We performed a comparison between IBM Security QRadar and ManageEngine Log360 based on real PeerSpot user reviews.
Find out in this report how the two Log Management solutions compare in terms of features, pricing, service and support, easy of deployment, and ROI."Sentinel's most important feature is the ability to centralize all the logs in one place. There's no need to search multiple systems for information."
"The connectivity and analytics are great."
"The in-built SOAR of Sentinel is valuable. Kusto Query Language is also valuable for the ease of writing queries and ease of getting insights from the logs. Schedule-based queries within Sentinel are also valuable. I found these three features most useful for my projects."
"It is easy to implement (turn on) - does need a skilled analyst to develop queries and playbooks."
"Sentinel is a Microsoft product, so they provide very robust use cases and analytic groups, which are very beneficial for the security team. I also like the ability to integrate data sources into the software for on-premise and cloud-based solutions."
"The scalability is great. You can put unlimited logs in, as long as you can pay for it. There are commitment tiers, up to six terabytes per day, which is nowhere close to what any one of our customers is running."
"The initial setup is very simple and straightforward."
"The most valuable feature is the onboarding of the workloads. You can see all that has been onboarded in your account on the dashboards."
"QRadar shows very effective correlations. If you combine all the logins plus user behavior and the current intelligence, it gives a very good correlation for business. I think it reduces the false positives in user activity monitoring because there is a lot of social information to correlate with other data."
"What I like the most about it is that you can very easily install and configure it. As compared to other SIEM solutions, for which you need to know and do a lot more to prepare your SIEM environment, QRadar is much simpler to install and configure. There are various options in the Admin console. In the Admin tab, you can design dashboards and view various graphs. It has a lot of attractive features, and you don't need to configure everything on your own."
"In terms of the most valuable features, the log collections and log processing mechanisms are good. They have good dashboards."
"The best part of this solution is having a third-party SOC."
"It has a lot of good correlation rules. From a customer's point of view, it is one of the best solutions because you don't need to create correlation rules from scratch. You just review them and customize them as you want."
"I have found IBM QRadar to be scalable."
"An engineer can live-monitor all the flow happening in real-time. This would help us a lot while investigating a case, and it would even help us with preventive actions."
"We've found the technical support to be very good."
"It is nice to be able to monitor and to have notifications."
"It is easier to deploy than are other SIEMs, which is great. You can also get an overview of your environment, which is very handy."
"The most valuable features for us are the application logs monitoring and the dashboard, which provides a single-pane view of all the ongoing activities."
"The product is very user-friendly."
"The most valuable feature is that this solution is more secure than others, and there are more applications and features as well."
"The Sharecon feature is the most valuable."
"You can have all of the logs from servers to network and it gets sent out to the correct owners. This is very helpful."
"We haven't had any stability issues."
"The performance could be improved. If I create 15 to 20 lines for a single-use case in KQL, sometimes it takes more time to execute. If I create use cases within a certain timeline, the result will show in .01 seconds. A complex query takes more time to get results."
"We're satisfied with the comprehensiveness of the security protection. That said, we do have issues sometimes where there have been global outages and we need to raise a ticket with Microsoft."
"I would like Sentinel to have more out-of-the-box analytics rules. There are already more than 400 rules, but they could add more industry-specific ones. For example, you could have sets of out-of-the-box rules for banking, financial sector, insurance, automotive, etc., so it's easier for people to use it out of the box. Structuring the rules according to industry might help us."
"One key area that can be improved is by building a strong integration with our XDR platform."
"We are invoiced according to the amount of data generated within each log."
"Sentinel's reporting is complex and can be more user-friendly."
"When we pass KPIs to the governance department, there's no option to provide rights to the data or dashboard to colleagues. We can use Power BI for this, but it isn't easy or convenient. They should just come up with a way to provide limited role-based access to auditing personnel"
"Sentinel still has some anomalies. For example, sometimes when we write a query for log analysis with KQL, it doesn't give us the data in a proper way... Also, the fields or columns could be improved. Sometimes, it is not giving the desired results and there is a blank field."
"AI is superb but need improvements."
"We have had problems with networking."
"Technical support really needs to be improved. Right now, they aren't where they need to be at all."
"You can scale IBM QRadar User Behavior Analytics, but it has room for improvement."
"The solution is clunky."
"The dashboards are all legacy and old."
"IBM is going through some problems with its resources currently making its support response time slow."
"The custom rules could be simplified more or it should be possible to use a different language, other than the ones that the solution is already using. They should add other languages into the mix."
"The matter of the data retention needs to be addressed."
"On the logging system, there's a local on-client side that is encrypted, and there's one that is not encrypted. It is only for diagnostical purposes. However, both being encrypted would be very valuable for some audits."
"It is not expensive compared to other solutions."
"It's difficult to find which conditions have been applied to a report because they are provided by default by ManageEngine. However, with other SIEMs if you want to create a report, they provide details, like which conditions are triggering certain reports. This needs to be there in ManageEngine. It would be good to know which parameter has been applied to the report that is updating the system."
"Most times log sheets are not assigned well."
"There is room for improvement, especially in the reporting aspect. The reports are not as good as those in Splunk."
"Their technical support should be improved."
"It takes a little bit of time for Log360 to actually learn your environment."
IBM Security QRadar is ranked 6th in Log Management with 198 reviews while ManageEngine Log360 is ranked 27th in Log Management with 15 reviews. IBM Security QRadar is rated 8.0, while ManageEngine Log360 is rated 7.2. The top reviewer of IBM Security QRadar writes "A highly stable and scalable solution that provides good technical support". On the other hand, the top reviewer of ManageEngine Log360 writes "Facilitates incident backtracking and identifying the cause of incidents but insufficient intelligence-driven analysis to suppress unnecessary alerts". IBM Security QRadar is most compared with Splunk Enterprise Security, Wazuh, LogRhythm SIEM, Elastic Security and Sentinel, whereas ManageEngine Log360 is most compared with ManageEngine EventLog Analyzer, Wazuh, Splunk Enterprise Security, Fortinet FortiSIEM and Fortinet FortiAnalyzer. See our IBM Security QRadar vs. ManageEngine Log360 report.
See our list of best Log Management vendors, best Security Information and Event Management (SIEM) vendors, and best User Entity Behavior Analytics (UEBA) vendors.
We monitor all Log Management reviews to prevent fraudulent reviews and keep review quality high. We do not post reviews by company employees or direct competitors. We validate each review for authenticity via cross-reference with LinkedIn, and personal follow-up with the reviewer when necessary.