We performed a comparison between IBM Security QRadar and Sentinel based on real PeerSpot user reviews.
Find out in this report how the two Security Information and Event Management (SIEM) solutions compare in terms of features, pricing, service and support, easy of deployment, and ROI."You can fine-tune the SOAR and you'll be charged only when your playbooks are triggered. That is the beauty of the solution because the SOAR is the costliest component in the market today... but with Sentinel it is upside-down: the SOAR is the lowest-hanging fruit. It's the least costly and it delivers more value to the customer."
"Sentinel is a SIEM and SOAR tool, so its automation is the best feature; we can reduce human interaction, freeing up our human resources."
"Azure Application Gateway makes things a lot easier. You can create dashboards, alert rules, hunting and custom queries, and functions with it."
"The UI-based analytics are excellent."
"Microsoft Sentinel comes preloaded with templates for teaching and analytics rules."
"It's pretty powerful and its performance is pretty good."
"Sentinel uses Azure Logic Apps for automation, which is really powerful. This allows us to easily automate responses to incidents."
"The automation feature is valuable."
"Most of the features are good. It is an excellent solution."
"I have found IBM QRadar to be scalable."
"The QNI feature is the one I am very interested in, and I have also been interested in Watson. From the log analysis and the security perspective, we are able to dive deep into any of the logs and anomalies."
"The tool helps with infrastructure, application, and network monitoring."
"I have found its network traffic log, network bit log, and QBI most valuable."
"We've found the solution to be scalable."
"Most valuable features include the granularity of information."
"It's built around Red Hat Linux, which is highly robust."
"The solution lets us get all the logs properly and regularly monitor customer infrastructure."
"It makes everything easier by automating some tasks and growing with our needs."
"The most valuable feature of this solution is that it provides a central locking system for many event sources."
"Sentinel gave us logs to tell us what's going right and wrong in your environment so we could secure the network."
"The solution's Kusto Query Language (KQL) execution time is pretty good."
"The stability is phenomenal and we never had any issues with downtime or even had to restart."
"The most valuable feature of Sentinel is the dashboard."
"The most valuable feature is the flexible log for identifying security threats inside an application. Sentinel is very good at this."
"If I see an alert and I want to drill down and get more details about the alert, it's not just one click. In other SIEM tools, you just have to click the IP address of the entity and they give you the complete picture. In Sentinel, you have to write queries or use saved queries to get details."
"They only classify alerts into three categories: high, medium, and low. So, from the user's point of view, having another critical category would be awesome."
"The learning curve could be improved. I am still learning it. We were able to implement the basic features to get them up and running, but there are still so many things that I don't know about all its features. They have a lot of features that we have not been able to use or apply. If they could work on reducing the solution's learning curve, that would be good. While there is a training course held by Microsoft to learn more about this solution, there is a cost associated with it."
"The following would be a challenge for any product in the market, but we have some in-house apps in our environment... our apps were built with different parameters and the APIs for them are not present in Sentinel. We are working with Microsoft to build those custom APIs that we require. That is currently in progress."
"Not all information shows up in Sentinel. Sometimes there are items provided in 365 and if you looked in Sentinel you would not see them and therefore think they do not exist. There can be discrepancies between Microsoft tools."
"Sentinel can be used in two ways. With other tools like QRadar, I don't need to run queries. Using Sentinel requires users to learn KQL to run technical queries and check things. If they don't know KQL, they can't fully utilize the solution."
"They need to work with other security vendors. For example, we replaced our email gateway with Symantec, but we couldn't collect these logs with Azure Sentinel. Instead of collecting these logs with Azure Sentinel, we are collecting them on Qradar. We couldn't do it with Sentinel, which is a problem for us."
"They could use some kind of workbook. There is some limitation doing the editing and creating the workbook."
"There should be more opportunity for community kind of distribution where, for example, if there was a zero-day threat targeting companies."
"The reporting system could use some upgrading."
"I would like to see the update process simplified."
"It needs more resilience and functionality."
"I have noticed the interface has room for improvement."
"The only problem is that if you have too many events that occur, then the storage capacity becomes a problem. We would need to increase the storage capacity."
"Ideally we would like a mobile version so that any alert that comes in will notify us in a mobile app, or by using SMS integration."
"I don't look at only the features and benefits; I also look at the price. It is a bit expensive when compared with other solutions. It is expensive for specific deployment topologies, and the decision-makers go for alternatives like ArcSight. It should also have more AI features or capabilities for better threat intelligence. The more it uses machine learning, the better would be the dashboard, analytics, and other things."
"Creating a drag-and-drop dashboard or workbook in Sentinel is a little more complex compared to other tools like LogRhythm and IBM QRadar."
"The solution does not allow outsourced authorizations."
"It is an ancient product."
"There is a need for more flexibility in customization, especially when working with different vendors and platforms."
"The dashboard and customer view should be improved"
"I rate Sentinel a six out of ten for scalability."
"I would like to see a better reporting work structure on the dashboard."
"There is no integration in the web-side of the tool."
IBM Security QRadar is ranked 4th in Security Information and Event Management (SIEM) with 198 reviews while Sentinel is ranked 18th in Security Information and Event Management (SIEM) with 16 reviews. IBM Security QRadar is rated 8.0, while Sentinel is rated 7.6. The top reviewer of IBM Security QRadar writes "A highly stable and scalable solution that provides good technical support". On the other hand, the top reviewer of Sentinel writes "An automated solution that helped me detect threats in less than half the time it used to take". IBM Security QRadar is most compared with Splunk Enterprise Security, Wazuh, LogRhythm SIEM, Elastic Security and Fortinet FortiSIEM, whereas Sentinel is most compared with Splunk Enterprise Security, Google Chronicle Suite, Wazuh, LogRhythm SIEM and ArcSight Enterprise Security Manager (ESM). See our IBM Security QRadar vs. Sentinel report.
See our list of best Security Information and Event Management (SIEM) vendors.
We monitor all Security Information and Event Management (SIEM) reviews to prevent fraudulent reviews and keep review quality high. We do not post reviews by company employees or direct competitors. We validate each review for authenticity via cross-reference with LinkedIn, and personal follow-up with the reviewer when necessary.