We performed a comparison between Graylog, IBM Security QRadar, and Snare based on real PeerSpot user reviews.
Find out what your peers are saying about Splunk, Datadog, Wazuh and others in Log Management."I like the correlation and the alerting."
"The ability to write custom alerts is key to information security and compliance."
"The solution's most valuable feature is its new interface."
"UDP is a fast and lightweight protocol, perfect for sending large volumes of logs with minimal overhead."
"What I like about Graylog is that it's real-time and you have access to the raw data. So, you ingest it, and you have access to every message and every data item you ingest. You can then build analytics on top of that. You can look at the raw data, and you can do some volumetric estimations, such as how big traffic you have, how many messages of data of a type you have, etc."
"Graylog's search functionality, alerting functionality, user management, and dashboards are useful."
"The product is scalable. The solution is stable."
"This had increased productivity for the dev and support teams, because we are directly notifying them."
"Improves visibility and has a great new dashboard."
"IBM QRadar is easy to scale, it doesn't affect the environment. In our office, we have around 40 - 50 users, but our clients have more users on their networks. Our organization has staff in the software department that manages IBM QRadar for us."
"Due to the skills shortage, we are able to use it from the standpoint of bringing in a lower level employee or a person who may not have security knowledge."
"Log correlation is very useful for processing alerts. It serves to follow up alerts in real-time, building an entire workflow."
"The threat hunting capabilities in general are great."
"It can analyze event logs, event security, and give a good consult."
"QRadar, Splunk, and ArcSight are SIEM solutions with built-in AI/ML features. They can do the complete investigation and alert the admin about what is happening. They can also do the root cause analysis. There are many other features that come with QRadar. It has a more granular log, so you can integrate with various non-IT as well as IT-based components. You can get unstructured data to the SIEM data, and you can identify more what is happening in the network or what is happening in the central head office. You can also identify what is happening between your remote offices. You can also use it to identify what the users in the field are doing on their devices and how things are moving. From the integration point of view, it is very centric. It gives complete control centrally. If a user is not connected to the system, whenever he comes online, we can see the policy updates over the Internet, and we can ensure that the data that is supposed to be protected is protected."
"It is incredibly easy to deploy. All the appliances are flexible in the roles that they serve and are all managed the in the same way."
"The most valuable feature of Snare is flexibility or the ability to filter all things you don't want and don't have security value."
"Snare has good agents, especially for Windows."
"The best thing about Snare is its format and consistency."
"I hope to see improvements in Graylog for more interactivity, user-friendliness, and creating alerts. The initial setup is complex."
"I would like to see a date and time in the Graylog Grok patterns so that I can save time when searching for a log. I like how the streams and the search query work, but adding a date and time will allow me to pull out a log in a milli-second."
"There should be some user groups and an auto sign-in feature."
"I would like to see a default dashboard widget that shows the topology of the clusters defined for the graylog install."
"Since container orchestration systems are popular and Graylog fits the niche well, perhaps they could officially support running in docker containers on Kubernetes as a StatefulSet as a use case. That way, the declarative nature of Kubernetes config files would document their best case deployment scenario-"
"Over six months, I had two similar issues where searches were performed on field "messages". It exhausted all the memory of the ES node causing an ES crash and a Graylog halt."
"Graylog can improve the index rotation as it's quite a complex solution."
"Its scalability gets complicated when we have to update or edit multiple nodes."
"The implementation and configuration are not easy."
"I have also been working with other SIEM solutions, and I have observed that they have extensive Linux-based and Unix-based integrations. They have been able to support some of the Linux-based agents, which is useful to investigate and process the information on the Linux and Unix side."
"Solution has too many menus that require going to two or three sub-monitors to enter the QRadar."
"IBM technical support is always terrible."
"It is not app based."
"I think that the search speed of this solution could be improved."
"There could be better integration with the solution."
"The solution is difficult to understand in the beginning and has complex management configurations that can be improved."
"The solution is now developing a SIEM-like feature on Snare Central Server, but it's not complete yet."
"Snare should modernize its GUI a little bit."
"Users will initially find it difficult to identify the event types and installation in Snare."
