We performed a comparison between IBM Security QRadar and Zabbix based on real PeerSpot user reviews.
Find out what your peers are saying about Microsoft, Splunk, Wazuh and others in Security Information and Event Management (SIEM)."We didn't have anything similar. So, it really provides value from the incidents and automation point of view. The overview of the security fabric is most valuable."
"I like the unified security console. You can close incidents using Sentinel in all other Microsoft Security portals, when it comes to incident response."
"The best feature is that onboarding to the SIM solution is quite easy. If you are using cloud-based solutions, it's just a few clicks to migrate it."
"The most valuable feature is the onboarding of the workloads. You can see all that has been onboarded in your account on the dashboards."
"It's easy to use. It's a very good product. It can easily ingest data from anywhere. It has an easily understandable language to perform actions."
"There are some very powerful features to Sentinel, such as the integration of various connectors. We have a lot of departments that use both IaaS and SaaS services, including M365 as well as Azure services. The ability to leverage connectors into these environments allows for large-scale data injection."
"The Log analytics are useful."
"The initial setup is very simple and straightforward."
"IBM has everything you need in a cybersecurity solution. If you want to build a cybersecurity operation center version then I think QRadar is a perfect solution."
"The features that I have found most valuable in QRadar are its data enrichment, use case creations, and adding references - those kinds of features are very good. Also QRadar's event filtration and device integration are perfect."
"The playbook engine is flexible and allows for the graphical visualization of processes, enabling the implementation of dynamic playbooks for incident response or testing."
"It does good correlation for events. It does good general analysis, and it has good apps as well."
"We find predictive analysis capabilities valuable."
"In addition to using this solution for our security operations center, we are using it for our other customers."
"It is a very optimized engine."
"It provides many options for searching. I can see devices from different vendors, like Cisco, in one interface, which is good for me."
"The solution allows you to configure and customize how you want to collect information from servers or other systems."
"The solution is stable."
"Zabbix is good for discovery."
"The most valuable feature is service assurance."
"The features I found most valuable are the user interface and a wide range of network devices that are easy to configure."
"The most valuable feature is monitoring."
"The pricing of the product is reasonable."
"In terms of customization and integration, we have more flexibility. We can automate configurations, define deletion rules, and customize based on the needs. The client interface allows for further configuration, making it quite comprehensive."
"Sometimes, it is hard for us to estimate the costs of Microsoft Sentinel."
"The KQL query does not function effectively with Windows 11 machines, and in the majority of machine-based investigations, KQL queries are essential for organizing the data during investigations."
"If we want to use more features, we have to pay more. There are multiple solutions on the cloud itself, but the pricing model package isn't consistent, which is confusing to clients."
"It would be good to have some connectors for third-party SIEM solutions. Many customers are struggling with the integration of Azure Sentinel with their on-premise SIEM. Microsoft is changing the log structure many times a year, which can corrupt a custom integration. It would be good to have some connectors developed by Microsoft or supply vendors, but they are not providing such functionality or tools."
"Multi-tenancy, in my opinion, needs to be improved. I believe it can do better as a managed service provider."
"The only thing is sometimes you can have a false positive."
"In terms of features I would like to see in future releases, I'm interested in a few more use cases around automation. I do believe a lot of automation is available, and more is in progress, but that would be my area of interest."
"Sentinel could improve its ticketing and management. A few customers I have worked with liked to take the data created in Sentinel. You can make some basic efforts around that, but the customers wanted to push it to a third-party system so they could set up a proper ticketing management system, like ServiceNow, Jira, etc."
"The API integration for AD is a problem when it comes to vulnerability management. If you want to incorporate multiple factor authentication it becomes a problem with the AD. It doesn't integrate well. That needs to be improved."
"There could be improvements made to the UI, the user interface. Though the newer version, 7.3.2, might already have this improvement in place."
"The initial setup was complex, and it took six months."
"I don't give it a 10 because it is something we have to request. I would love it if UBA was included out of the box like Microsoft."
"They need to improve their threat intelligence feed and they need to improve their user behavior analytics modules."
"I'd like them to improve the offense. When QRadar detects something, it creates what it calls offenses. So, it has a rudimentary ticketing system inside of it. This is the same interface that was there when I started using it 12 years ago. It just has not been improved. They do allow integration with IBM Resilient, but IBM Resilient is grotesquely expensive. The most effective integration that IBM offers today is with IBM Resilient, which is an instant response platform. It is a very good platform, but it is very expensive. They really should do something with the offense handling because it is very difficult to scale, and it has limitations. The maximum number of offenses that it can carry is 16K. After 16K, you have to flush your offenses out. So, it is all or nothing. You lose all your offenses up until that point in time, and you don't have any history within the offense list of older events. If you're dealing with multiple customers, this becomes problematic. That's why you need to use another product to do the actual ticketing. If you wanted the ticket existence, you would normally interface with ServiceNow, SolarWinds, or some other product like that."
"I have noticed the interface has room for improvement."
"Whenever we are upgrading or installing any type of patch, at that time we have some delays."
"For us, the initial setup was complex"
"The server monitoring could be better."
"The event correlation could be better."
"The documentation gets a bit messy between versions and is not too detailed, which is a bit painful for first-timers, especially when they run into issues."
"It could be more stable."
"The user interface could be a bit better. They could update it a bit."
"The documentation could be improved."
"There is a bit of a learning curve during installation."
IBM Security QRadar is ranked 4th in Security Information and Event Management (SIEM) with 198 reviews while Zabbix is ranked 1st in Network Monitoring Software with 98 reviews. IBM Security QRadar is rated 8.0, while Zabbix is rated 8.2. The top reviewer of IBM Security QRadar writes "A highly stable and scalable solution that provides good technical support". On the other hand, the top reviewer of Zabbix writes "Allows any number of customizations but lacks functionality for finding root causes". IBM Security QRadar is most compared with Splunk Enterprise Security, Wazuh, LogRhythm SIEM, Elastic Security and Fortinet FortiSIEM, whereas Zabbix is most compared with Centreon, Checkmk, SolarWinds NPM, Nagios XI and Nagios Core.
We monitor all Security Information and Event Management (SIEM) reviews to prevent fraudulent reviews and keep review quality high. We do not post reviews by company employees or direct competitors. We validate each review for authenticity via cross-reference with LinkedIn, and personal follow-up with the reviewer when necessary.