We just raised a $30M Series A: Read our story
2017-03-30T06:20:00Z

What needs improvement with IBM QRadar?

129

Please share with the community what you think needs improvement with IBM QRadar.

What are its weaknesses? What would you like to see changed in a future version?

ITCS user
Guest
7979 Answers

author avatar
Top 5Reseller

The usability of interfaces could be improved and the solution could have better correlation services, as well as faster and updated intelligence interfaces.

2021-10-04T15:20:38Z
author avatar
Top 20Real User

The concern with QRadar is that there are so many features in the dashboard, too many menus that require going to two or three sub-monitors to enter the QRadar. The user interface is good but there are so many features that can be confusing for the administrator. It could be simplified.

2021-09-24T02:06:16Z
author avatar
Top 5LeaderboardReal User

The only challenge with products like IBM is the EPS. You just have to be really on the events per second, as that's where the cost factor becomes a huge issue. You do need proper training. Better training leads to better implementation. South Africa does not have the most knowledgeable technical support team. One challenge that you have in South Africa is the quality of the IBM resources. They're not up to the level companies need. I have to criticize IBM on that point - the skill level in South Africa and the South African franchise of IBM doesn't necessarily meet the quality of the product. They can improve on the architecture. It's the way you deploy it. It's your enterprise architecture team that needs to understand it well. Again, due to our unique skillset on it, we deploy it in a very different way where we reduce the consumption of events per second, which reduces the overall cost of it. However, with the architecture, you need to get better guidance from IBM in terms of the way which the architecture is done. What I will say about IBM is that if you deploy it stock standard, it can be a very expensive tool, especially with your events per second, and where the way you deploy it architecturally will determine how much it costs you to manage it, as your events per second can be reduced through proper architecture. It's critical to an IBM install that a user understands the architecture and the deployment strategy.

2021-09-07T12:23:57Z
author avatar
Top 10Real User

In terms of the GUI, they need to improve the consistency. It has been written by different teams at different times. So, when you go around the interface, you'll find a lot of inconsistencies in terms of the way it works. I'd like them to improve the offense. When QRadar detects something, it creates what it calls offenses. So, it has a rudimentary ticketing system inside of it. This is the same interface that was there when I started using it 12 years ago. It just has not been improved. They do allow integration with IBM Resilient, but IBM Resilient is grotesquely expensive. The most effective integration that IBM offers today is with IBM Resilient, which is an instant response platform. It is a very good platform, but it is very expensive. They really should do something with the offense handling because it is very difficult to scale, and it has limitations. The maximum number of offenses that it can carry is 16K. After 16K, you have to flush your offenses out. So, it is all or nothing. You lose all your offenses up until that point in time, and you don't have any history within the offense list of older events. If you're dealing with multiple customers, this becomes problematic. That's why you need to use another product to do the actual ticketing. If you wanted the ticket existence, you would normally interface with ServiceNow, SolarWinds, or some other product like that. Their support should also be improved. Their support is very slow, and it is very difficult to find knowledgeable people within IBM. Its price and licensing should be improved. It is overly expensive and overly complex in terms of licensing.

2021-08-06T10:41:11Z
author avatar
Top 5Real User

There is a shortage of skilled individuals with knowledge about the solution. There should be more training programs to teach and enable users get familiar.

2021-07-17T03:01:11Z
author avatar
Top 20Real User

The technical support can be improved a little bit, and the price could be cheaper.

2021-07-15T07:35:31Z
author avatar
Top 5LeaderboardMSP

The implementation of the solution's technology needs to be simplified. It is overly complex. The integration also must be simplified. The licensing is also overly complex, as there is a need to buy the work load performance monitoring separately. These are the different modules we need to buy. IBM does not provide a combined, combo suitor solution which the customer can easily look at. The multiple functionalities are segmented and do not allow for an idea which is complete. It makes it difficult for us to do a realistic comparison with other products. I hope that others follow suit.

