We performed a comparison between ArcSight Logger, IBM Security QRadar, and Sumo Logic Security based on real PeerSpot user reviews.
Find out what your peers are saying about Splunk, Datadog, Wazuh and others in Log Management."The log digestion features from threat intelligence platforms like Recorded Future or Talos are valuable."
"I am impressed with the product's ability to pick up logs. It also has UEBA which has reduced the time to take charge of the events."
"It's a brilliant log collection tool, and it can handle hundreds of thousands of servers in a single shot to ingest the data."
"We check a lot of logs in ArcSight Logger because we're running a massive database platform."
"The technical support team is good...It is a scalable solution."
"It's a robust, mature product and you can do some really complex operations and analytics."
"The solution provides information about the risk factors."
"It's an efficient solution."
"What I like about IBM QRadar User Behavior Analytics is that it uses machine learning algorithms to generate risk scoring for the user activity. I also like that it syncs with our Active Directory users, so it really has full coverage for all users in our environment."
"It also has a graph that shows the traffic history. I can see what happened yesterday or today. If there's an incident, I can check the traffic behavior on QRadar."
"Vulnerability data, network data and the like, are part of correlation and detection."
"Log correlation is very useful for processing alerts. It serves to follow up alerts in real-time, building an entire workflow."
"It'll get you from point A to B."
"We've found the solution to be scalable."
"IBM Qradar's ability to simplify the number of events, not only on a technical level but by making that information easy to pan through the orchestration deduplication. It is very impressive given that we have hundreds of devices that send event logs through."
"The solution is reliable."
"Sumo Logic Security is a good solution for searching the logs and identifying the issues."
"We can integrate threat intelligence solutions into the product."
"For many of our services, we use Sumo Logic to track errors and send notifications to our Slack channel, if there are issues. Then, we have our support people monitoring this, and they can react quickly."
"We use it to ingest Windows domain controller logs. We use this to monitor if anyone is placed in particular administration groups that potentially shouldn't be. It helps us keep track of people."
"We have used it many times to find a root cause of a live issue, then fix the problem in the applications."
"It helps a lot because we can troubleshoot issues pretty easily."
"We can ingest logs and make reports out of them. It is a good tool which can help us monitor any issues."
"We are able to diagnose problems before our customers."
"The initial setup was a little bit complex."
"I would rate the technical support only 5 out of 10. The technical support is not satisfactory."
"You have limited reporting capabilities and I wouldn't choose ArcSight Logger for this purpose."
"The platform is quite expensive. They should reduce its cost."
"It's not a new product and is a bit complex. So, it requires a person dedicated to working on it and to know about it in and out. It is a huge product, and the search operation is a bit complicated for a new user or someone who has not used it for long. So for that person, it becomes a bit difficult."
"The solution should make it possible to integrate network analysis features."
"We find that the search and access functionality is quite slow."
"The console in older versions is not user-friendly."
"I would like to see the update process simplified."
"There are areas in IBM Security QRadar that could benefit from improvement. Its ability to customize knowledge for specific purposes could be enhanced. Also, it lacks clarity in presenting details. It is also difficult to see the reports."
"The Indian tech support is not helpful."
"Technical support is good, but not great."
"IBM Qradar could improve the reporting. The tool is not designed to report. It's a great operational monitoring tool. You put it on a screen and you watch it. If you want to have analytics out of it, that's a whole different story. You're going to need more people and tools. What should be added is reporting and integration into Power BI, into some capability that produces analytical reports from the source data. IBM does not seem to care to add these features."
"Search capability and indexing still lag behind competitors. We also need to see improved rule based access controls and rule/event tuning."
"The interface is very old. IBM should remake it into a more modern interface."
"Some UI enhancements would be nice, such as exporting custom event properties and the ability to export rules."
"In my opinion, this solution has a steep learning curve and requires practice if users to be able to use this tool very efficiently."
"If you want to up your subscription through the AWS Marketplace, it can be difficult. You can't just go back to the AWS Marketplace, and say, "I want a bigger one now." You have to contact the sales team, then they do it on the back-end. This could definitely be improved."
"The API integration in Sumo Logic Security could improve. There are delayed connections or they stop and then automatically start. Having a seamless log collection would be beneficial."
"Sumo Logic needs to make sure integrating solutions are seamless."
"The integration with multiple sources could be better."
"If you look at some of the other offerings right now that are available in the market, they do offer APM as well as the product they're offering. I believe Sumo Logic is not there yet. So that's something which I would love to see."
"The dashboard has room for improvement, because sometimes it is a difficult to create a specific dashboard or query. This would be a nice place to correct problems."
"I would like to see improvement in the user experience when configuring things, ingesting logs, and creating ports."