We performed a comparison between IBM Security QRadar, Splunk Enterprise Security, and Stackify based on real PeerSpot user reviews.
Find out what your peers are saying about Splunk, Datadog, Wazuh and others in Log Management."There are more than 120 extensions in QRadar, which are easy to install and configure. These can improve your analysis of events."
"I think this is a good product for enterprises because of the performance and out-of-the-box rules and use cases. If they want to reach the maturity level early, they can use these out-of-the-box rules and use cases. That will help them a lot."
"IBM Qradar's ability to simplify the number of events, not only on a technical level but by making that information easy to pan through the orchestration deduplication. It is very impressive given that we have hundreds of devices that send event logs through."
"We are using the platform version, which I like."
"The features that I have found most valuable are that it is very stable, easy to get going, and easy to manage. It is also easy to review all incidents."
"The most valuable aspect of the solution is the integration capabilities on offer."
"I like the graphical interface. It's so good and easy."
"It is a pretty solid product for the type that it is representing. It is a CM solution as compared to Splunk or ArcSight from HP. It is also user friendly. It comes with some internal AI as well, in which it automatically maps multiple lots from unrelated devices and makes a smart decision to link them back and create an offense based on that. It is a smart tool."
"I like the ease with which dashboards can be created."
"The fact that Splunk is a platform and not just a SIEM solution is a key benefit."
"The logs on the solution are excellent."
"The dashboard and reporting are very good... It provides very good visibility in a hybrid cloud environment, and you can build custom utilization APIs using Splunk."
"There are lots of free learning materials on their website."
"It provides a risk score for each object, device, or user. We can then take action if they are at a higher risk."
"Positive features include replication capabilities, software development kits, and the architecture."
"One key advantage of Splunk over competitors like IBM QRadar is its superior device integration capabilities."
"The performance dashboard and the accurate level of details are beneficial."
"The filter feature on Stackify is one of the features I found valuable. It's awesome. When I want to get the application logs, the solution gives me many filters. For example, if I want to get logs from my test environment, the option is there for me to select the environment from Stackify, and you can also select the particular application, and you'll see the information you need there. The filter feature alone and the fact that Stackify offers a lot of different filters is what I like the most about the solution because I've used other tools with the filter feature, but the filtering was very difficult, versus Stackify that has good filtering. On Stackify, you can filter the information by the last one hour, or the last four hours, and you can also select the date range and specify the timestamp, then the solution will give you the information based on the date range you specified. Another feature I found valuable on Stackify is its rating feature because it tells you how your application is faring. For example, a rating of A means excellent, while a rating of F means very bad, or that your application is not doing well at all. The ratings are from A to F. I also like that Stackify helps you in terms of load management because the solution gives you information on overutilized resources. These are the most valuable features of the solution."
"The deployment is very fast."
"The solution is stable and reliable."
"There is a lot of manual configuration required in order for the product to run smoothly, and I think that it could be made more automatic."
"Technical support could be improved by a bit."
"We would like to see better instrumentation for debugging changes in the log flow."
"I would like to see a more user-friendly product."
"The AQL queries could be better."
"The biggest problem was built on top of the QRadar in the executive operations center network. The integration was not using the network security specialist properly, and all the incidents were inferior with QRadar. Its compatibility is not really good."
"It doesn't have a SOAR system by default. You need to purchase it additionally, which is the main problem with QRadar."
"I think QRadar is very complex. It's a distributed system and IBM QRadar has an all-in-one solution which is not like that distributed solution but it's a good product. IBM needs to consider the user interface because if we compare it with AlienVault, the AlienVault user interface is fantastic but the IBM QRadar user interface is very complex. They should focus on how to make it easier for the client."
"Splunk does not provide any default threat intelligence like Microsoft Sentinel, but you can integrate any third-party threat intelligence with Splunk. By default, no threat intelligence suite is there, whereas, with IBM QRadar or Microsoft Sentinel, the default feature of threat intelligence is there. It is free. If Splunk can provide a default threat intelligence suite, it would be better."
"The solution could improve by giving more email details."
"I feel the solution to be too slow."
"The initial setup is complex, but this is necessary. We needed to take into consideration how to direct log files from thousands of machines to Splunk, and how to ingest those files."
"It currently has limited default rules and customizations. If they can concentrate more on the compliance part and the security information part, it would be helpful. The platform part is good, but it requires many features from the security aspect."
"The analytics of Splunk could be improved."
"While Splunk Enterprise Security offers valuable features, its cost is high and could be more competitive."
"It's difficult to set up initially, and their billing model is also a bit complicated."
"It should be easily scalable and configurable in different instances."
"I would like to be able to see metrics about individual running containers on the host machines."
"I've not used Stackify for a while, and I'm currently using a solution now that's not as good as Stackify. Among the solutions I've been using so far, Stackify has been one of the best for me, but there's always room for improvement. For example, I don't know if it's just me, but when I try to get the log from Stackify, sometimes it doesn't appear in real-time. It takes a few minutes before the logs appear. When I redeploy my solution and the application starts, I don't see the logs immediately, and it would take two to three minutes before I see the logs. I don't know if other customers have a similar experience. It's the wait time for the logs to appear that's a concern for me, could be improved, and is what the Stackify team should be looking into. In terms of any additional feature that I'd like added to the solution, I'm not sure if Stackify has a way to export logs out. I've been trying to do it. On the solution, you can click on a spiral-like icon and it shows you the entire error, and I'd prefer an export button that would let me download the error and save that into a text file, for example, so it'll be available on my local machine for me to reference it, especially because the log keeps going and as you're using the solution, the system keeps pushing messages on to Stackify, so if I'm looking at a particular error at 12:05 PM, for example, by the time I go back to my system and would like to revisit the error at 12:25 PM, on Stackify, the logs would have gone past that level and I won't see it again which makes it difficult. When you now go back to that timestamp, you don't tend to see it immediately, but if the solution had an export feature for me to save that particular error information on my local machine for reference at a later time, I won't have to go back to Stackify. I just go to that log, specifically to that particular export that I've received on my local machine. I can get it and review it, and it would be easier that way versus me going back to Stackify to find that particular error and request that particular information."
"The search feature could be improved."
IBM Security QRadar is a security and analytics platform designed to defend against threats and scale security operations.