2021-07-13T02:01:26Z
author avatar
Top 20Real User

As per Gartner, maybe the price makes it so that the customers are not going for IBM QRadar. It's a little bit pricey compared to other solutions in the market. More or less that's the area that needs to be improved. That's usually the main concern that we receive from the customers - that it's a little bit pricey. That's the only thing I can say. The custom rules could be simplified more or it should be possible to use a different language, other than the ones that the solution is already using. They should add other languages into the mix. You need some advanced customers in order to use the custom rules or to use their rules in order to configure the IBM QRadar in a proper way. Usually, they find it very difficult, especially if they don't have the experience. Sometimes it works and catches whatever we want, however, sometimes it doesn't work. That's in rare cases, however, that's one thing that they need to maybe enhance.

2021-06-24T13:07:45Z
author avatar
Top 20Real User

In terms of what could be improved, I would say the script which we have to create for custom actions. QRadar needs to improve that feature. Additionally, QRadar has to provide the playbooks designing features.

2021-06-08T18:53:00Z
author avatar
Real User

The solution should enhance its capabilities of UEBA and AI/ML tech modeling.

2021-06-08T12:03:00Z
author avatar
Real User

This solution is on-premise and many customers are moving to the cloud base solution.

2021-06-04T12:28:39Z
author avatar
Top 5LeaderboardReal User

SOAR is what is expected the most from QRadar. They have something called SOAR Resilient, and it would be great if that gets induced in SIEM. IBM QRadar (as well as McAfee ESM) should have analytics platform integration. Currently, SIEMs don't have full-fledged integration with analytics where we are able to dump our data in SIEM, and the same data can be called from different analytics applications. We should be able to bring this data to a platform like Hadoop for big data and run the analytics there. Currently, people are seeing the past data and taking some actions in the present, but when it comes to analytics, there should be futuristic data where you can predict something out of your present and past data. Apart from that, I would like to see a full-fledged ITSM tool in QRadar. It sometimes has some technical issues that need to be checked. It requires a dedicated QRadar engineer to completely manage it. It has different module sets, such as event collector and event processor, and some technical glitches come in between. It takes the log but doesn't exactly process it in the way we want. If its pricing can be reduced, it would help a lot of customers in bringing in a new SIEM environment.

2021-05-15T12:05:17Z
author avatar
Top 5LeaderboardMSP

IBM is going through some problems with its resources currently making its support response time slow.

2021-04-16T09:36:53Z
author avatar
Top 5LeaderboardReal User

Since we have not used the solution very long my information is limited when it comes to improvements. I have noticed the interface has room for improvement.

2021-03-05T20:13:36Z
author avatar
Top 5LeaderboardReal User

When it comes to what could be better, it is always what others are trying to do and what is the roadmap. It can have more integration. It should have more flexible RESTful APIs for integration with applications. These are the things that are always in demand for any of the SIEM solutions, not only for QRadar. Integration is ever-evolving. Nowadays, different versions of mobile handsets are there and data is getting scattered. Users are using their personal handsets to keep the data of the organization. So, it should have a more flexible integration, irrespective of the flavor of the firmware and iOS or Android version. It should have an API that can seamlessly get integrated. It should also provide more flexible control and a more advanced or analytical view to see what exactly is happening across the globe or network. From wherever a user is connecting and accessing the enterprise data, it should give real-time visibility and predictive visibility about what exactly is happening. These things are already there, but there should be more advanced control in terms of managing the security.

2021-03-05T17:23:52Z
author avatar
Real User

There needs to be better integration with other applications.

2021-02-19T06:14:15Z
author avatar
Top 20Real User

The modularity could be improved.

2021-02-11T16:07:00Z
author avatar
Top 20Reseller

The performance of the solution could be improved. Right now, it's the weakest aspect. I wish it was better. Technical support could be improved by a bit.

