We performed a comparison between IBM Security QRadar and Sentinel based on real PeerSpot user reviews.
Find out in this report how the two Security Information and Event Management (SIEM) solutions compare in terms of features, pricing, service and support, easy of deployment, and ROI."It has basic out-of-the-box integrations with multiple log sources."
"The dashboard that allows me to view all the incidents is the most valuable feature."
"The automation feature is valuable."
"The main benefit is the ease of integration."
"Free ingestion for Azure logs (with E5 licence)"
"Sentinel uses Azure Logic Apps for automation, which is really powerful. This allows us to easily automate responses to incidents."
"Microsoft Sentinel comes preloaded with templates for teaching and analytics rules."
"Microsoft Sentinel enables you to ingest data from the entire ecosystem and that connection of data helps you to monitor critical resources and to know what's happening in the environment."
"The interface is good."
"Provided that the report is prebuilt and I can find what I am looking for, the reporting is the most valuable feature in this solution."
"It is a very good SIEM."
"The best part of this solution is having a third-party SOC."
"The support is very good. We get support whenever we need it. Sometimes they respond immediately and sometimes it will be within 24 hours. We can ask them to please do it right away and they can get a request done within an hour or two."
"It protect us from multiple authentication values, unauthorized access and antivirus threats."
"It's user-friendly when compared to other products."
"The scalability is awesome, because QRadar includes other solutions in the same console."
"The native integration with out-of-the box format is hassle free and allows data to be used advantageously."
"The most valuable feature is the flexible log for identifying security threats inside an application. Sentinel is very good at this."
"Sentinel gave us logs to tell us what's going right and wrong in your environment so we could secure the network."
"It makes everything easier by automating some tasks and growing with our needs."
"The most valuable feature of this solution is that it provides a central locking system for many event sources."
"One of the most valuable features is the business intelligence engine. It's very important because it keeps track of everything that's happening and alerts us if something is different than expected. The first time I used it, I was shocked at how well it performed. Another valuable feature that I think makes this product worth the price you pay for it is that it connects to basically every system that provides some form of logging, and it's very easy to set up what triggers this."
"The stability is phenomenal and we never had any issues with downtime or even had to restart."
"The most valuable feature of Sentinel is the dashboard."
"The troubleshooting has room for improvement."
"Microsoft Sentinel should provide an alternative query language to KQL for users who lack KQL expertise."
"It could have a better API to be able to automate many things more extensively and get more extensive data and more expensive deployment possibilities. It can gain some points on the automation part and the integration part. The API is very limited, and I would like to see it extended a bit more."
"I would like to see more AI used in processes."
"The solution should allow for a streamlined CI/CD procedure."
"Sometimes, it is hard for us to estimate the costs of Microsoft Sentinel."
"We are invoiced according to the amount of data generated within each log."
"I believe one of the challenges I encountered was the absence of live training sessions, even with the option to pay for them."
"The user interface is a bit difficult to get used to."
"The solution can be improved by lowering the cost and bettering their technical support."
"I would like to see some artificial intelligence and alternative solutions."
"The features that could be improved include the licensing model and the dashboards and all those presentations. Overall, the user experience part can be improved."
"Ideally we would like a mobile version so that any alert that comes in will notify us in a mobile app, or by using SMS integration."
"This solution is on-premise and many customers are moving to the cloud base solution."
"Technical support really needs to be improved. Right now, they aren't where they need to be at all."
"Whenever we are upgrading or installing any type of patch, at that time we have some delays."
"I would like to see a better reporting work structure on the dashboard."
"It is an ancient product."
"The solution does not allow outsourced authorizations."
"I rate Sentinel a six out of ten for scalability."
"Log source integration with Sentinel needs to be improved."
"Creating a drag-and-drop dashboard or workbook in Sentinel is a little more complex compared to other tools like LogRhythm and IBM QRadar."
"There is no integration in the web-side of the tool."
"There is a need for more flexibility in customization, especially when working with different vendors and platforms."
IBM Security QRadar is ranked 4th in Security Information and Event Management (SIEM) with 198 reviews while Sentinel is ranked 18th in Security Information and Event Management (SIEM) with 16 reviews. IBM Security QRadar is rated 8.0, while Sentinel is rated 7.6. The top reviewer of IBM Security QRadar writes "A highly stable and scalable solution that provides good technical support". On the other hand, the top reviewer of Sentinel writes "An automated solution that helped me detect threats in less than half the time it used to take". IBM Security QRadar is most compared with Splunk Enterprise Security, Wazuh, LogRhythm SIEM, Elastic Security and Fortinet FortiSIEM, whereas Sentinel is most compared with Splunk Enterprise Security, Google Chronicle Suite, Wazuh, LogRhythm SIEM and ArcSight Enterprise Security Manager (ESM). See our IBM Security QRadar vs. Sentinel report.
See our list of best Security Information and Event Management (SIEM) vendors.
We monitor all Security Information and Event Management (SIEM) reviews to prevent fraudulent reviews and keep review quality high. We do not post reviews by company employees or direct competitors. We validate each review for authenticity via cross-reference with LinkedIn, and personal follow-up with the reviewer when necessary.