We performed a comparison between IBM Security QRadar and ManageEngine EventLog Analyzer based on real PeerSpot user reviews.
Find out in this report how the two Log Management solutions compare in terms of features, pricing, service and support, easy of deployment, and ROI."We’ve got process improvement that's happened across multiple different fronts within the organization, within our IT organization based on this tool being in place."
"We didn't have anything similar. So, it really provides value from the incidents and automation point of view. The overview of the security fabric is most valuable."
"Sentinel is a SIEM and SOAR tool, so its automation is the best feature; we can reduce human interaction, freeing up our human resources."
"Sentinel uses Azure Logic Apps for automation, which is really powerful. This allows us to easily automate responses to incidents."
"The Log analytics are useful."
"Log aggregation and data connectors are the most valuable features."
"The product can integrate with any device."
"Microsoft Sentinel provides the capability to integrate different log sources. On top of having several data connectors in place, you can also do integration with a threat intelligence platform to enhance and enrich the data that's available. You can collect as many logs and build all the use cases."
"It allows us to search data both on-premises and on the cloud."
"The tool helps with infrastructure, application, and network monitoring."
"No doubt about it, the solution is extremely stable."
"Senses, tracks, and links significant incidents and threats."
"The best part of this solution is having a third-party SOC."
"Overall a great solution."
"The solution can scale."
"It showed us where weaknesses were in our environment, so we could actively target those patches first."
"The tool's reports show activities."
"The initial setup is straightforward"
"The most valuable features of ManageEngine EventLog Analyzer are the number of capabilities, file integration monitoring, web server log collection, and alert configuration."
"I have made use of technical support and am certainly very satisfied with them."
"It's one of the easiest products. It's very simple to use."
"The user interface is very good."
"It is stable."
"ManageEngine EventLog Analyzer is easy to gather reports to give to management. My supervisor has access to the solution and he enjoys the graphs."
"The only thing is sometimes you can have a false positive."
"If you're looking to use canned queries, the interface could be a little more straightforward. It's not immediately intuitive regarding how you use it. You have to take a canned query and paste it into an operational box and then you hit a button... They could improve the ease of deploying these queries."
"The built-in SOAR is not really good out-of-the-box. The SOAR relies on logic apps and you almost need to have some kind of developer background to be able to make these logic apps. Most security people cannot develop anything..."
"Some of the data connectors are outdated, at least the ones that utilize Linux machines for log forwarding. I believe that Microsoft is already working on improving this."
"I would like to be able to monitor applications outside of the Azure Cloud."
"Microsoft should improve Sentinel, considering that from the legacy systems, it cannot collect logs."
"If their UI was a bit more streamlined and easy to find when I need it, then that would be a great improvement."
"Sentinel could improve its ticketing and management. A few customers I have worked with liked to take the data created in Sentinel. You can make some basic efforts around that, but the customers wanted to push it to a third-party system so they could set up a proper ticketing management system, like ServiceNow, Jira, etc."
"The product is good, but one feature they should have is an Elasticsearch. Currently, in QRadar, there are no Elasticsearch criteria."
"I would like for Yara to be supported by all components."
"There should be easier and wider integration opportunities. There should be more opportunities for integration with CTI info sharing areas. On platforms where you exchange CTI, there should be more visibility connected to what we share, what we can reach, or what options are connected to CTI info sharing. This is one area where they could add value because we cannot integrate it easily with QRadar. If a client has a legacy or already existing solutions for CTI, we cannot ask them to forget it because we cannot guarantee that QRadar is able to deliver everything connected to this area."
"It doesn't have a SOAR system by default. You need to purchase it additionally, which is the main problem with QRadar."
"I need a solution which will send alerts in the event of any behavior."
"The biggest problem was built on top of the QRadar in the executive operations center network. The integration was not using the network security specialist properly, and all the incidents were inferior with QRadar. Its compatibility is not really good."
"I don't look at only the features and benefits; I also look at the price. It is a bit expensive when compared with other solutions. It is expensive for specific deployment topologies, and the decision-makers go for alternatives like ArcSight. It should also have more AI features or capabilities for better threat intelligence. The more it uses machine learning, the better would be the dashboard, analytics, and other things."
"The advanced planning management (APM) features should be included."
"The customization of reports could be a lot easier. It is not difficult but it could be made easier."
"There isn't good security integration when it comes to cybersecurity. The correlation of logs isn't so simple."
"The first tier of customer service and support is not great."
"The scalability is limited."
"There's a lot to improve in terms of connectivity. Currently, we're utilizing it across various infrastructures and environments, including others' cloud. However, connecting it to our infrastructure and integrating it with some of our SMAX solutions poses difficulties."
"The solution is stable. However, there are limits. For example, we can do 2,500 Syslog events per second, but if we want to do more we have to install the distributor structure, and then we can expand how many events we can do. They could improve the stability."
"It may not be as easy to use as Splunk."
"What I'd like to see as an improvement to ManageEngine EventLog Analyzer is for it to be more AI-driven. Having more automation would also make the solution better."
More ManageEngine EventLog Analyzer Pricing and Cost Advice →
IBM Security QRadar is ranked 6th in Log Management with 198 reviews while ManageEngine EventLog Analyzer is ranked 21st in Log Management with 11 reviews. IBM Security QRadar is rated 8.0, while ManageEngine EventLog Analyzer is rated 7.6. The top reviewer of IBM Security QRadar writes "A highly stable and scalable solution that provides good technical support". On the other hand, the top reviewer of ManageEngine EventLog Analyzer writes "Modular software that seamlessly integrates with other applications and provides good technical support". IBM Security QRadar is most compared with Splunk Enterprise Security, Wazuh, LogRhythm SIEM, Elastic Security and Sentinel, whereas ManageEngine EventLog Analyzer is most compared with ManageEngine Log360, Fortinet FortiAnalyzer, Wazuh, SolarWinds Kiwi Syslog Server and SolarWinds Log Analyzer. See our IBM Security QRadar vs. ManageEngine EventLog Analyzer report.
See our list of best Log Management vendors and best Security Information and Event Management (SIEM) vendors.
We monitor all Log Management reviews to prevent fraudulent reviews and keep review quality high. We do not post reviews by company employees or direct competitors. We validate each review for authenticity via cross-reference with LinkedIn, and personal follow-up with the reviewer when necessary.