2021-02-10T18:53:33Z
author avatar
Real User

The support process needs to be improved. Every SIEM solution has issues with plugins, as they have to connect to different log systems. It can affect security, infrastructure, and other things. IBM should continue to expand its database and cover as many systems as possible.

2021-01-26T21:23:14Z
author avatar
Top 5LeaderboardMSP

Right now, if you look at the compatibility, if you need to deploy QRadar in a physical appliance you have only two choices of server, their own or a Lenovo server. In today's world, you cannot keep something tied to such a big brand. Clients want to be able to use whatever type of server they want. It's very limiting for many. You need that flexibility to deploy on any Intel platform. IBM doesn't have people in every corner of the world. Oracle, for example, is actively training and certifying people so that companies will have access to local connections. IBM is lacking this, and therefore it can be difficult to get qualified support when a customer needs it. They should try to replicate the Oracle approach to training and certifications.

2021-01-26T10:22:50Z
author avatar
Top 5LeaderboardReal User

They should speed up the incident response and also, at the same time, reduce the amount of manual effort that is required. A nice enhancement would be the incorporation of more artificial intelligence and machine learning capabilities.

2021-01-24T15:38:21Z
author avatar
Top 20Real User

The features that could be improved include the licensing model and the dashboards and all those presentations. Overall, the user experience part can be improved. Additionally, the coverage, the connectors, and the flex connectors for legacy systems and other aspects could be improved. This is something they can work on and improve.

2021-01-24T11:57:00Z
author avatar
Top 20Real User

There are a lot of things they are working on and a lot of technologies that are not yet there. They should probably work out a better reserve with their ecosystem of business partners and create wider and more in-depth qualities, third-party tools, and add-ons. These things really give immediate business value. For instance, there are many limitations in using SAP, EBS, or Micro-Dynamics. A lot of things that are happening in those platforms could also be monitored and allowed from the cybersecurity risks perspective. IBM might be leaving this gap or empty space for business partners. Some larger organizations might already be doing this. It would be very nice if IBM can make some artificial intelligence part free of charge for all current QRadar users. This would be a big advantage as compared to other competitors. There are companies that are going in different directions. Of course, you can't do everything inside QRadar. In general, it might be very good for all players to provide more use cases, especially regarding data protection and leakage prevention. There are some who are already doing some kind of file integrity or gathering some more information from all possible technologies for building anything related to the user and data analysis, content analysis, and management regarding the data protection.

2021-01-14T14:07:47Z
author avatar
Top 20Real User

Some of the cloud apps need improvement. In the next release, I would like to see improving the stability of some of the add-on applications.

2021-01-12T16:38:34Z
author avatar
Top 5LeaderboardReal User

I don't look at only the features and benefits; I also look at the price. It is a bit expensive when compared with other solutions. It is expensive for specific deployment topologies, and the decision-makers go for alternatives like ArcSight. It should also have more AI features or capabilities for better threat intelligence. The more it uses machine learning, the better would be the dashboard, analytics, and other things.

2020-12-24T16:58:24Z
author avatar
Top 20Real User

I'm not sure if there are any features missing from the solution. It's pretty complete. The pricing of the solution is a bit high. If they could lower it, that would be ideal.

2020-12-19T07:31:11Z
author avatar
Top 10Real User

The threat intelligence functionality can be better. In addition, it can have more monitoring capabilities.

2020-12-17T01:08:54Z
author avatar
Real User

In terms of where it could be improved, this includes its forensics, incident response, and security operation center features. Additionally, some also struggle with the rules. We need more features in order to create rules to detect or to meet some requirements for other areas, such as catching the event from other authentication tools, like in Okta, for example. In some cases, I have issues because some tools are not integrated in QRadar, such as other tools similar to DLP (Data Loss Prevention). We need to create all the integrations manually because they are not integrated in QRadar. We have a problem, for example, because they have Symantec DLP integrated in QRadar, however, it is not working because it's not detected automatically. It is not converting all the columns, but we do have the option to create manually. This is not difficult because it's very clear in the procedures.

