Top Rated Palo Alto Cortex XSIAM Alternatives
The QRadar EDR is one of my personal favorite EDR.
As SOC Analyst Im always receiving logs from QRadar EDR and many of our clients using it as their EDR. The main think I love in QRadar's EDR is the Dashboards, this provide a very user friendly dashboard as their home dashboard there we can see stats of all of our endpoints in less complicated way. also the behavioral tree is next level it helping us in incident response very well and it is easy to integrate to SIEM softwares. Review collected by and hosted on G2.com.
it require some programing knowledge to develop uses cases. Review collected by and hosted on G2.com.
Video Reviews
IR Response
473 out of 474 Total Reviews for Palo Alto Cortex XSIAM
Overall Review Sentiment for Palo Alto Cortex XSIAM
Log in to view review sentiment.
QRadarr provides Admin Friendly user interface which makes its configuration and deployment very easy. Its correlation engine and built-in rules in my opinion is best when compares to other SIEM Solutions Review collected by and hosted on G2.com.
Legal and Compliance 2- Pro-active threat monitoring and alerting capability to Prevent potential security breaches
3- Better reporting, log collection, analysis and retention Review collected by and hosted on G2.com.
The scalability of the platform allows seamless integration with different products, enabling efficient correlation of events from different log sources. Review collected by and hosted on G2.com.
Initial implementation and customisation can be challenging and require significant time and expertise to adapt the system to the specific needs of the organisation. Review collected by and hosted on G2.com.
One of Qradar's strenghts is certainly the intuitive user interface, which can help less experienced users move more easily within SIEM pages. One other good thing is the scalability and easy integration with most of the products on the market, which is critical for correlating events from different log source types. Review collected by and hosted on G2.com.
The main problem encountered in 5 years of product is the the technical support received from IBM in case of major problems. Working in cyber security, I believe that response times are a fundamental point, in a world where even a few minutes can make the difference Review collected by and hosted on G2.com.
- AQL language have the same syntax as SQL, making it easy and fast to create fine grained searches;
- AQL also makes it easy to create Dashboards, really helpful to our clients;
- Rule creation is easy enough to understand and implement;
- Integration with IBM X-Force is fundamental to our operation;
- New UI's visual builder makes it super easy to search for events and flows;
- Easy to setup multiple domains for everyday use in multiple environments;
- IBM's employees provide great support; Review collected by and hosted on G2.com.
- New UI (QRadar UI (v2.32.0)) have less features than the old one, we can't search for offenses as easily: we can't search for offenses that started in an specific date, only predefined timeranges (hour, 12h, 7d, 30d etc);
- Pulse only allows to edit a dashboard if you're the one who created it. All admins should be allowed to edit them;
- We can't create notes on an offense from the new UI, notes are really helpful;
- Report building is terrible, clumsy and slow, and not a lot of customization; Review collected by and hosted on G2.com.
The features like advanced threat detection, user friendly UI, scalability, AI powered automation etc. are good offerings from QRadar. And I like these features. Review collected by and hosted on G2.com.
I found some difficulties in the initial setup , customization limitation, delayed response time when load is high. If the organization size is small, then cost to acquire QRadar license can be high which makes it inaccesible. Review collected by and hosted on G2.com.
We use IBM Qradar to collect log for our customer, log have different server, computer , switch, firewall ecc and in this way we have one Siem that help us to collect and extend data retention of customer log, create different use case and generate offense for malicious activity Review collected by and hosted on G2.com.
the cost of this solution is more expensive compare with competitor Review collected by and hosted on G2.com.
Qradar is easy to handle tool. Qradar provides a good log or flow search experience. It is easy to handle the offenses as correlation works great and we are able to see any previous offense from the same attacker. Review collected by and hosted on G2.com.
There is only one thing which I dislike about Qradar is its dashboard experience. Qradar has very old fashioned dashboard. They added pulse for better dashboards but they discontinued it. Review collected by and hosted on G2.com.
Qradar acts as a one stop solution to manage, correlate and investigate all the network, application events. The product makes it easy to remediate threats while maintaining the bottom line. IBM Qradar offers a vast insights of all the activities happening across our network. The tool also enables to identify the abnormalities in the user behaviour analytics. The eas of implementation and integration with other platforms is a feather in one's cap for Qradar. Review collected by and hosted on G2.com.
As a ardent customer of IBM Qradar for past five years, there is nothing to dislike about the product. Review collected by and hosted on G2.com.
It helps into deep packet inspection to identify threat as well correlate the data for analysis and threat hunting. Review collected by and hosted on G2.com.
Cannot handle large data sets requires and ELK for data injections, memory intensive which increases the chances of instability, the latest version doesn't have a gpt kind of functions which helps adminstrator run simple query to get output as not every one can learn the query language Review collected by and hosted on G2.com.
