We performed a comparison between IBM Security QRadar and Zabbix based on real PeerSpot user reviews.
Find out what your peers are saying about Splunk, Microsoft, Wazuh and others in Security Information and Event Management (SIEM)."Microsoft Sentinel provides the capability to integrate different log sources. On top of having several data connectors in place, you can also do integration with a threat intelligence platform to enhance and enrich the data that's available. You can collect as many logs and build all the use cases."
"Native integration with Microsoft security products or other Microsoft software is also crucial. For example, we can integrate Sentinel with Office 365 with one click. Other integrations aren't as easy. Sometimes, we have to do it manually."
"Sentinel improved how we investigate incidents. We can create watchlists and update them to align with the latest threat intelligence. The information Microsoft provides enables us to understand thoroughly and improve as we go along. It allows us to provide monthly reports to our clients on their security posture."
"Microsoft Sentinel comes preloaded with templates for teaching and analytics rules."
"Free ingestion for Azure logs (with E5 licence)"
"It is always correlating to IOCs for normal attacks, using Azure-related resources. For example, if any illegitimate IP starts unusual activity on our Azure firewall, then it automatically generates an alarm for us."
"The ability of all these solutions to work together natively is essential. We have an Azure subscription, including Log Analytics. This feature automatically acts as one of the security baselines and detects recommendations because it also integrates with Defender. We can pull the sysadmin logs from Azure. It's all seamless and native."
"It has basic out-of-the-box integrations with multiple log sources."
"There are a lot of features in QRadar. App Exchange is the most valuable feature. User behavior analytics (UBA) is also a very good feature. Watson is also there, but we are not currently using Watson. It is versatile and quite easy. It also has an all-in-one-box feature and good integration with AWS."
"The most valuable features would have to be the products' ability to customize vulnerability management settings."
"The product provides a complete platform for ingesting the log, doing the correlations and handling the runtime."
"I have found the most important features to be the flexibility, tech framework, and disk manager."
"It is the core of our entire SOX."
"Improves visibility and has a great new dashboard."
"The initial setup of QRadar is not complex because we have done it before and we are used to the development. It is getting easier all the time."
"The most valuable feature is the searching capability and real-time operational use."
"The most valuable feature is that it provides network segregation for server monitoring."
"It's a flexible solution."
"The product is very stable."
"Zabbix can use old data to current data to set the threshold. We can use previous data to set the threshold."
"I have found that the reporting feature in Zabbix is most valuable. Additionally, the solution has given us bandwidth options, we are able to see where problems are. For example, we noticed a problem that occurred because of a bad interface going in the wireless VLAN."
"It meets my organizational needs. It's pretty easy to use."
"We like the user-interface for this solution, which makes it an easy to use tool."
"Every new asset placed in the environment can be automatically detected, predicting human failures."
"Documentation is the main thing that could be improved. In terms of product usage, the documentation is pretty good, but I'd like a lot more documentation on Kusto Query Language."
"They only classify alerts into three categories: high, medium, and low. So, from the user's point of view, having another critical category would be awesome."
"Add more out-of-the-box connectors with other SaaS platforms/applications."
"There is room for improvement in entity behavior and the integration site."
"If Sentinel had a graphical user interface, it would be easier to use. I would also like it to be more customizable."
"We'd like also a better ticketing system, which is older."
"I can't think of anything other than just getting the name out there. I think a lot of customers don't fully understand the full capabilities of Azure Sentinel yet. It is kind of like when they're first starting to use Azure, it might not be something they first think about. So, they should just kind of get to the point where it is more widely used."
"The performance could be improved. If I create 15 to 20 lines for a single-use case in KQL, sometimes it takes more time to execute. If I create use cases within a certain timeline, the result will show in .01 seconds. A complex query takes more time to get results."
"They have to build more quantitative monitoring, profiling, and make it more predictive."
"I have also been working with other SIEM solutions, and I have observed that they have extensive Linux-based and Unix-based integrations. They have been able to support some of the Linux-based agents, which is useful to investigate and process the information on the Linux and Unix side."
"QVM is another instance where they need to revise the vulnerability scoring and the proper remediation details."
"I would like the rule creation interface to be much more user-friendly in the next release."
"The advanced planning management (APM) features should be included."
"The solution should enhance its capabilities of UEBA and AI/ML tech modeling."
"I would like to see some artificial intelligence and alternative solutions."
"Needs better visualization options beyond the time series charts and a few other options that they have."
"The graphical user interface could be customized a little bit more, and also the dashboard could be more friendly."
"The reports are not great and should be improved."
"When we have a problem, we have to do a lot of research to solve it."
"I would like to see a more flexible mobile client, and better HA out of the box."
"Correlation of events would be a wonderful addition."
"The integration of the product is not so easy, especially when it comes to the application database."
"The event correlation could be better."
"The System Center Operations Manager can be improved."
IBM Security QRadar is ranked 4th in Security Information and Event Management (SIEM) with 198 reviews while Zabbix is ranked 1st in Network Monitoring Software with 101 reviews. IBM Security QRadar is rated 8.0, while Zabbix is rated 8.2. The top reviewer of IBM Security QRadar writes "A highly stable and scalable solution that provides good technical support". On the other hand, the top reviewer of Zabbix writes "Allows any number of customizations but lacks functionality for finding root causes". IBM Security QRadar is most compared with Splunk Enterprise Security, Wazuh, LogRhythm SIEM, Elastic Security and Sentinel, whereas Zabbix is most compared with Centreon, Checkmk, SolarWinds NPM, Nagios Core and Nagios XI.
We monitor all Security Information and Event Management (SIEM) reviews to prevent fraudulent reviews and keep review quality high. We do not post reviews by company employees or direct competitors. We validate each review for authenticity via cross-reference with LinkedIn, and personal follow-up with the reviewer when necessary.