We performed a comparison between IBM Security QRadar and Sentinel based on real PeerSpot user reviews.
Find out in this report how the two Security Information and Event Management (SIEM) solutions compare in terms of features, pricing, service and support, easy of deployment, and ROI."If you know how to do KQL (kusto query language) queries, which are how you query the log data inside Sentinel, the information is pretty rich. You can get down to a good level of detail regarding event information or notifications."
"We didn't have anything similar. So, it really provides value from the incidents and automation point of view. The overview of the security fabric is most valuable."
"The dashboard that allows me to view all the incidents is the most valuable feature."
"We have no complaints about the features or functionality."
"It is quite efficient. It helps our clients in identifying their security issues and respond quickly. Our clients want to automate incident response and all those things."
"There are a lot of things you can explore as a user. You can even go and actively hunt for threats. You can go on the offensive rather than on the defensive."
"Another area where it is helping us is in creating a single dashboard for our environment. We can collect all the logs into a log analytics workset and run queries on top of it. We get all the results in the dashboard. Even a layman can understand this stuff. The way Microsoft presents it is really incredible."
"The most valuable feature is the alert notifications, which are categorized by severity levels: informational, low, medium, and high."
"The most valuable features of IBM Security QRadar are flexibility, IBM support, and scalability."
"It is a very optimized engine."
"The feature that I find the most useful is that IBM QRadar User Behavior Analytics is free of charge. It's a fully free product that can be installed on top of IBM QRadar SIEM."
"There are a lot of great out-of-the-box features included."
"I like that it's easy to use and the performance is good."
"It can analyze event logs, event security, and give a good consult."
"The most valuable feature is the searching capability and real-time operational use."
"Network-Based Anomaly Detection (NBAD): Using NetFlow, JFlow, SFlow, or QFlow (all 7 layers), offenses are detected as a response when a rule is triggered."
"Sentinel gave us logs to tell us what's going right and wrong in your environment so we could secure the network."
"One of the most valuable features is the business intelligence engine. It's very important because it keeps track of everything that's happening and alerts us if something is different than expected. The first time I used it, I was shocked at how well it performed. Another valuable feature that I think makes this product worth the price you pay for it is that it connects to basically every system that provides some form of logging, and it's very easy to set up what triggers this."
"It makes everything easier by automating some tasks and growing with our needs."
"The tool is simple to use."
"The solution's Kusto Query Language (KQL) execution time is pretty good."
"The stability is phenomenal and we never had any issues with downtime or even had to restart."
"The most valuable feature of this solution is that it provides a central locking system for many event sources."
"The most valuable feature of Sentinel is the dashboard."
"The playbook development environment is not as rich as it should be. There are multiple occasions when we face problems while creating the playbook."
"Sometimes, it is hard for us to estimate the costs of Microsoft Sentinel."
"Sentinel should be improved with more connectors. At the moment, it only covers a few vendors. If I remember correctly, only 100 products are supported natively in Sentinel, although you can connect them with syslog. But Microsoft should increase the number of native connectors to get logs into Sentinel."
"We'd like to see more connectors."
"Microsoft Sentinel is relatively expensive, and its cost should be improved."
"The solution should allow for a streamlined CI/CD procedure."
"The built-in SOAR is not really good out-of-the-box. The SOAR relies on logic apps and you almost need to have some kind of developer background to be able to make these logic apps. Most security people cannot develop anything..."
"We've seen delays in getting the logs from third-party solutions and sometimes Microsoft products as well. It would be helpful if Microsoft created a list of the delays. That would make things more transparent for customers."
"It is very difficult to activate all of the network equipment, and it would help if it were made easier."
"Whenever we are upgrading or installing any type of patch, at that time we have some delays."
"The quality of technical support depends on the IBM support person. Sometimes, it's hard to get the right person on the other side. A ticket coordinator could be the key to better quality delivery."
"If you have too many events that occur, then the storage capacity becomes a problem. You need to have more storage."
"Ideally we would like a mobile version so that any alert that comes in will notify us in a mobile app, or by using SMS integration."
"They need to improve their threat intelligence feed and they need to improve their user behavior analytics modules."
"The user interface needs improvement."
"I'm not sure about the stability just yet. We've observed a few issues and we raised a supporting ticket for it."
"You need a lot of Unix scripting knowledge in order to manage the tool, which is one of the main issues that we faced."
"The dashboard and customer view should be improved"
"Creating a drag-and-drop dashboard or workbook in Sentinel is a little more complex compared to other tools like LogRhythm and IBM QRadar."
"It is an ancient product."
"I rate Sentinel a six out of ten for scalability."
"Log source integration with Sentinel needs to be improved."
"There is a need for more flexibility in customization, especially when working with different vendors and platforms."
"There is no integration in the web-side of the tool."
IBM Security QRadar is ranked 4th in Security Information and Event Management (SIEM) with 198 reviews while Sentinel is ranked 17th in Security Information and Event Management (SIEM) with 16 reviews. IBM Security QRadar is rated 8.0, while Sentinel is rated 7.6. The top reviewer of IBM Security QRadar writes "A highly stable and scalable solution that provides good technical support". On the other hand, the top reviewer of Sentinel writes "An automated solution that helped me detect threats in less than half the time it used to take". IBM Security QRadar is most compared with Splunk Enterprise Security, Wazuh, LogRhythm SIEM, Elastic Security and ArcSight Logger, whereas Sentinel is most compared with Splunk Enterprise Security, Wazuh, Google Chronicle Suite, LogRhythm SIEM and ArcSight Enterprise Security Manager (ESM). See our IBM Security QRadar vs. Sentinel report.
See our list of best Security Information and Event Management (SIEM) vendors.
We monitor all Security Information and Event Management (SIEM) reviews to prevent fraudulent reviews and keep review quality high. We do not post reviews by company employees or direct competitors. We validate each review for authenticity via cross-reference with LinkedIn, and personal follow-up with the reviewer when necessary.