest data from your entire ecosystem and not just from the Microsoft ecosystem. It can receive data from third-party vendors' products such firewalls, network devices, and antivirus solutions. It's not only a Microsoft solution, it's for everything."
"Vulnerability data, network data and the like, are part of correlation and detection."
"The scalability is very good. It's not a problem."
"Log correlation is very useful for processing alerts. It serves to follow up alerts in real-time, building an entire workflow."
"Customer service is very good and very helpful."
"Stability-wise, I rate the solution a ten out of ten."
"The rule engine is very easy to use — very flexible."
"The features that I have found most valuable are that it is very stable, easy to get going, and easy to manage. It is also easy to review all incidents."
"Search capabilities are sufficient for most tasks."
"We use it to monitor and manage our servers."
"We are able to do problem determination on runaway processes."
"It can send messages to our ticketing system."
"I really enjoy network traffic triggers that allow us to check traffic threshold from ISP."
"The solution's design has recently changed and it is visually pleasing with more color, for example, there is blue, black, and white."
"The initial setup was very quick. The first time it was long because I didn't know it yet. I was only using Windows. The first time was very difficult because of the operating system."
"It meets my organizational needs. It's pretty easy to use."
"The most valuable feature is network traffic monitoring."
"The solution could be more user-friendly; some query languages are required to operate it."
"The AI capabilities must be improved."
"The product can be improved by reducing the cost to use AI machine learning."
"While I appreciate the UI itself and the vast amount of information available on the platform, I'm finding the overall user experience to be frustrating due to frequent disconnections and the requirement to repeatedly re-authenticate."
"They should just add more and more out-of-the-box connectors. It is quite a new product, and it has a lot of connectors, and even more would be good."
"I believe one of the challenges I encountered was the absence of live training sessions, even with the option to pay for them."
"There are certain delays. For example, if an alert has been rated on Microsoft Defender for Endpoint, it might take up to an hour for that alert to reach Sentinel. This should ideally take no more than one or two seconds."
"The solution could improve the playbooks."
"Needs better visualization options beyond the time series charts and a few other options that they have."
"In terms of what could be improved, I would say the script which we have to create for custom actions. QRadar needs to improve that feature. Additionally, QRadar has to provide the playbooks designing features."
"The interface is very old. IBM should remake it into a more modern interface."
"There is a lot of manual configuration required in order for the product to run smoothly, and I think that it could be made more automatic."
"The AI engine could be smarter."
"The AQL queries could be better."
"QRadar log integration of various applications can be a tough job at times. There may be occasions when you will not find any QRadar guide on adding logs of a particular application. Even if you come across one, adding a log process is not an easy one."
"I have noticed a few things while working on this. After the restart of the server, sometimes, the services misbehave, and you need to manually start or restart the service. I have seen that specifically with the Tomcat service. Sometimes, when you click on log sources, instead of opening the log source extension, it redirects you over the internet."
"The System Center Operations Manager can be improved."
"If Zabbix had a better dashboard then it would be nice."
"There are a lot of areas for improvement, specifically in the dashboards and reports functionalities."
"Zabbix technical support is sold separately."
"We would like to see the addition of automatic push functionality to this product. This would save time when monitoring our servers and networks as, at present, we have to manually install the Zabbix agent on any hardware to be monitored."
"We had some scalability issues with a large number of nodes."
"The dashboard and the graph section could be a little bit more professional."
"The user interface could be a bit better. They could update it a bit."
IBM Security QRadar is ranked 4th in Security Information and Event Management (SIEM) with 198 reviews while Zabbix is ranked 1st in Network Monitoring Software with 101 reviews. IBM Security QRadar is rated 8.0, while Zabbix is rated 8.2. The top reviewer of IBM Security QRadar writes "A highly stable and scalable solution that provides good technical support". On the other hand, the top reviewer of Zabbix writes "Allows any number of customizations but lacks functionality for finding root causes". IBM Security QRadar is most compared with Splunk Enterprise Security, Wazuh, LogRhythm SIEM, Elastic Security and Sentinel, whereas Zabbix is most compared with Centreon, Checkmk, SolarWinds NPM, Nagios Core and Nagios XI.
We monitor all Security Information and Event Management (SIEM) reviews to prevent fraudulent reviews and keep review quality high. We do not post reviews by company employees or direct competitors. We validate each review for authenticity via cross-reference with LinkedIn, and personal follow-up with the reviewer when necessary.