We performed a comparison between IBM Security QRadar and Sentinel based on real PeerSpot user reviews.
Find out in this report how the two Security Information and Event Management (SIEM) solutions compare in terms of features, pricing, service and support, easy of deployment, and ROI."The machine learning and artificial intelligence on offer are great."
"The UI-based analytics are excellent."
"Sentinel improved how we investigate incidents. We can create watchlists and update them to align with the latest threat intelligence. The information Microsoft provides enables us to understand thoroughly and improve as we go along. It allows us to provide monthly reports to our clients on their security posture."
"The solution offers a lot of data on events. It helps us create specific detection strategies."
"Sentinel pricing is good"
"I like the KQL query. It simplifies getting data from the table and seeing the logs. All you need to know are the table names. It's quite easy to build use cases by using KQL."
"The ability of all these solutions to work together natively is essential. We have an Azure subscription, including Log Analytics. This feature automatically acts as one of the security baselines and detects recommendations because it also integrates with Defender. We can pull the sysadmin logs from Azure. It's all seamless and native."
"If you know how to do KQL (kusto query language) queries, which are how you query the log data inside Sentinel, the information is pretty rich. You can get down to a good level of detail regarding event information or notifications."
"It has improved my efficiency."
"The tool is already automated in many ways, but there are some additional functions which should be automated, like sending an email, mobile notification, and integration of XFS."
"What we like about QRadar and the models that IBM has, is it can go from a small-to-medium enterprise to a larger organization, and it gives you the same value."
"Most of the features are good. It is an excellent solution."
"Overall a great solution."
"IBM Security QRadar has significantly improved our incident response procedures."
"The timeline and machine learning features are great."
"We find predictive analysis capabilities valuable."
"The solution lets us get all the logs properly and regularly monitor customer infrastructure."
"It makes everything easier by automating some tasks and growing with our needs."
"The tool is simple to use."
"The stability is phenomenal and we never had any issues with downtime or even had to restart."
"The most valuable feature of Sentinel is the dashboard."
"The most valuable feature is the flexible log for identifying security threats inside an application. Sentinel is very good at this."
"The most valuable feature of this solution is that it provides a central locking system for many event sources."
"Sentinel gave us logs to tell us what's going right and wrong in your environment so we could secure the network."
"We're satisfied with the comprehensiveness of the security protection. That said, we do have issues sometimes where there have been global outages and we need to raise a ticket with Microsoft."
"The playbook is a bit difficult and could be improved."
"If I see an alert and I want to drill down and get more details about the alert, it's not just one click. In other SIEM tools, you just have to click the IP address of the entity and they give you the complete picture. In Sentinel, you have to write queries or use saved queries to get details."
"When it comes to ingesting Azure native log sources, some of the log sources are specific to the subscription, and it is not always very clear."
"The built-in SOAR is not really good out-of-the-box. The SOAR relies on logic apps and you almost need to have some kind of developer background to be able to make these logic apps. Most security people cannot develop anything..."
"There is a wider thing called Jupyter Notebooks, which is around the automation side of things. It would be good if there are playbooks that you can utilize without having to have the developer experience to do it in-house. Microsoft could provide more playbooks or more Jupyter Notebooks around MITRE ATT&CK Framework."
"I think the number one area of improvement for Sentinel would be the cost."
"We'd like to see more connectors."
"Technical support is good, but not great."
"The user interface is a bit clunky, a bit hard to find what you need."
"Search capability and indexing still lag behind competitors. We also need to see improved rule based access controls and rule/event tuning."
"It would be better if it were more stable and more secure. The price for maintenance could be better. It's too high. In the next release, I think they should focus on the price and the operation."
"QRadar needs a lot of fine tuning"
"IBM technical support is always terrible."
"The user interface needs improvement."
"We sometimes get an error about the hard drive. Approximately once in two months, we can't find the logs, and they go missing, which is a terrible issue. We are getting support for this issue from our support company."
"I rate Sentinel a six out of ten for scalability."
"You need a lot of Unix scripting knowledge in order to manage the tool, which is one of the main issues that we faced."
"The dashboard and customer view should be improved"
"There is no integration in the web-side of the tool."
"The solution does not allow outsourced authorizations."
"There is a need for more flexibility in customization, especially when working with different vendors and platforms."
"It is an ancient product."
"This product's connection to certain types of cloud systems could be improved. We can do Microsoft, Google, and Amazon, but there are a lot of other things happening in the cloud that we do not connect well enough to. This product could be improved with better connection to cloud-based solutions."
IBM Security QRadar is ranked 4th in Security Information and Event Management (SIEM) with 198 reviews while Sentinel is ranked 17th in Security Information and Event Management (SIEM) with 16 reviews. IBM Security QRadar is rated 8.0, while Sentinel is rated 7.6. The top reviewer of IBM Security QRadar writes "A highly stable and scalable solution that provides good technical support". On the other hand, the top reviewer of Sentinel writes "An automated solution that helped me detect threats in less than half the time it used to take". IBM Security QRadar is most compared with Splunk Enterprise Security, Wazuh, LogRhythm SIEM, Elastic Security and ArcSight Logger, whereas Sentinel is most compared with Splunk Enterprise Security, Google Chronicle Suite, Wazuh, LogRhythm SIEM and ArcSight Enterprise Security Manager (ESM). See our IBM Security QRadar vs. Sentinel report.
See our list of best Security Information and Event Management (SIEM) vendors.
We monitor all Security Information and Event Management (SIEM) reviews to prevent fraudulent reviews and keep review quality high. We do not post reviews by company employees or direct competitors. We validate each review for authenticity via cross-reference with LinkedIn, and personal follow-up with the reviewer when necessary.