We performed a comparison between IBM Security QRadar and Splunk Cloud Platform based on real PeerSpot user reviews.
Find out in this report how the two Security Information and Event Management (SIEM) solutions compare in terms of features, pricing, service and support, easy of deployment, and ROI."One of the most valuable features of Microsoft Sentinel is that it's cloud-based."
"It has basic out-of-the-box integrations with multiple log sources."
"The most valuable feature is the performance because unlike legacy SIEMs that were on-premises, it does not require as much maintenance."
"The in-built SOAR of Sentinel is valuable. Kusto Query Language is also valuable for the ease of writing queries and ease of getting insights from the logs. Schedule-based queries within Sentinel are also valuable. I found these three features most useful for my projects."
"The UI-based analytics are excellent."
"There are some very powerful features to Sentinel, such as the integration of various connectors. We have a lot of departments that use both IaaS and SaaS services, including M365 as well as Azure services. The ability to leverage connectors into these environments allows for large-scale data injection."
"I've worked on most of the top SIEM solutions, and Sentinel has an edge in most areas. For example, it has built-in SOAR capabilities, allowing you to run playbooks automatically. Other vendors typically offer SOAR as a separate licensed solution or module, but you get it free with Sentinel. In-depth incident integration is available out of the box."
"In Azure Sentinel, we have found, they do have a store in their capability. AI and intelligence features. We found that to be very helpful for us because some other things we do need to integrate again or find another vendor for the store"
"We've found the technical support to be very good."
"What I like the most about it is that you can very easily install and configure it. As compared to other SIEM solutions, for which you need to know and do a lot more to prepare your SIEM environment, QRadar is much simpler to install and configure. There are various options in the Admin console. In the Admin tab, you can design dashboards and view various graphs. It has a lot of attractive features, and you don't need to configure everything on your own."
"IBM QRadar has improved my organization by introducing many functions. It collects logs from all of our systems in the organization and has functioned very well. It alerts and correlates the aggregate events or offenses we receive through all the applications we use."
"It has improved comprehensive visibility for what is going on in the perimeters, and on the inside, as well."
"What we like about QRadar and the models that IBM has, is it can go from a small-to-medium enterprise to a larger organization, and it gives you the same value."
"The tool's most valuable feature is log source management. It enables us to connect to various log sources, including content, authentications, or other customized integrations. These integrations can be tailored for use with other platforms that don’t already have built-in IBM add-ons."
"Log correlation is very useful for processing alerts. It serves to follow up alerts in real-time, building an entire workflow."
"The monitoring and dashboards are great."
"The data management and instant search features are the most valuable ones for us, as they allow us to instantly retrieve information needed for reports and security compliance."
"This is a complete log reporting tool."
"The cloud is very fast."
"The most valuable feature is we don't have to deal with any back-end server maintenance because the solution is cloud-based."
"It has end-to-end visibility into our cloud-native environment, which is pretty important for us. About 80% of our infrastructure is on AWS."
"Splunk has sped up our response and reduced the time we spend manually monitoring any logs for ticketing tools or servers. It saves us around two hours daily."
"The most valuable feature of Splunk Cloud Platform is the alerting feature."
"The log search capabilities are very good."
"Azure Sentinel will be directly competing with tools such as Splunk or Qradar. These are very established kinds of a product that have been around for the last seven, eight years or more."
"The dashboards can be improved. Creating dashboards is very easy, but the visualizations are not as good as Microsoft Power BI. People who are using Microsoft Power BI do not like Sentinel's dashboards."
"One key area that can be improved is by building a strong integration with our XDR platform."
"Sentinel can be used in two ways. With other tools like QRadar, I don't need to run queries. Using Sentinel requires users to learn KQL to run technical queries and check things. If they don't know KQL, they can't fully utilize the solution."
"Sentinel should be improved with more connectors. At the moment, it only covers a few vendors. If I remember correctly, only 100 products are supported natively in Sentinel, although you can connect them with syslog. But Microsoft should increase the number of native connectors to get logs into Sentinel."
"I would like to be able to monitor applications outside of the Azure Cloud."
"Sentinel's reporting is complex and can be more user-friendly."
"There is a wider thing called Jupyter Notebooks, which is around the automation side of things. It would be good if there are playbooks that you can utilize without having to have the developer experience to do it in-house. Microsoft could provide more playbooks or more Jupyter Notebooks around MITRE ATT&CK Framework."
"IBM QRadar User Behavior Analytics is good, but I think the functionality should be much more integrated. You should have easy access to the artifacts if you are doing a particular investigation. It's good, but other team solutions like LogRhythm are actually merging the functionality. So, I think that is something IBM can work on."
"There could be improvements made to the UI, the user interface. Though the newer version, 7.3.2, might already have this improvement in place."
"I would like to see more integration in place after the security lock."
"Solution has too many menus that require going to two or three sub-monitors to enter the QRadar."
"There needs to be better integration with other applications."
"The implementation of the solution's technology needs to be simplified."
"They have to build more quantitative monitoring, profiling, and make it more predictive."
"Needs better visualization options beyond the time series charts and a few other options that they have."
"The only thing that is missing from Splunk Cloud is the command-line interface."
"Support could be improved."
"Although there is documentation available, it is really hard for me to find relevant topics on what it is that I'm searching for."
"The Splunk Cloud Platform dashboard could benefit from some improvements."
"The Splunk interface is on-premises, so we have limited access to Splunk Cloud. Splunk support is not so good on Splunk Cloud. The Splunk side of the Splunk Cloud should also be more customizable. Integrating Splunk UBA, Splunk Phantom, and Splunk Cloud is also a bit difficult."
"The search for bulk data needs to be improved. When we were looking for the flow, we had to search really hard. I wanted to request the Splunk team to add some features for better search because getting the flow of the bulk data was sometimes hard."
"Support is the bigger issue when we have a problem. When we need their help, it takes weeks or months to actually get resolved."
"Its stability and performance can be better. Very rarely does a day go by when we do not see an error in the console, such as a health check error. Because it is cloud-hosted, we do not have access to the backend to figure it out ourselves. We are reliant on their support to figure it out, and a couple of days later, the error comes back or it is a different error. It is a never-ending cycle of support tickets. Their support is also not great."
IBM Security QRadar is ranked 4th in Security Information and Event Management (SIEM) with 198 reviews while Splunk Cloud Platform is ranked 3rd in Data Visualization with 34 reviews. IBM Security QRadar is rated 8.0, while Splunk Cloud Platform is rated 8.0. The top reviewer of IBM Security QRadar writes "A highly stable and scalable solution that provides good technical support". On the other hand, the top reviewer of Splunk Cloud Platform writes "Does not require backend maintenance, is easily integrated and utilized". IBM Security QRadar is most compared with Splunk Enterprise Security, Wazuh, LogRhythm SIEM, Elastic Security and Fortinet FortiSIEM, whereas Splunk Cloud Platform is most compared with Wazuh, Splunk Enterprise Security, Check Point Security Management, AppInsights and Fortinet FortiAnalyzer. See our IBM Security QRadar vs. Splunk Cloud Platform report.
We monitor all Security Information and Event Management (SIEM) reviews to prevent fraudulent reviews and keep review quality high. We do not post reviews by company employees or direct competitors. We validate each review for authenticity via cross-reference with LinkedIn, and personal follow-up with the reviewer when necessary.