We performed a comparison between IBM Security QRadar and Sentinel based on real PeerSpot user reviews.
Find out in this report how the two Security Information and Event Management (SIEM) solutions compare in terms of features, pricing, service and support, easy of deployment, and ROI."I like the KQL query. It simplifies getting data from the table and seeing the logs. All you need to know are the table names. It's quite easy to build use cases by using KQL."
"Log aggregation and data connectors are the most valuable features."
"It has basic out-of-the-box integrations with multiple log sources."
"The automation feature is valuable."
"Native integration with Microsoft security products or other Microsoft software is also crucial. For example, we can integrate Sentinel with Office 365 with one click. Other integrations aren't as easy. Sometimes, we have to do it manually."
"The connectivity and analytics are great."
"The in-built SOAR of Sentinel is valuable. Kusto Query Language is also valuable for the ease of writing queries and ease of getting insights from the logs. Schedule-based queries within Sentinel are also valuable. I found these three features most useful for my projects."
"Microsoft Sentinel enables you to ingest data from the entire ecosystem and that connection of data helps you to monitor critical resources and to know what's happening in the environment."
"I have found its network traffic log, network bit log, and QBI most valuable."
"We can easily monitor many things using this tool."
"The QNI feature is the one I am very interested in, and I have also been interested in Watson. From the log analysis and the security perspective, we are able to dive deep into any of the logs and anomalies."
"It does good correlation for events. It does good general analysis, and it has good apps as well."
"Due to the skills shortage, we are able to use it from the standpoint of bringing in a lower level employee or a person who may not have security knowledge."
"The simplicity of the solution is the best feature."
"There are more than 120 extensions in QRadar, which are easy to install and configure. These can improve your analysis of events."
"Improved our organization's TCO."
"It makes everything easier by automating some tasks and growing with our needs."
"The solution lets us get all the logs properly and regularly monitor customer infrastructure."
"The most valuable feature of this solution is that it provides a central locking system for many event sources."
"The stability is phenomenal and we never had any issues with downtime or even had to restart."
"The tool is simple to use."
"The most valuable feature of Sentinel is the dashboard."
"Sentinel gave us logs to tell us what's going right and wrong in your environment so we could secure the network."
"The solution's Kusto Query Language (KQL) execution time is pretty good."
"The solution could improve the playbooks."
"Sentinel's alerts and notifications are not fully optimized for mobile devices. The overall reporting and the analytics processes for the end user should also be improved. Also, the compatibility and availability of data sources and reports are not always perfect."
"At the network level, there is a limitation in integrating some of the switches or routers with Microsoft Sentinel. Currently, SPAN traffic monitoring is not available in Microsoft Sentinel. I have heard that it is available in Defender for Identity, which is a different product. It would be good if LAN traffic monitoring or SPAN traffic monitoring is available in Microsoft Sentinel. It would add a lot of value. It is available in some of the competitor products in the market."
"The on-prem log sources still require a lot of development."
"The reporting could be more structured."
"Sometimes, we are observing large ingestion delays. We expect logs within 5 minutes, but it takes about 10 to 15 minutes."
"It could have a better API to be able to automate many things more extensively and get more extensive data and more expensive deployment possibilities. It can gain some points on the automation part and the integration part. The API is very limited, and I would like to see it extended a bit more."
"Sentinel should be improved with more connectors. At the moment, it only covers a few vendors. If I remember correctly, only 100 products are supported natively in Sentinel, although you can connect them with syslog. But Microsoft should increase the number of native connectors to get logs into Sentinel."
"IBM QRadar has outdated technology, and this is its area for improvement. When you try to implement an analytic expression, it's not updated. The solution doesn't support newer technologies, and it doesn't update regularly. For example, around the world, others implement new technologies, while IBM updates later than others."
"There are a lot of things they are working on and a lot of technologies that are not yet there. They should probably work out a better reserve with their ecosystem of business partners and create wider and more in-depth qualities, third-party tools, and add-ons. These things really give immediate business value. For instance, there are many limitations in using SAP, EBS, or Micro-Dynamics. A lot of things that are happening in those platforms could also be monitored and allowed from the cybersecurity risks perspective. IBM might be leaving this gap or empty space for business partners. Some larger organizations might already be doing this. It would be very nice if IBM can make some artificial intelligence part free of charge for all current QRadar users. This would be a big advantage as compared to other competitors. There are companies that are going in different directions. Of course, you can't do everything inside QRadar. In general, it might be very good for all players to provide more use cases, especially regarding data protection and leakage prevention. There are some who are already doing some kind of file integrity or gathering some more information from all possible technologies for building anything related to the user and data analysis, content analysis, and management regarding the data protection."
"The custom rules could be simplified more or it should be possible to use a different language, other than the ones that the solution is already using. They should add other languages into the mix."
"I think that the search speed of this solution could be improved."
"I'm not sure about the stability just yet. We've observed a few issues and we raised a supporting ticket for it."
"If you have too many events that occur, then the storage capacity becomes a problem. You need to have more storage."
"A lot of information that we receive for the devices is IP-based, but it would help if we could have a default dashboard in which we can add more details about the assets for which we are receiving the information. For example, if it is a Windows or Linux device, we only get the IP for that particular device. We don't really get the name and other details of that particular device. For that, you have to drill down into your own asset management system. It would be good to have a place where we can probably add this information so that we don't have to look into other tools."
"The product does not have a team for investigating malware."
"I rate Sentinel a six out of ten for scalability."
"Log source integration with Sentinel needs to be improved."
"It is an ancient product."
"I would like to see a better reporting work structure on the dashboard."
"This product's connection to certain types of cloud systems could be improved. We can do Microsoft, Google, and Amazon, but there are a lot of other things happening in the cloud that we do not connect well enough to. This product could be improved with better connection to cloud-based solutions."
"There is a need for more flexibility in customization, especially when working with different vendors and platforms."
"Creating a drag-and-drop dashboard or workbook in Sentinel is a little more complex compared to other tools like LogRhythm and IBM QRadar."
"There is no integration in the web-side of the tool."
IBM Security QRadar is a security and analytics platform designed to defend against threats and scale security operations.
IBM Security QRadar is ranked 4th in Security Information and Event Management (SIEM) with 197 reviews while Sentinel is ranked 18th in Security Information and Event Management (SIEM) with 16 reviews. IBM Security QRadar is rated 8.0, while Sentinel is rated 7.6. The top reviewer of IBM Security QRadar writes "A highly stable and scalable solution that provides good technical support". On the other hand, the top reviewer of Sentinel writes "An automated solution that helped me detect threats in less than half the time it used to take". IBM Security QRadar is most compared with Splunk Enterprise Security, Wazuh, LogRhythm SIEM, Elastic Security and Securonix Next-Gen SIEM, whereas Sentinel is most compared with Splunk Enterprise Security, Wazuh, Google Chronicle Suite, LogRhythm SIEM and ArcSight Enterprise Security Manager (ESM). See our IBM Security QRadar vs. Sentinel report.
See our list of best Security Information and Event Management (SIEM) vendors.
We monitor all Security Information and Event Management (SIEM) reviews to prevent fraudulent reviews and keep review quality high. We do not post reviews by company employees or direct competitors. We validate each review for authenticity via cross-reference with LinkedIn, and personal follow-up with the reviewer when necessary.