2020-12-10T17:37:00Z
author avatar
Top 5LeaderboardReal User

QRadar needs to be more specialized, along the lines of what other SIEM solutions are. It needs to be more detailed. Incorporating an AI component is needed, where the learning feature identifies malicious activities coming into the network. The GUI and reporting need to be improved. The footprint needs to be optimized because the application footprint is too heavy. The machine requires a very high amount of resources.

2020-12-04T14:16:02Z
author avatar
Real User

The user interface is a bit difficult to get used to. Once you do, it's not difficult.

2020-11-30T14:46:28Z
author avatar
Top 20Real User

A lot of information that we receive for the devices is IP-based, but it would help if we could have a default dashboard in which we can add more details about the assets for which we are receiving the information. For example, if it is a Windows or Linux device, we only get the IP for that particular device. We don't really get the name and other details of that particular device. For that, you have to drill down into your own asset management system. It would be good to have a place where we can probably add this information so that we don't have to look into other tools.

2020-11-27T11:20:17Z
author avatar
Real User

I really didn't like QRadar to be honest. I inherited it. I was part of the reason that we moved over to LogRhythm. The solution just isn't user friendly. The solution is clunky. The interface could be much better. The integration capabilities within the product are not that great.

2020-11-25T19:59:57Z
author avatar
Real User

We have had problems with networking.

2020-11-16T12:57:27Z
author avatar
Top 20Real User

One thing one has to be aware is that qRadar doesn't have a standard UI style, but older (clunkier) and newer (more modern and easy to use) screens. The QRadar UI involves a lot of clicks and pop-ups to get where you want, which is certainly not the best UX, but isn't totally a pain also. Although it's a bit difficult to navigate through screens at first, the UX is pretty good once you learn the "qRadar way", which takes about a few weeks to master.

2020-11-13T11:30:59Z
author avatar
Top 20Reseller

The initial setup requires that you have somebody with the proper skill set, and it would help if the configuration were easier.

2020-11-11T16:49:23Z
author avatar
Top 5Real User

I would still like to see a better GUI. improvements have been made but there still a way to go. There are pretty annoyances like clicking out of a rule setup and instead of going back to search results in the rules, with the rule you selected still highlighted, you get the whole list without your search. Start again. In the new lig source management app if you have a large number of log sources typing a name to filter them by is Java Hell, the high overhead of JIT compiled code means that even two fingered carpal tunnel afflicted users can outpace the type ahead buffer, leaving random intermediate characters on the floor. Needless to say that makes managing log sources sometimes annoying. You can always cut and paste to go around this, but hey for 5 or 6 figures in hardware and software, it aught to keep up with my typing. But to be fair, these kinds of things are dwarfed by it's awesome ability to ingest and correlate tortured use cases of mind boggling complexity, which is what you REALLY need your SIEM to do. That, QRadar does better than anyone else.

2019-12-05T02:59:00Z
author avatar
Real User

We would like to see better instrumentation for debugging changes in the log flow.

2019-07-31T02:22:00Z
author avatar
Real User

There are reports that I would like to generate that are either not included, or I cannot find. If there is no report for information that needs to be presented then it is one of the biggest issues for the customer. The ticketing system is not fully automated and needs to be improved. There should be an easier permission level that basic users can use to create reports. The users include both end-customers and the technical team. The pricing needs to be such that they are more competitive with other vendors.

2019-06-16T07:23:00Z
author avatar
Real User

The interface is very old. IBM should remake it into a more modern interface. I think this is the only thing they should improve on. Another feature that would be nice is if it's possible to integrate some of the application style and configuration that is currently not easy to set up in the product. If it's possible to do that, it would be a major improvement. In fact, I never got a road map to bring you from zero to the end. There should be information everywhere, from YouTube to any other places. It was very complicated to organize all the information in my head.

