We performed a comparison between IBM Security QRadar and Sentinel based on real PeerSpot user reviews.
Find out in this report how the two Security Information and Event Management (SIEM) solutions compare in terms of features, pricing, service and support, easy of deployment, and ROI."The in-built SOAR of Sentinel is valuable. Kusto Query Language is also valuable for the ease of writing queries and ease of getting insights from the logs. Schedule-based queries within Sentinel are also valuable. I found these three features most useful for my projects."
"Sentinel has features that have helped improve our security poster. It helped us in going ahead and identifying the gaps via analysis and focusing on the key elements."
"The best feature is that onboarding to the SIM solution is quite easy. If you are using cloud-based solutions, it's just a few clicks to migrate it."
"The Log analytics are useful."
"Microsoft Sentinel comes preloaded with templates for teaching and analytics rules."
"The most valuable features in my experience are the UEBA, LDAP, the threat scheduler, and integration with third-party straight perform like the MISP."
"We are able to deploy within half an hour and we only require one person to complete the implementation."
"We’ve got process improvement that's happened across multiple different fronts within the organization, within our IT organization based on this tool being in place."
"IBM QRadar User Behavior Analytics has easy architecture, has a good portfolio and integration."
"We have the abilities to monitor each instance which originates on the process along with the performance of each department."
"The most valuable features are the AI assistant, which is good at detecting known types of behavior."
"The rule engine is very easy to use — very flexible."
"The initial setup of QRadar is not complex because we have done it before and we are used to the development. It is getting easier all the time."
"The feature that I have found most valuable is how it monitors the real network. That is its leading security feature."
"Most valuable features include the granularity of information."
"The most valuable thing about QRadar is that you have a single window into your network, SIEM, network flows, and risk management of your assets. If you use Splunk, for instance, then you still need a full packet capture solution, whereas the full packet capture solution is integrated within QRadar. Its application ecosystem makes it very powerful in terms of doing analysis."
"The most valuable feature is the flexible log for identifying security threats inside an application. Sentinel is very good at this."
"The most valuable feature of Sentinel is the dashboard."
"The tool is simple to use."
"The most valuable feature of this solution is that it provides a central locking system for many event sources."
"The stability is phenomenal and we never had any issues with downtime or even had to restart."
"The solution's Kusto Query Language (KQL) execution time is pretty good."
"The solution lets us get all the logs properly and regularly monitor customer infrastructure."
"The native integration with out-of-the box format is hassle free and allows data to be used advantageously."
"I think the number one area of improvement for Sentinel would be the cost."
"Only one thing is missing: NDR is not available out-of-the-box. The competitive cloud-native SIEM providers have the NDR component. Currently, Sentinel needs NDR to be powered from either Corelight or some other NDR provider."
"The solution could improve the playbooks."
"It would be good to have some connectors for third-party SIEM solutions. Many customers are struggling with the integration of Azure Sentinel with their on-premise SIEM. Microsoft is changing the log structure many times a year, which can corrupt a custom integration. It would be good to have some connectors developed by Microsoft or supply vendors, but they are not providing such functionality or tools."
"I would like to see more AI used in processes."
"While I appreciate the UI itself and the vast amount of information available on the platform, I'm finding the overall user experience to be frustrating due to frequent disconnections and the requirement to repeatedly re-authenticate."
"Microsoft Sentinel is relatively expensive, and its cost should be improved."
"I would like to be able to monitor applications outside of the Azure Cloud."
"I'm not sure about the stability just yet. We've observed a few issues and we raised a supporting ticket for it."
"The dashboard is pathetic and it takes a long time to perform a search."
"GUI needs to be improved."
"AI is superb but need improvements."
"The usability of interfaces could be improved."
"The product does not have a team for investigating malware."
"The released patch quality is poor. IBM should test those patches on their side, not on the client's side."
"IBM is going through some problems with its resources currently making its support response time slow."
"The solution does not allow outsourced authorizations."
"The dashboard and customer view should be improved"
"You need a lot of Unix scripting knowledge in order to manage the tool, which is one of the main issues that we faced."
"I would like to see a better reporting work structure on the dashboard."
"It is an ancient product."
"Creating a drag-and-drop dashboard or workbook in Sentinel is a little more complex compared to other tools like LogRhythm and IBM QRadar."
"I rate Sentinel a six out of ten for scalability."
"There is no integration in the web-side of the tool."
IBM Security QRadar is a security and analytics platform designed to defend against threats and scale security operations.
IBM Security QRadar is ranked 4th in Security Information and Event Management (SIEM) with 197 reviews while Sentinel is ranked 18th in Security Information and Event Management (SIEM) with 16 reviews. IBM Security QRadar is rated 8.0, while Sentinel is rated 7.6. The top reviewer of IBM Security QRadar writes "A highly stable and scalable solution that provides good technical support". On the other hand, the top reviewer of Sentinel writes "An automated solution that helped me detect threats in less than half the time it used to take". IBM Security QRadar is most compared with Splunk Enterprise Security, Wazuh, LogRhythm SIEM, Elastic Security and Securonix Next-Gen SIEM, whereas Sentinel is most compared with Splunk Enterprise Security, Wazuh, Google Chronicle Suite, LogRhythm SIEM and ArcSight Enterprise Security Manager (ESM). See our IBM Security QRadar vs. Sentinel report.
See our list of best Security Information and Event Management (SIEM) vendors.
We monitor all Security Information and Event Management (SIEM) reviews to prevent fraudulent reviews and keep review quality high. We do not post reviews by company employees or direct competitors. We validate each review for authenticity via cross-reference with LinkedIn, and personal follow-up with the reviewer when necessary.