We performed a comparison between IBM Security QRadar and ManageEngine Log360 based on real PeerSpot user reviews.
Find out in this report how the two Log Management solutions compare in terms of features, pricing, service and support, easy of deployment, and ROI."It is always correlating to IOCs for normal attacks, using Azure-related resources. For example, if any illegitimate IP starts unusual activity on our Azure firewall, then it automatically generates an alarm for us."
"The solution offers a lot of data on events. It helps us create specific detection strategies."
"The analytics has a lot of advantages because there are 300 default use cases for rules and we can modify them per our environment. We can create other rules as well. Analytics is a useful feature."
"The most valuable feature is the UEBA. It's very easy for a security operations analyst. It has a one-touch analysis where you can search for a particular entity, and you can get a complete overview of that entity or user."
"Sentinel's most important feature is the ability to centralize all the logs in one place. There's no need to search multiple systems for information."
"The in-built SOAR of Sentinel is valuable. Kusto Query Language is also valuable for the ease of writing queries and ease of getting insights from the logs. Schedule-based queries within Sentinel are also valuable. I found these three features most useful for my projects."
"We have no complaints about the features or functionality."
"Microsoft Sentinel comes preloaded with templates for teaching and analytics rules."
"We can easily monitor many things using this tool."
"The rule engine is very easy to use — very flexible."
"The monitoring and dashboards are great."
"It saves a lot of time. We integrate the customer's firewall with all their networking devices."
"Most of our clients are interested in automation. The automation part is good because they are able to detect threats and vulnerabilities in real time. It's very fast."
"The timeline and machine learning features are great."
"The feature that I have found most valuable is how it monitors the real network. That is its leading security feature."
"It has improved my efficiency."
"The most valuable features for us are the application logs monitoring and the dashboard, which provides a single-pane view of all the ongoing activities."
"The most valuable feature is that this solution is more secure than others, and there are more applications and features as well."
"The solution could be improved by including XDR, remediation and Sandbox."
"The deployment is quite simple and pretty straightforward."
"The Sharecon feature is the most valuable."
"The reports that you can run are really nice."
"It is easier to deploy than are other SIEMs, which is great. You can also get an overview of your environment, which is very handy."
"The reporting is great. Everything you need is in the report for you already."
"If Sentinel had a graphical user interface, it would be easier to use. I would also like it to be more customizable."
"If I see an alert and I want to drill down and get more details about the alert, it's not just one click. In other SIEM tools, you just have to click the IP address of the entity and they give you the complete picture. In Sentinel, you have to write queries or use saved queries to get details."
"It would be good to have some connectors for third-party SIEM solutions. Many customers are struggling with the integration of Azure Sentinel with their on-premise SIEM. Microsoft is changing the log structure many times a year, which can corrupt a custom integration. It would be good to have some connectors developed by Microsoft or supply vendors, but they are not providing such functionality or tools."
"It could have a better API to be able to automate many things more extensively and get more extensive data and more expensive deployment possibilities. It can gain some points on the automation part and the integration part. The API is very limited, and I would like to see it extended a bit more."
"Azure Sentinel will be directly competing with tools such as Splunk or Qradar. These are very established kinds of a product that have been around for the last seven, eight years or more."
"If their UI was a bit more streamlined and easy to find when I need it, then that would be a great improvement."
"Sometimes, it is hard for us to estimate the costs of Microsoft Sentinel."
"At the network level, there is a limitation in integrating some of the switches or routers with Microsoft Sentinel. Currently, SPAN traffic monitoring is not available in Microsoft Sentinel. I have heard that it is available in Defender for Identity, which is a different product. It would be good if LAN traffic monitoring or SPAN traffic monitoring is available in Microsoft Sentinel. It would add a lot of value. It is available in some of the competitor products in the market."
"They should provide more manual examples online so that I can learn it myself."
"The solution is clunky."
"Solution has too many menus that require going to two or three sub-monitors to enter the QRadar."
"They need to improve their threat intelligence feed and they need to improve their user behavior analytics modules."
"The released patch quality is poor. IBM should test those patches on their side, not on the client's side."
"The implementation and configuration are not easy."
"Integration could be better. They should make it easy to integrate with other solutions."
"The modularity could be improved."
"Most times log sheets are not assigned well."
"The solution needs to improve hub storage. It should integrate AI and ML capabilities."
"We can log in as a local user, and it's fine, but when we login with an Active Directory user, we cannot."
"It's difficult to find which conditions have been applied to a report because they are provided by default by ManageEngine. However, with other SIEMs if you want to create a report, they provide details, like which conditions are triggering certain reports. This needs to be there in ManageEngine. It would be good to know which parameter has been applied to the report that is updating the system."
"The solution lacks some features when compared to other products."
"The matter of the data retention needs to be addressed."
"It is not expensive compared to other solutions."
"It takes a little bit of time for Log360 to actually learn your environment."
IBM Security QRadar is ranked 6th in Log Management with 198 reviews while ManageEngine Log360 is ranked 27th in Log Management with 15 reviews. IBM Security QRadar is rated 8.0, while ManageEngine Log360 is rated 7.2. The top reviewer of IBM Security QRadar writes "A highly stable and scalable solution that provides good technical support". On the other hand, the top reviewer of ManageEngine Log360 writes "Facilitates incident backtracking and identifying the cause of incidents but insufficient intelligence-driven analysis to suppress unnecessary alerts". IBM Security QRadar is most compared with Splunk Enterprise Security, Wazuh, LogRhythm SIEM, Elastic Security and Sentinel, whereas ManageEngine Log360 is most compared with ManageEngine EventLog Analyzer, Wazuh, Splunk Enterprise Security, Fortinet FortiSIEM and SolarWinds Kiwi Syslog Server. See our IBM Security QRadar vs. ManageEngine Log360 report.
See our list of best Log Management vendors, best Security Information and Event Management (SIEM) vendors, and best User Entity Behavior Analytics (UEBA) vendors.
We monitor all Log Management reviews to prevent fraudulent reviews and keep review quality high. We do not post reviews by company employees or direct competitors. We validate each review for authenticity via cross-reference with LinkedIn, and personal follow-up with the reviewer when necessary.