2019-06-13T12:36:00Z
author avatar
Real User

There is a lot of manual configuration required in order for the product to run smoothly, and I think that it could be made more automatic. There is no need for so much manual configuration. For example, it should be able to automatically create at least some of the rules that are suitable for our environment. The solution has a good user interface, but it could be further developed. I have used other products that are more user-friendly. I would rate the user interface a six out of ten.

2019-06-13T12:36:00Z
author avatar
Top 20Real User

It is very difficult to activate all of the network equipment, and it would help if it were made easier. I would also like to see more integration with new devices.

2019-06-06T08:18:00Z
author avatar
Real User

The tool is very complicated. One place for improvement would be to have a more user-friendly interface. Having better support in Spanish would be cool.

2019-04-29T07:11:00Z
author avatar
Real User

There is one problem with QRadar in regards to the add-on apps. The apps can be frustrating. For example, when I add a big app like one of the add-ons for resiliency, add-on applications for QRadar, these applications require different hardware to implement and to deploy. The resiliency connector because there's a considerable amount of data scanning, operates for these apps correctly. Acquiring these add-on apps for QRadar is very expensive. This is one of the difficulties that we are facing with the QRadar.

2019-04-29T07:11:00Z
author avatar
Real User

With the transition to a modern IT operation center, I think that many of the devices are going to be mobile. Somebody may not be at the NOC (Network Operations Center), data center, or SOC (Security Operations Center). If anybody from the non-security team or the NOC team has to receive an active alert, it should be enabled in multiple channels. Ideally, we would like a mobile version so that any alert that comes in will notify us in a mobile app, or by using SMS integration. We are working on these things internally, but I think that these are some of the things that you're expecting from this product.

2019-04-17T08:37:00Z
author avatar
Real User

It needs more resilience and functionality.

2019-04-17T08:37:00Z
author avatar
Consultant

I can't see any need for service improvements because I feel it's easy to use and very functional as it is. There could be improvements made to the UI, the user interface. Though the newer version, 7.3.2, might already have this improvement in place.

2019-04-17T08:37:00Z
author avatar
Top 20Real User

The quoting and the dashboard session could be improved. It should be more user-friendly. Otherwise, the overall functionality of IBM QRadar is superb. A better GUI and reporting both would be good additions to the product.

2019-04-11T06:16:00Z
author avatar
Reseller

It would be good if the program allowed certain profiles to only see certain customer information.

2019-03-31T09:41:00Z
author avatar
Real User

The product is good, but one feature they should have is an Elasticsearch. Currently, in QRadar, there are no Elasticsearch criteria. Elasticsearch is a very fast search engine. IBM should consider it as part of QRadar. Currently, QRadar has a very slow search. If I search previous months' data it stops.

2019-03-28T08:19:00Z
author avatar
Real User

I would like for them to lower the price.

2019-03-28T08:19:00Z
author avatar
Consultant

The user guide is not readily available. I would suggest the support or technical team release a PDF guide, like Splunk, SolarWinds, or ArcSight. This will be good for consultants or whomever is using QRadar. This would be really helpful. I have searched on a lot on sites, but I have not found a single PDF containing everything. Our consultants are taking too much time understanding the product's technical aspects. They could arrange a demo on their website so user who register may use WebEx or any type of meeting invitation, and the support team could give a demo. Having hands-on technology is important. We lost a few clients, because they asked us, "Do you have hands-on QRadar?" At that time, we said, "No, but we will cover it." Due to this, we didn't get the project. Clients wants consultants who are certified in QRadar. Even after completing the certification as a QRadar deployment professional, I would suggest QRadar release any documentation or give an online demo, like videos on YouTube. It would increase publicity and public appeal.

2019-03-19T10:11:00Z
author avatar
Top 5Real User

The API integration for AD is a problem when it comes to vulnerability management. If you want to incorporate multiple factor authentication it becomes a problem with the AD. It doesn't integrate well. That needs to be improved. The configuration steps are not easy to follow compared to NetWitness.

