We performed a comparison between Elastic Beats, IBM Security QRadar, and LogRhythm SIEM based on real PeerSpot user reviews.
Find out what your peers are saying about Splunk, Datadog, Wazuh and others in Log Management."There's a whole spectrum of features on the solution that users can take advantage of. It's a very robust product."
"The security aspects in general have been very useful to use."
"QRadar shows very effective correlations. If you combine all the logins plus user behavior and the current intelligence, it gives a very good correlation for business. I think it reduces the false positives in user activity monitoring because there is a lot of social information to correlate with other data."
"We can easily monitor many things using this tool."
"The rule engine is very easy to use — very flexible."
"It does good correlation for events. It does good general analysis, and it has good apps as well."
"There are other third-party plugins that we can use."
"The product provides a complete platform for ingesting the log, doing the correlations and handling the runtime."
"Network-Based Anomaly Detection (NBAD): Using NetFlow, JFlow, SFlow, or QFlow (all 7 layers), offenses are detected as a response when a rule is triggered."
"No doubt about it, the solution is extremely stable."
"As a SIEM, probably the best feature is that it can be tuned effectively. There are very few SIEMs out there that can be effectively tuned to provide you with meaningful information and not be overwhelmed."
"It has centralized monitoring for our security operations. Therefore, it improves our analysts' work."
"Our clients enjoy having one dashboard to monitor their environments in real time."
"Provides visibility into the network."
"The ability for me to go into the Web UI, and just learn what's going on in my environment."
"NextGen SIEM's most valuable feature is its user-friendliness."
"SOAR is integrated with the dashboard that we use for threat management. Because it's all integrated, it is useful for us when we deploy something on-prem."
"The most valuable feature of LogRhythm for me is the ability to correlate logs throughout many different log sources."
"The dashboard is not user-friendly. The solution, in general, isn't great from a user's perspective."
"At some level, the documentation, the information as far as the components, it's sometimes a little difficult to find the information necessary to implement aspects."
"Pricing model could be more cost-effective."
"I need a solution which will send alerts in the event of any behavior."
"There should be easier and wider integration opportunities. There should be more opportunities for integration with CTI info sharing areas. On platforms where you exchange CTI, there should be more visibility connected to what we share, what we can reach, or what options are connected to CTI info sharing. This is one area where they could add value because we cannot integrate it easily with QRadar. If a client has a legacy or already existing solutions for CTI, we cannot ask them to forget it because we cannot guarantee that QRadar is able to deliver everything connected to this area."
"I have noticed a few things while working on this. After the restart of the server, sometimes, the services misbehave, and you need to manually start or restart the service. I have seen that specifically with the Tomcat service. Sometimes, when you click on log sources, instead of opening the log source extension, it redirects you over the internet."
"The solution can be improved by lowering the cost and bettering their technical support."
"IBM technical support is always terrible."
"The custom rules could be simplified more or it should be possible to use a different language, other than the ones that the solution is already using. They should add other languages into the mix."
"The features that could be improved include the licensing model and the dashboards and all those presentations. Overall, the user experience part can be improved."
"I would probably look for more things to go into the web console that is currently on the fat client."
"The web and on-premise console interface should be the same instead of having a separate engine for each."
"Right now there is the concern about being able to gather all of the data into the system."
"In the next release, I would certainly like to see more HIPAA compliance. I would also like to see more integration with Palo Alto Networks, particularly their Traps, which is their endpoint solution."
"The customer support system is time-consuming."
"Sometimes the error-logging is not altogether helpful. For example, on an upgrade, a systems data processor, a Windows box, was throwing an error code like 1083. Then it just stopped and it died right out of the installer and nobody looked. We searched through Google and what it means is the Windows Firewall wasn't turned on so that it could create a rule for the product. Why wouldn't they bubble up that description so that I wouldn't have to call support and I could just know, "Okay, the firewall wasn't turned on. Turn it back on. Re-run the installer and keep going.""
"The software needs to work on its pricing."
"We have run into problems with stability going through upgrade processes. Recently, we have been on the front edge of the upgrade path. When that happens we tend to run into issues either with certain functionality not working after the upgrades or stability issues because of the upgrades."
Earn 20 points