We performed a comparison between IBM Security QRadar and Splunk User Behavior Analytics based on real PeerSpot user reviews.
Find out in this report how the two User Entity Behavior Analytics - UEBA solutions compare in terms of features, pricing, service and support, easy of deployment, and ROI."The threat hunting capabilities in general are great."
"It has a powerful GUI where you can put together your use cases, and don't have to write your own scripts."
"I like the graphical interface. It's so good and easy."
"Vulnerability detection is the most valuable feature. It's the tool that finds the threats."
"The ability to add extensions is the most valuable feature. For example, extensions that provide valuable test ports."
"One of the most valuable features is its ability to integrate with other solutions. IBM has a lot of solutions and we have managed to make it work with IBM BigFix and MaaS360, and even Microsoft."
"The timeline and machine learning features are great."
"It provides many options for searching. I can see devices from different vendors, like Cisco, in one interface, which is good for me."
"Splunk is more user-friendly than some competing solutions we tried."
"This intelligent user behavior analytics package is easy to configure and use while remaining feature filled."
"The solution appears to be stable, although we haven't used it heavily."
"The most valuable feature is being able to take data and put it into other systems so that we could see the output, and to see where we need to apply our focus."
"It's easily scalable."
"The most valuable features are the indexing and powerful search features."
"This is a good security product."
"The product is at the forefront of auto-remediation networking. It's great."
"IBM QRadar Advisor with Watson could be more user-friendly. You need some skills and understanding of what you're looking at, especially if you're going to draw down specific information."
"Some UI enhancements would be nice, such as exporting custom event properties and the ability to export rules."
"Solution has too many menus that require going to two or three sub-monitors to enter the QRadar."
"IBM is going through some problems with its resources currently making its support response time slow."
"The solution is clunky."
"The API integration for AD is a problem when it comes to vulnerability management. If you want to incorporate multiple factor authentication it becomes a problem with the AD. It doesn't integrate well. That needs to be improved."
"The only challenge is that IBM has been a closed enterprise. It should be more open to integrating with other providers at an enterprise level. We're a bank and the core banking system integration is not way straightforward and there is no integration between IBM and these products. If IBM could open up and provide a way of integrating it seamlessly, without charging more for it, that would make a big difference."
"I have also been working with other SIEM solutions, and I have observed that they have extensive Linux-based and Unix-based integrations. They have been able to support some of the Linux-based agents, which is useful to investigate and process the information on the Linux and Unix side."
"In the future I would like to see simplified statistics and analytical threats."
"The initial setup was complex because some of the configurations that we required needed customization."
"We'd like the ability to do custom searches."
"I would like improved downward integration with other tools such as McAfee and other GCP solutions."
"Currently, a lot of network operations need improvement. We still need people to handle incidents. Our vision is to leverage status and convert it directly from the network devices. It would be ideal if we could take action using APIs and API code and remove manual processes."
"The correlation engine should have persistent and definable rules."
"There are occasional bugs."
"It could be easier to scale the solution if you are using it on-premise, not in the cloud."
More Splunk User Behavior Analytics Pricing and Cost Advice →
IBM Security QRadar is a security and analytics platform designed to defend against threats and scale security operations.
IBM Security QRadar is ranked 1st in User Entity Behavior Analytics - UEBA with 197 reviews while Splunk User Behavior Analytics is ranked 2nd in User Entity Behavior Analytics - UEBA with 17 reviews. IBM Security QRadar is rated 8.0, while Splunk User Behavior Analytics is rated 8.2. The top reviewer of IBM Security QRadar writes "A highly stable and scalable solution that provides good technical support". On the other hand, the top reviewer of Splunk User Behavior Analytics writes "Easy to configure and easy to use solution that integrates with many applications and scripts ". IBM Security QRadar is most compared with Microsoft Sentinel, Splunk Enterprise Security, Wazuh, LogRhythm SIEM and Fortinet FortiAnalyzer, whereas Splunk User Behavior Analytics is most compared with Darktrace, Microsoft Defender for Identity, Varonis Datalert, Cynet and Exabeam Fusion SIEM. See our IBM Security QRadar vs. Splunk User Behavior Analytics report.
See our list of best User Entity Behavior Analytics - UEBA vendors.
We monitor all User Entity Behavior Analytics - UEBA reviews to prevent fraudulent reviews and keep review quality high. We do not post reviews by company employees or direct competitors. We validate each review for authenticity via cross-reference with LinkedIn, and personal follow-up with the reviewer when necessary.