2019-03-10T16:43:00Z
author avatar
Real User

If IBM provides me with a better service or better options than Palo Alto, I would remain with IBM. As for my knowledge, I recently evaluated Palo Alto that has better security features, especially for a client's email. Before we didn't have any security issues but recently a few of the user emails were hacked. We had to actually recreate their emails for them. If IBM could give us a complete package of on-cloud solutions, firewall, antivirus, and also mobile security, that would make it a lot better. Nowadays people are using mobile and tablets, rather than laptops or computers. We get updates from IBM directly but then the users have to update. There are challenges where sometimes if we update the client's system, it takes a lot of time to update.

2019-03-06T07:41:00Z
author avatar
Real User

The first area for improvement is the cost. It's a little bit too expensive for us. Also, initially it was difficult to understand or to grasp, but once you get the hang of it is easier to understand and to analyze. So the main problems are its cost, the maintenance cost, and the fact that it takes some time to learn how to use it. In terms of additional features, a mobile app would be nice. Also, the reporting is definitely okay, but you have to make sure that everybody with different roles can understand it. There is room for improvement in the reporting.

2019-03-06T07:40:00Z
author avatar
Real User

They should introduce some automation into the product.

2019-02-27T08:57:00Z
author avatar
Consultant

They should provide more manual examples online so that I can learn it myself. The dashboard also needs improvement.

2019-02-26T08:25:00Z
author avatar
Reseller

I think QRadar is very complex. It's a distributed system and IBM QRadar has an all-in-one solution which is not like that distributed solution but it's a good product. IBM needs to consider the user interface because if we compare it with AlienVault, the AlienVault user interface is fantastic but the IBM QRadar user interface is very complex. They should focus on how to make it easier for the client. IBM has everything you need in a cybersecurity solution. If you want to build a cybersecurity operation center version then I think QRadar is a perfect solution.

2019-02-25T08:45:00Z
author avatar
Real User

I don't think this is the best solution on the market because it takes much longer than ArcSight, for example, which provides more flexibility and capability to create much more complex use cases. Other tools provide more valuable things that you can do for the active channel. I would like for them to develop out of the box content that doesn't require too much customization. Most of the out of the box we get from it requires too much customization. I would also like to see dynamic filters and better cross-integration between functions.

2019-02-07T12:28:00Z
author avatar
Reseller

I would like for them to develop a detection management solution. It does not have a detection management solution in it, you have to buy it as it is, on top of the extended solution.

2019-02-03T08:35:00Z
author avatar
Top 20Real User

There are some weaknesses with the QRadar Risk Manager. It has some weaknesses because of the connectivity with other vendors. It is limited. There are some vendors that you cannot connect QRadar Risk Manager with, so we you cannot get the maximum benefit of the product.

2018-11-15T07:11:00Z
author avatar
Top 20Real User

They have introduced a lot of different suite of products and functionalities and that sometimes leads to confusion among the customers. There are a lot of options to provided and then I need to decide, what is my requirement, and what is my desire. I may be tempted to have a particular feature, but I have to decide whether it is relevant or not.

2018-10-29T15:46:00Z
author avatar
Real User

There are other solutions out there that have made it app based. They have a lot of apps available and they are readily integrated with other tools, as well.

2018-10-04T17:27:00Z
author avatar
LeaderboardConsultant

It is not a user-friendly program. It is a very glorified Excel program. I would love to see a more user-friendly version in a future rollout. In addition, the management services team needs some improvement. They are, at times, confused with our requests.

2018-09-09T05:40:00Z
author avatar
User

* Data encryption * Flow encryption * Third-party compliance * Its architecture is very complicated. * Its hardware is Lenovo-based.

2018-09-04T02:41:00Z
author avatar
Vendor

* Slow response sometimes and a not-so-helpful staff there. So make the support better, and you could succeed even more. * The released patch quality is poor. IBM should test those patches on their side, not on the client's side. So, there are a lot of improvement to do. * I would appreciate if IBM could create another more intuitive, easier way (intuitive UI) to perform advanced searches rather that just counting on regular expressions.

