We performed a comparison between Graylog, IBM Security QRadar, and NNT Log Tracker Enterprise based on real PeerSpot user reviews.
Find out what your peers are saying about Splunk, Datadog, Wazuh and others in Log Management."We're using the Community edition, but I know that it has really good dashboarding and alerts."
"I like the correlation and the alerting."
"Real-time UDP/GELF logging and full text-based searching."
"One of the most valuable features is that you are able to do a very detailed search through the log messages in the overview."
"We run a containerized microservices environment. Being able to set up streams and search for errors and anomalies across hundreds of containers is why a log aggregation platform like Graylog is valuable to us."
"UDP is a fast and lightweight protocol, perfect for sending large volumes of logs with minimal overhead."
"Allowing us to set up alerts and integrate with platforms we already use, such as Slack and OpsGenie to alert users of these errors proactively, is also a very useful feature."
"It is used as a log manager/SIEM. It provides visibility into the infrastructure and security related events."
"The correlation and the parsing are important features, since it is very important for a SIEM to have a good scalability and performance."
"It protect us from multiple authentication values, unauthorized access and antivirus threats."
"Senses, tracks, and links significant incidents and threats."
"Customer service is very good and very helpful."
"The solution can scale."
"The scalability is awesome, because QRadar includes other solutions in the same console."
"The best part of this solution is having a third-party SOC."
"Most of our clients are interested in automation. The automation part is good because they are able to detect threats and vulnerabilities in real time. It's very fast."
"The most valuable feature is the predefined reports for PCI compliance."
"The FIM features in the Change Tracker and the Log Tracker are the most valuable."
"File integrity monitoring is a very important function."
"This is a very easy-to-use interface with a quick ramp-up time."
"I would like to see a default dashboard widget that shows the topology of the clusters defined for the graylog install."
"More customization is always useful."
"Elasticsearch recommendations for tuning could be better. Graylog doesn't have direct support for running the system inside of Kubernetes, so it can be challenging to fill in the gaps and set up containers in a way that is both performant and stable."
"I hope to see improvements in Graylog for more interactivity, user-friendliness, and creating alerts. The initial setup is complex."
"Lacks sufficient documentation."
"Graylog needs to improve their authentication. Also, the fact that Graylog displays logs from the top down is just ridiculous."
"More complex visualizations and the ability to execute custom Elasticsearch queries would be great."
"There should be some user groups and an auto sign-in feature."
"I don't look at only the features and benefits; I also look at the price. It is a bit expensive when compared with other solutions. It is expensive for specific deployment topologies, and the decision-makers go for alternatives like ArcSight. It should also have more AI features or capabilities for better threat intelligence. The more it uses machine learning, the better would be the dashboard, analytics, and other things."
"There is a shortage of skilled individuals with knowledge about the solution. There is training required."
"Pricing model could be more cost-effective."
"There is a lot of manual configuration required in order for the product to run smoothly, and I think that it could be made more automatic."
"I would like for Yara to be supported by all components."
"The dashboard and reports are not user-friendly or efficient so are of little help with threat hunting activity."
"In terms of what could be improved, I would say the script which we have to create for custom actions. QRadar needs to improve that feature. Additionally, QRadar has to provide the playbooks designing features."
"IBM Security QRadar lacks automated response. With this feature, there's no need to visit VirusTotal or other sites for IP reputation. There should be a small plug-in where users can click to retrieve details about the reputation and organization of public IP."
"The correlation suite needs to be improved."
"I would like to see the integration of AI technology, so rather than manually monitoring the logs, the tool will understand it and take care of it."
"Only one minor deployment issue came up and it was resolved quickly. No other areas of improvement come to mind yet."
"It is able to identify the vulnerability, however, they need an option to auto-mitigate."