We performed a comparison between IBM Security QRadar and Zabbix based on real PeerSpot user reviews.
Find out what your peers are saying about Splunk, Microsoft, Wazuh and others in Security Information and Event Management (SIEM)."The AI and ML of Azure Sentinel are valuable. We can use machine learning models at the tenant level and within Office 365 and Microsoft stack. We don't need to depend upon any other connectors. It automatically provisions the native Microsoft products."
"Log aggregation and data connectors are the most valuable features."
"We can use Sentinel's playbook to block threats. It covers all of the environment, giving us great visibility."
"The automation rules and playbooks are the most useful that I've seen. A number of other places segregate the automation and playbook as separate tools, whereas Microsoft is a SIEM and SOAR tool in one."
"It's easy to use. It's a very good product. It can easily ingest data from anywhere. It has an easily understandable language to perform actions."
"The product can integrate with any device."
"The data connectors that Microsoft Sentinel provides are easy to integrate when we work with a Microsoft agent."
"The Identity Behavior tab furnishes us with the entire history linked to each IP or domain that has either accessed or attempted to access our system."
"I like that it's easy to use and the performance is good."
"The tool's most valuable feature is log source management. It enables us to connect to various log sources, including content, authentications, or other customized integrations. These integrations can be tailored for use with other platforms that don’t already have built-in IBM add-ons."
"It allows us to search data both on-premises and on the cloud."
"It has improved my efficiency."
"The feature that I have found most valuable is how it monitors the real network. That is its leading security feature."
"The most valuable feature is the QRadar Vulnerability Manager which provides vulnerability scans. In addition, I like the way QRadar generates alerts."
"IBM Qradar's ability to simplify the number of events, not only on a technical level but by making that information easy to pan through the orchestration deduplication. It is very impressive given that we have hundreds of devices that send event logs through."
"The most valuable features are the versatility of this solution and the variety of things you can do with it."
"The template system in Zabbix is very beneficial as it saves time in configuration."
"Setup was straightforward. Initial deployment took two or three months."
"Our customers also like that they don't have to use multiple modules. Micro Focus and major vendors typically require you to buy several modules and plugins. Our customers do not like that. We offer them a single product for all their monitoring needs."
"There is a problems page that shows us every warning or problem that occurs on our VMs globally. The map screen is also really useful because this is something that was missing. I don't know every other tool in the market. So, I don't know if this is a good point of only Zabbix, or other tools are also doing it, but from my point of view, this is the most useful page that I use, along with the problems page that efficiently lists the problem, recovery time, ending hours, starting hours, and so on."
"The solution's design has recently changed and it is visually pleasing with more color, for example, there is blue, black, and white."
"It is a great product. The SNMP protocol tracking feature is good. I really like how it tracks SNMP. The alerts are also great."
"During my testing, the features that I like the most are that it can be integrated with my system, and it provides me with reports of all of my servers."
"I have found that the reporting feature in Zabbix is most valuable. Additionally, the solution has given us bandwidth options, we are able to see where problems are. For example, we noticed a problem that occurred because of a bad interface going in the wireless VLAN."
"The solution should allow for a streamlined CI/CD procedure."
"Everyone has their favorites. There is always room for improvement, and everybody will say, "I wish you could do this for me or that for me." It is a personal thing based on how you use the tool. I do not necessarily have those thoughts, and they are probably not really valuable because they are unique to the context of the user, but broadly, where it can continue to improve is by adding more connectors to more systems."
"We have been working with multiple customers, and every time we onboard a customer, we are missing an essential feature that surprisingly doesn't exist in Sentinel. We searched the forums and knowledge bases but couldn't find a solution. When you onboard new customers, you need to enable the data connectors. That part is easy, but you must create rules from scratch for every associated connector. You click "next," "next," "next," and it requires five clicks for each analytical rule. Imagine we have a customer with 150 rules."
"There is room for improvement in entity behavior and the integration site."
"Only one thing is missing: NDR is not available out-of-the-box. The competitive cloud-native SIEM providers have the NDR component. Currently, Sentinel needs NDR to be powered from either Corelight or some other NDR provider."
"I would like to see more AI used in processes."
"I think the number one area of improvement for Sentinel would be the cost."
"In terms of features I would like to see in future releases, I'm interested in a few more use cases around automation. I do believe a lot of automation is available, and more is in progress, but that would be my area of interest."
"QRadar UBA only keeps the data for a short while (it's refreshed every five minutes) and would be improved if this were extended to a week or month."
"The solution is difficult to understand in the beginning and has complex management configurations that can be improved."
"From a functionality point of view there are issues sometimes."
"There is a shortage of skilled individuals with knowledge about the solution. There is training required."
"Technical support could be improved by a bit."
"There is room for improvement in IBM QRadar in integrating features for SOC maturity and security levels directly into QRadar."
"They should provide more manual examples online so that I can learn it myself."
"The solution should include remote action capabilities."
"The graphical user interface could be customized a little bit more, and also the dashboard could be more friendly."
"Documentation terminology could be improved."
"The solution needs to add features for finding loopholes or problems and their root causes."
"As far as improvements, sometimes I get a bit frustrated when I move from a previous version to a new one because some configuration has changed—I need to investigate the documentation to deal with some configuration. But it doesn't take much time, so it's okay."
"The main problem with Zabbix is that you have to spend time writing templates for all of the products that you have."
"It should be easy to modify the front end."
"In an upcoming release, there should be automated reports which we are currently doing manually. For example, if we collect a report file every day and want to send it to a moderator for review. We are expecting this feature to come out soon but it would be valuable to have now."
"The product could be more secure and more stable."
IBM Security QRadar is ranked 4th in Security Information and Event Management (SIEM) with 198 reviews while Zabbix is ranked 1st in Network Monitoring Software with 100 reviews. IBM Security QRadar is rated 8.0, while Zabbix is rated 8.2. The top reviewer of IBM Security QRadar writes "A highly stable and scalable solution that provides good technical support". On the other hand, the top reviewer of Zabbix writes "Allows any number of customizations but lacks functionality for finding root causes". IBM Security QRadar is most compared with Splunk Enterprise Security, Wazuh, LogRhythm SIEM, Elastic Security and Sentinel, whereas Zabbix is most compared with Centreon, Checkmk, SolarWinds NPM, Nagios Core and Nagios XI.
We monitor all Security Information and Event Management (SIEM) reviews to prevent fraudulent reviews and keep review quality high. We do not post reviews by company employees or direct competitors. We validate each review for authenticity via cross-reference with LinkedIn, and personal follow-up with the reviewer when necessary.