2018-08-30T10:51:00Z
author avatar
Reseller

The architecture could be improved. I got stuck for a long time trying to understand the architecture, as it is quite challenging.

2018-07-22T08:31:00Z
author avatar
Real User

QRadar's issue is it needs to add behavioral analytics. The product's behavioral engine is weak. It just uses algorithms. It should an equation that is cursively applied. This will provide true behavior.

2018-06-30T07:18:00Z
author avatar
Real User

The overall workload automation should be built into it. Part of the efficiency side of it is the ability to take the information as it comes in and assign it into a group. Now, the team leader no longer needs to assign it manually. He manages the workflow as it comes in directly to the individuals. Then, the individuals respond on it. As it closes, it goes back to the workflow, recording the amount of time it took for them to close it. It should show: * How long did it take to get assigned? * How long did it take for the person to open it? Then, you can show that a person may have issues opening network problems.

2018-06-29T07:18:00Z
author avatar
Reseller

The user interface needs improvement.

2018-06-28T07:18:00Z
author avatar
Real User

Keep up with more apps. They need to continue working with other companies to develop apps for integrations. Yes, they currently have 192 apps, but that number is nowhere near the number of security products on the market. That means if your company has a product that is not in the application list then you just have to work a little harder to pull the data you need from the log source. I'm not against hard work, I'm just trying to work smarter and faster. Time is money, so saving time without compromising the end product is a win for everyone. It would reflect well for IBM because it would show they understand the customers’ needs and it would reflect well internally because we would be able to present cleaner dashboards and reports without hours or days devoted to building them.

2018-06-28T06:31:00Z
author avatar
Real User

* User/identity modeling needs improvement. However, it seems that they are already focusing on that. * Needs better visualization options beyond the time series charts and a few other options that they have.

2018-06-26T12:31:00Z
author avatar
Real User

For the common needs of clients to fulfill requirements, a real integration with Blueworks Live (BPA modeling tool also from IBM) and a more suitable BPM on cloud solution for midsize customers.

2018-06-26T12:31:00Z
author avatar
Real User

QRadar needs to be improved on the storage side, particularly when the disc exceeded the maximum threshold.

2018-06-12T12:14:00Z
author avatar
Consultant

The tool is already automated in many ways, but there are some additional functions which should be automated, like sending an email, mobile notification, and integration of XFS.

2018-06-12T12:14:00Z
author avatar
Real User

QRadar log integration of various applications can be a tough job at times. There may be occasions when you will not find any QRadar guide on adding logs of a particular application. Even if you come across one, adding a log process is not an easy one. Plus, it is also vulnerable because the ports used to integrate those log sources with QRadar are well-known and most of them are vulnerable ones.

2018-06-11T10:36:00Z
author avatar
Consultant

The weak signal detection with QRadar needs improvement. You can detect what you know, but what is unknown to the rule engine can't be detected, similar to a base rule of SIEM.

2018-06-11T06:45:00Z
author avatar
Real User

The implementation and configuration are not easy. We would like to see user behavior analysis in the next release. IBM claims they have this feature, but I do not see it as mature as in Splunk.

2018-06-03T09:17:00Z
author avatar
Reseller

I would like to see a more user-friendly product. I would like them to make it much more user-friendly. At this stage, you need to use a lot of widgets to do your searches. To advance searches, you must do a lot of Regex expressions.

2017-04-05T06:02:00Z
author avatar
Top 20Consultant

Artificial Intelligence is superb, QRadar correlate the events smartly and remove the same events but need improvements.

2017-03-30T06:20:00Z
Learn what your peers think about IBM QRadar. Get advice and tips from experienced pros sharing their opinions. Updated: November 2021.
552,136 professionals have used our research since 2012.