We performed a comparison between IBM Security QRadar and SolarWinds Security Event Manager based on real PeerSpot user reviews.
Find out in this report how the two Security Information and Event Management (SIEM) solutions compare in terms of features, pricing, service and support, easy of deployment, and ROI."The AI and ML of Azure Sentinel are valuable. We can use machine learning models at the tenant level and within Office 365 and Microsoft stack. We don't need to depend upon any other connectors. It automatically provisions the native Microsoft products."
"The best feature is that onboarding to the SIM solution is quite easy. If you are using cloud-based solutions, it's just a few clicks to migrate it."
"The automation rules and playbooks are the most useful that I've seen. A number of other places segregate the automation and playbook as separate tools, whereas Microsoft is a SIEM and SOAR tool in one."
"Sentinel improved how we investigate incidents. We can create watchlists and update them to align with the latest threat intelligence. The information Microsoft provides enables us to understand thoroughly and improve as we go along. It allows us to provide monthly reports to our clients on their security posture."
"It is always correlating to IOCs for normal attacks, using Azure-related resources. For example, if any illegitimate IP starts unusual activity on our Azure firewall, then it automatically generates an alarm for us."
"The pricing of the product is excellent."
"In Azure Sentinel, we have found, they do have a store in their capability. AI and intelligence features. We found that to be very helpful for us because some other things we do need to integrate again or find another vendor for the store"
"Free ingestion for Azure logs (with E5 licence)"
"The pre-canned rules and reports in this product are a huge plus."
"It does good correlation for events. It does good general analysis, and it has good apps as well."
"It has very rich functionality."
"The playbook engine is flexible and allows for the graphical visualization of processes, enabling the implementation of dynamic playbooks for incident response or testing."
"The ability to add extensions is the most valuable feature. For example, extensions that provide valuable test ports."
"It is incredibly easy to deploy. All the appliances are flexible in the roles that they serve and are all managed the in the same way."
"Provided that the report is prebuilt and I can find what I am looking for, the reporting is the most valuable feature in this solution."
"Network-Based Anomaly Detection (NBAD): Using NetFlow, JFlow, SFlow, or QFlow (all 7 layers), offenses are detected as a response when a rule is triggered."
"The out of the box reports and dashboard. It was easy to trim down these windows to something we could quickly use."
"The most valuable feature of this solution is the visibility into both attempted and failed logins."
"It supports high availability, which is very helpful."
"The most valuable feature is the ease of use for the end user."
"It's extremely easy to deploy."
"SolarWinds Security Event Manager has been generally working well."
"It has in-depth monitoring capabilities and an easy way for setting up dashboards. I can expand in various areas, or I can reduce areas. It supports different types of breakdowns, filters, and rules. It is very simple for an out-of-the-box type of product. It doesn't take a lot of time to figure it out, which is unlike some of the solutions that I have looked at. It meets all the aspects."
"The most valuable feature is the reporting."
"The KQL query does not function effectively with Windows 11 machines, and in the majority of machine-based investigations, KQL queries are essential for organizing the data during investigations."
"Sentinel should be improved with more connectors. At the moment, it only covers a few vendors. If I remember correctly, only 100 products are supported natively in Sentinel, although you can connect them with syslog. But Microsoft should increase the number of native connectors to get logs into Sentinel."
"The data connectors for third-party tools could be improved, as some aren't available in Sentinel. They need to be available in the data connector panel."
"The solution could improve the playbooks."
"The playbook development environment is not as rich as it should be. There are multiple occasions when we face problems while creating the playbook."
"If we want to use more features, we have to pay more. There are multiple solutions on the cloud itself, but the pricing model package isn't consistent, which is confusing to clients."
"They can work on the EDR side of things... Every time we need to onboard these kinds of machines into the EDR, we need to do it with the help of Intune, to sync up the devices, and do the configuration. I'm looking for something on the EDR side that will reduce this kind of work."
"Sentinel's reporting is complex and can be more user-friendly."
"The architecture could be improved. I got stuck for a long time trying to understand the architecture, as it is quite challenging."
"The threat detection needs improvement, they have many false positives."
"It's resource-intensive."
"The solution could improve by having more out-of-the-box use cases."
"The tech support is not that good."
"QRadar's performance has room for improvement because it cannot handle the volume. I need massive amounts of logs from various devices in our existing network architecture. IBM needs to improve QRadar's capacity to handle more logs."
"The advanced planning management (APM) features should be included."
"The custom rules could be simplified more or it should be possible to use a different language, other than the ones that the solution is already using. They should add other languages into the mix."
"The solution's technical support is okay, but we don't have an SLA, and sometimes the response times are very slow."
"SolarWinds should improve its correlation capabilities. The correlation does not automatically detect and reduce the events fast enough. You have to manually do a correlation report, which means the tool is not scalable in many ways."
"The product should improve the ease with which you can create event alerts. They are not as hard now but you need to have an easier way."
"The company had to use a third party for the implementation of the solution."
"It is a very technical program. They can simplify it so that it isn't so hard to deal with."
"Training for this solution needs to be improved, as new employees are sometimes unfamiliar with the product."
"It won't tell you when your backups are failing, but it will give you hints when your database is running on full recovery."
"I imagine we will have to develop our own reports soon, this seems to be more cumbersome."
More SolarWinds Security Event Manager Pricing and Cost Advice →
IBM Security QRadar is ranked 4th in Security Information and Event Management (SIEM) with 198 reviews while SolarWinds Security Event Manager is ranked 21st in Security Information and Event Management (SIEM) with 24 reviews. IBM Security QRadar is rated 8.0, while SolarWinds Security Event Manager is rated 7.8. The top reviewer of IBM Security QRadar writes "A highly stable and scalable solution that provides good technical support". On the other hand, the top reviewer of SolarWinds Security Event Manager writes "A comprehensive network security with robust technical capabilities, effective threat response, and centralized management". IBM Security QRadar is most compared with Splunk Enterprise Security, Wazuh, LogRhythm SIEM, Elastic Security and Fortinet FortiSIEM, whereas SolarWinds Security Event Manager is most compared with ManageEngine Log360, Splunk Enterprise Security, Microsoft Defender XDR, Wazuh and LogRhythm SIEM. See our IBM Security QRadar vs. SolarWinds Security Event Manager report.
See our list of best Security Information and Event Management (SIEM) vendors.
We monitor all Security Information and Event Management (SIEM) reviews to prevent fraudulent reviews and keep review quality high. We do not post reviews by company employees or direct competitors. We validate each review for authenticity via cross-reference with LinkedIn, and personal follow-up with the reviewer when necessary.