We performed a comparison between IBM Security QRadar and Sentinel based on real PeerSpot user reviews.
Find out in this report how the two Security Information and Event Management (SIEM) solutions compare in terms of features, pricing, service and support, easy of deployment, and ROI."The native integration of the Microsoft security solution has been essential because it helps reduce some false positives, especially with some of the impossible travel rules that may be configured in Microsoft 365. For some organizations, that might be benign because they're using VPNs, etc."
"The most valuable features in my experience are the UEBA, LDAP, the threat scheduler, and integration with third-party straight perform like the MISP."
"The initial setup is very simple and straightforward."
"The in-built SOAR of Sentinel is valuable. Kusto Query Language is also valuable for the ease of writing queries and ease of getting insights from the logs. Schedule-based queries within Sentinel are also valuable. I found these three features most useful for my projects."
"The automation feature is valuable."
"The Identity Behavior tab furnishes us with the entire history linked to each IP or domain that has either accessed or attempted to access our system."
"We’ve got process improvement that's happened across multiple different fronts within the organization, within our IT organization based on this tool being in place."
"Sentinel is a SIEM and SOAR tool, so its automation is the best feature; we can reduce human interaction, freeing up our human resources."
"It's a state-of-the-art product for security information and event management (SIEM)."
"IBM QRadar is easy to scale, it doesn't affect the environment. In our office, we have around 40 - 50 users, but our clients have more users on their networks. Our organization has staff in the software department that manages IBM QRadar for us."
"Due to the skills shortage, we are able to use it from the standpoint of bringing in a lower level employee or a person who may not have security knowledge."
"A nice benefit is when we go to the process of selecting our youth cases, they go by building blocks. QRadar links it to building blocks."
"The flexibility is good in terms of pulling log files."
"Most of our clients are interested in automation. The automation part is good because they are able to detect threats and vulnerabilities in real time. It's very fast."
"IBM QRadar Advisor with Watson is a stable solution."
"Stability-wise, I rate the solution a ten out of ten."
"The tool is simple to use."
"The solution lets us get all the logs properly and regularly monitor customer infrastructure."
"The solution's Kusto Query Language (KQL) execution time is pretty good."
"The most valuable feature of this solution is that it provides a central locking system for many event sources."
"It makes everything easier by automating some tasks and growing with our needs."
"The most valuable feature of Sentinel is the dashboard."
"The most valuable feature is the flexible log for identifying security threats inside an application. Sentinel is very good at this."
"Sentinel gave us logs to tell us what's going right and wrong in your environment so we could secure the network."
"I can't think of anything other than just getting the name out there. I think a lot of customers don't fully understand the full capabilities of Azure Sentinel yet. It is kind of like when they're first starting to use Azure, it might not be something they first think about. So, they should just kind of get to the point where it is more widely used."
"If I see an alert and I want to drill down and get more details about the alert, it's not just one click. In other SIEM tools, you just have to click the IP address of the entity and they give you the complete picture. In Sentinel, you have to write queries or use saved queries to get details."
"The solution should allow for a streamlined CI/CD procedure."
"They could use some kind of workbook. There is some limitation doing the editing and creating the workbook."
"They only classify alerts into three categories: high, medium, and low. So, from the user's point of view, having another critical category would be awesome."
"If Sentinel had a graphical user interface, it would be easier to use. I would also like it to be more customizable."
"One key area that can be improved is by building a strong integration with our XDR platform."
"Sometimes, it is hard for us to estimate the costs of Microsoft Sentinel."
"The solution lacks some maturity."
"It doesn't have a SOAR system by default. You need to purchase it additionally, which is the main problem with QRadar."
"The implementation and configuration are not easy."
"In a future release, the solution could provide malware analysis."
"IMB should reduce the pricing, or reduce some of the features for a more economical solution for the customer."
"We sometimes get an error about the hard drive. Approximately once in two months, we can't find the logs, and they go missing, which is a terrible issue. We are getting support for this issue from our support company."
"With IBM Security QRadar, my company faced issues with the support we received for the product."
"I would like to see the update process simplified."
"The dashboard and customer view should be improved"
"Log source integration with Sentinel needs to be improved."
"You need a lot of Unix scripting knowledge in order to manage the tool, which is one of the main issues that we faced."
"I rate Sentinel a six out of ten for scalability."
"This product's connection to certain types of cloud systems could be improved. We can do Microsoft, Google, and Amazon, but there are a lot of other things happening in the cloud that we do not connect well enough to. This product could be improved with better connection to cloud-based solutions."
"I would like to see a better reporting work structure on the dashboard."
"Creating a drag-and-drop dashboard or workbook in Sentinel is a little more complex compared to other tools like LogRhythm and IBM QRadar."
"The solution does not allow outsourced authorizations."
IBM Security QRadar is ranked 4th in Security Information and Event Management (SIEM) with 198 reviews while Sentinel is ranked 17th in Security Information and Event Management (SIEM) with 16 reviews. IBM Security QRadar is rated 8.0, while Sentinel is rated 7.6. The top reviewer of IBM Security QRadar writes "A highly stable and scalable solution that provides good technical support". On the other hand, the top reviewer of Sentinel writes "An automated solution that helped me detect threats in less than half the time it used to take". IBM Security QRadar is most compared with Splunk Enterprise Security, Wazuh, LogRhythm SIEM, Elastic Security and ArcSight Logger, whereas Sentinel is most compared with Splunk Enterprise Security, Google Chronicle Suite, Wazuh, LogRhythm SIEM and ArcSight Enterprise Security Manager (ESM). See our IBM Security QRadar vs. Sentinel report.
See our list of best Security Information and Event Management (SIEM) vendors.
We monitor all Security Information and Event Management (SIEM) reviews to prevent fraudulent reviews and keep review quality high. We do not post reviews by company employees or direct competitors. We validate each review for authenticity via cross-reference with LinkedIn, and personal follow-up with the reviewer when necessary.