We performed a comparison between IBM Security QRadar and IBM X-Force Exchange based on real PeerSpot user reviews.
Find out what your peers are saying about Microsoft, Splunk, Wazuh and others in Security Information and Event Management (SIEM)."The dashboard that allows me to view all the incidents is the most valuable feature."
"The most valuable feature is the alert notifications, which are categorized by severity levels: informational, low, medium, and high."
"The most valuable feature is the UEBA. It's very easy for a security operations analyst. It has a one-touch analysis where you can search for a particular entity, and you can get a complete overview of that entity or user."
"It is able to connect to an ever-growing number of platforms and systems within the Microsoft ecosystem, such as Azure Active Directory and Microsoft 365 or Office 365, as well as to external services and systems that can be brought in and managed. We can manage on-premises infrastructure. We can manage not just the things that are running in Azure in the public cloud, but through Azure Arc and the hybrid capabilities, we can monitor on-premises servers and endpoints. We can monitor VMware infrastructure, for instance, running as part of a hybrid environment."
"The analytic rule is the most valuable feature."
"The connectivity and analytics are great."
"I believe one of the main advantages is Microsoft Sentinel's seamless integration with other Microsoft products."
"There are some very powerful features to Sentinel, such as the integration of various connectors. We have a lot of departments that use both IaaS and SaaS services, including M365 as well as Azure services. The ability to leverage connectors into these environments allows for large-scale data injection."
"No doubt about it, the solution is extremely stable."
"QRadar UBA's most valuable feature is the risk rating of users depending on their behavior."
"It is very stable. We have not faced interruptions in the past four and a half years."
"This console gives you the entire view, which makes life easier and allows you to take precautionary measures."
"The most valuable aspect of the solution is the integration capabilities on offer."
"It allows us to search data both on-premises and on the cloud."
"The simplicity of the solution is the best feature."
"It showed us where weaknesses were in our environment, so we could actively target those patches first."
"This product has helped to increase staff productivity."
"The most valuable feature is you have the expertise of human experience directly involved. There is a team of experts."
"It's quite integratable so you can actually integrate and get IP malware and URL information. It also gives you some form of intelligence into what you're trying to investigate or what you're trying to understand."
"If I can use Sentinel offline at home and use it on a local network, it would be great. I'm not sure if I can use Sentinel offline versus the tools I have."
"The product can be improved by reducing the cost to use AI machine learning."
"The built-in SOAR is not really good out-of-the-box. The SOAR relies on logic apps and you almost need to have some kind of developer background to be able to make these logic apps. Most security people cannot develop anything..."
"I can't think of anything other than just getting the name out there. I think a lot of customers don't fully understand the full capabilities of Azure Sentinel yet. It is kind of like when they're first starting to use Azure, it might not be something they first think about. So, they should just kind of get to the point where it is more widely used."
"For certain vendors, some of the data that Microsoft Sentinel captures is redacted due to privacy reasons."
"The solution could improve the playbooks."
"Microsoft Sentinel should provide an alternative query language to KQL for users who lack KQL expertise."
"The KQL query does not function effectively with Windows 11 machines, and in the majority of machine-based investigations, KQL queries are essential for organizing the data during investigations."
"The solution is difficult to understand in the beginning and has complex management configurations that can be improved."
"IBM needs to invest more into the collaboration with other vendors."
"QRadar UBA only keeps the data for a short while (it's refreshed every five minutes) and would be improved if this were extended to a week or month."
"QRadar needs to be more specialized, along the lines of what other SIEM solutions are."
"Needs better visualization options beyond the time series charts and a few other options that they have."
"The AQL queries could be better."
"The AI engine could be smarter."
"There is a lot of manual configuration required in order for the product to run smoothly, and I think that it could be made more automatic."
"We would like to have more AI capabilities to detect threats and improve its productivity from a cybersecurity standpoint."
"You have to look for the new information from X-Force. X-Force will provide it but you have to look for it. We need clearer visibility."
"I would like to see better integration with other systems, solutions, and vendors."
IBM Security QRadar is ranked 4th in Security Information and Event Management (SIEM) with 198 reviews while IBM X-Force Exchange is ranked 7th in Threat Intelligence Platforms with 3 reviews. IBM Security QRadar is rated 8.0, while IBM X-Force Exchange is rated 8.0. The top reviewer of IBM Security QRadar writes "A highly stable and scalable solution that provides good technical support". On the other hand, the top reviewer of IBM X-Force Exchange writes "Speed threat assessment ,security investigations leveraging on real time actionable threat intel integrated to your Security Intelligence Platform". IBM Security QRadar is most compared with Splunk Enterprise Security, Wazuh, LogRhythm SIEM, Elastic Security and Fortinet FortiSIEM, whereas IBM X-Force Exchange is most compared with VirusTotal, ThreatConnect Threat Intelligence Platform (TIP), Recorded Future, Anomali ThreatStream and Mandiant Advantage.
We monitor all Security Information and Event Management (SIEM) reviews to prevent fraudulent reviews and keep review quality high. We do not post reviews by company employees or direct competitors. We validate each review for authenticity via cross-reference with LinkedIn, and personal follow-up with the reviewer when necessary.