IBM QRadar Review

It captures and processes large volumes of event data, and scales to support them in a unified database. But, it'd be good to have a default configuration to meet PCI requirements.


Valuable Features:

It's very helpful in meeting compliance monitoring and reporting (PCI DSS, PA DSS, ISO, SOX) requirements.

Improvements to My Organization:

It captures and processes large volumes of event data, and scales to support hundreds of thousands of events in one unified database. 

It also offers high-availability and disaster-recovery options. 

There's very high quality in reporting suitable to all most all compliance requirements.

Room for Improvement:

We use it mostly for purchases and regulatory requirements of that process. It would be good, therefore, if there was a standard configuration by default that was offered or proposed during install or configuration to meet PCI requirements, e.g. log archive duration set by default to one year for each device added. 

The event Information display might prioritize event ID, user, destination, source, and date/time as the first info gathered in the report.

Use of Solution:

We're only using the Log Manager.

Disclosure: I am a real user, and this review is based on my own experience and opinions.
Add a Comment
Guest
Sign Up with Email