We performed a comparison between ClearSkies SaaS NG SIEM and IBM Security QRadar based on real PeerSpot user reviews.
Find out what your peers are saying about Splunk, Microsoft, Wazuh and others in Security Information and Event Management (SIEM)."It is easy to implement (turn on) - does need a skilled analyst to develop queries and playbooks."
"Log aggregation and data connectors are the most valuable features."
"The pricing of the product is excellent."
"The connectivity and analytics are great."
"The analytics has a lot of advantages because there are 300 default use cases for rules and we can modify them per our environment. We can create other rules as well. Analytics is a useful feature."
"I've worked on most of the top SIEM solutions, and Sentinel has an edge in most areas. For example, it has built-in SOAR capabilities, allowing you to run playbooks automatically. Other vendors typically offer SOAR as a separate licensed solution or module, but you get it free with Sentinel. In-depth incident integration is available out of the box."
"The dashboard that allows me to view all the incidents is the most valuable feature."
"Sentinel also enables you to ingest data from your entire ecosystem and not just from the Microsoft ecosystem. It can receive data from third-party vendors' products such firewalls, network devices, and antivirus solutions. It's not only a Microsoft solution, it's for everything."
"The correlation rules and the user platform are most valuable."
"We get events and make the correlation, or rules. In IBM, we can implement our customer's rules. We can have very clear status threats and severity of antigens."
"An engineer can live-monitor all the flow happening in real-time. This would help us a lot while investigating a case, and it would even help us with preventive actions."
"The tool is already automated in many ways, but there are some additional functions which should be automated, like sending an email, mobile notification, and integration of XFS."
"Blocks of predefined conditions can be used to configure detection rules without having to write complicated script."
"Technical support is good overall."
"The solution is flexible and easy to use."
"The threat hunting capabilities in general are great."
"It'll get you from point A to B."
"It would be good to have some connectors for third-party SIEM solutions. Many customers are struggling with the integration of Azure Sentinel with their on-premise SIEM. Microsoft is changing the log structure many times a year, which can corrupt a custom integration. It would be good to have some connectors developed by Microsoft or supply vendors, but they are not providing such functionality or tools."
"If Azure Sentinel had the ability to ingest Azure services from different tenants into another tenant that was hosting Azure Sentinel, and not lose any metadata, that would be a huge benefit to a lot of companies."
"The KQL query does not function effectively with Windows 11 machines, and in the majority of machine-based investigations, KQL queries are essential for organizing the data during investigations."
"Microsoft Defender has a built-in threat expert option that enables you to contact an expert. That feature isn't available in Sentinel because it's a huge product that integrates all the technologies. I would like Microsoft to add the threat expert option so we can contact them. There are a few other features, like threat assessment that the PG team is working on. I expect them to release this feature in the next quarter."
"I would like to see more AI used in processes."
"Microsoft Sentinel is relatively expensive, and its cost should be improved."
"I can't think of anything other than just getting the name out there. I think a lot of customers don't fully understand the full capabilities of Azure Sentinel yet. It is kind of like when they're first starting to use Azure, it might not be something they first think about. So, they should just kind of get to the point where it is more widely used."
"I believe one of the challenges I encountered was the absence of live training sessions, even with the option to pay for them."
"They can add behavior analytics and AI or machine learning technology. They also improve their correlation engine. In addition to collecting logs from devices, they can collect the traffic and then correlate these logs and the traffic information."
"The dashboard is pathetic and it takes a long time to perform a search."
"Its architecture is very complicated."
"They have to build more quantitative monitoring, profiling, and make it more predictive."
"The AQL queries could be better."
"GUI needs to be improved."
"The user interface is a bit difficult to get used to."
"Dashboards and reports could provide better visualization of SIEM activity."
"The solution is expensive compared to other products."
Earn 20 points
ClearSkies SaaS NG SIEM is ranked 58th in Security Information and Event Management (SIEM) while IBM Security QRadar is ranked 4th in Security Information and Event Management (SIEM) with 198 reviews. ClearSkies SaaS NG SIEM is rated 8.0, while IBM Security QRadar is rated 8.0. The top reviewer of ClearSkies SaaS NG SIEM writes "Good correlation rules, competitive pricing, and good stability". On the other hand, the top reviewer of IBM Security QRadar writes "A highly stable and scalable solution that provides good technical support". ClearSkies SaaS NG SIEM is most compared with , whereas IBM Security QRadar is most compared with Splunk Enterprise Security, Wazuh, LogRhythm SIEM, Elastic Security and Sentinel.
See our list of best Security Information and Event Management (SIEM) vendors.
We monitor all Security Information and Event Management (SIEM) reviews to prevent fraudulent reviews and keep review quality high. We do not post reviews by company employees or direct competitors. We validate each review for authenticity via cross-reference with LinkedIn, and personal follow-up with the reviewer when necessary.