We performed a comparison between IBM Security QRadar and Zabbix based on real PeerSpot user reviews.
Find out what your peers are saying about Splunk, Microsoft, Wazuh and others in Security Information and Event Management (SIEM)."There are some very powerful features to Sentinel, such as the integration of various connectors. We have a lot of departments that use both IaaS and SaaS services, including M365 as well as Azure services. The ability to leverage connectors into these environments allows for large-scale data injection."
"The UI-based analytics are excellent."
"The data connectors that Microsoft Sentinel provides are easy to integrate when we work with a Microsoft agent."
"Its inbuilt Kusto Query Language is a valuable feature. It provides the flexibility needed to leverage advanced data analytics rules and policies and enables us to easily navigate all our security events in a single view. It helps any user easily understand the data or any security lags in their data and applications."
"Sentinel has features that have helped improve our security poster. It helped us in going ahead and identifying the gaps via analysis and focusing on the key elements."
"Previously, it was a little bit difficult to find where an incident came from, including which IP address and which country. So in Sentinel, it's very easy to find where the incident came from since we can easily get the information from the dashboard, after which we take action quickly."
"The main benefit is the ease of integration."
"I believe one of the main advantages is Microsoft Sentinel's seamless integration with other Microsoft products."
"The features that I have found most valuable in QRadar are its data enrichment, use case creations, and adding references - those kinds of features are very good. Also QRadar's event filtration and device integration are perfect."
"The playbook engine is flexible and allows for the graphical visualization of processes, enabling the implementation of dynamic playbooks for incident response or testing."
"The support is very good. We get support whenever we need it. Sometimes they respond immediately and sometimes it will be within 24 hours. We can ask them to please do it right away and they can get a request done within an hour or two."
"It has improved my efficiency."
"Overall a great solution."
"It provides many options for searching. I can see devices from different vendors, like Cisco, in one interface, which is good for me."
"The most valuable thing about QRadar is that you have a single window into your network, SIEM, network flows, and risk management of your assets. If you use Splunk, for instance, then you still need a full packet capture solution, whereas the full packet capture solution is integrated within QRadar. Its application ecosystem makes it very powerful in terms of doing analysis."
"There are a lot of great out-of-the-box features included."
"It meets my organizational needs. It's pretty easy to use."
"The initial setup, while not simple, is easier than other products."
"I have found that the reporting feature in Zabbix is most valuable. Additionally, the solution has given us bandwidth options, we are able to see where problems are. For example, we noticed a problem that occurred because of a bad interface going in the wireless VLAN."
"The most valuable features of Zabbix are flexibility and a single interface for different types of monitoring."
"It has improved our server performance monitoring overall. We know right away when there are problems. It has built-in statistics, so we can go back and see if there's spiking. We can check what's happening every day around the same time and check the configuration to see if there's something that's running and needs to be fixed."
"We use Zabbix to monitor our organization's IT infrastructure and workstations. We don't use Microsoft Intune since it's expensive. The tool's real-time alerting system has proved crucial for us, particularly when a new device joins a network that is not one of our own devices. It notifies us about the presence of this new device, allowing us to investigate further. Additionally, it alerts us about disk usage, memory usage, and the software installed on the machine."
"The most valuable feature is network traffic monitoring."
"The overall functionality of Zabbix is very good. The monitoring of bank applications that Zabbix provides is great. The information is displayed on a dashboard that is easily viewed."
"They're giving us the queries so we can plug them right into Sentinel. They need to have a streamlined process for updating them in the tool and knowing when things are updated and knowing when there are new detections available from Microsoft."
"The solution could improve the playbooks."
"Sentinel should be improved with more connectors. At the moment, it only covers a few vendors. If I remember correctly, only 100 products are supported natively in Sentinel, although you can connect them with syslog. But Microsoft should increase the number of native connectors to get logs into Sentinel."
"I would like to be able to monitor applications outside of the Azure Cloud."
"We'd like to see more connectors."
"Add more out-of-the-box connectors with other SaaS platforms/applications."
"They should integrate it with many other software-as-a-service providers and make connectors available so that you don't have to do any sort of log normalization."
"Its implementation could be simpler. It is not really simple or straightforward. It is in the middle. Sometimes, connectors are a little bit complex."
"The threat detection needs improvement, they have many false positives."
"I think that the search speed of this solution could be improved."
"The solution is clunky."
"The API integration for AD is a problem when it comes to vulnerability management. If you want to incorporate multiple factor authentication it becomes a problem with the AD. It doesn't integrate well. That needs to be improved."
"I don't give it a 10 because it is something we have to request. I would love it if UBA was included out of the box like Microsoft."
"The product is good, but one feature they should have is an Elasticsearch. Currently, in QRadar, there are no Elasticsearch criteria."
"We would like to see better instrumentation for debugging changes in the log flow."
"This solution is on-premise and many customers are moving to the cloud base solution."
"To improve Zabbix, adding more features to support the monitoring of modern workloads like containers would be beneficial."
"I am having difficulties connecting it to Grafana, as well as some of the other plugins like Kibana."
"Outside of the normal standard monitoring, I would like to extend patching, importing patching, and supporting patching for Windows Servers."
"I would like to remotely connect to the computer, and Zabbix doesn't have this capability."
"The product could be more secure and more stable."
"Implementation is always tailored to the customer and the kind of information we need from the client to carry it out can make them very uncomfortable. Sometimes the clients are not ready to share it."
"The event correlation could be better."
"An area for improvement would be the ease of doing aggregation from the value or different devices."
IBM Security QRadar is ranked 4th in Security Information and Event Management (SIEM) with 198 reviews while Zabbix is ranked 1st in Network Monitoring Software with 101 reviews. IBM Security QRadar is rated 8.0, while Zabbix is rated 8.2. The top reviewer of IBM Security QRadar writes "A highly stable and scalable solution that provides good technical support". On the other hand, the top reviewer of Zabbix writes "Allows any number of customizations but lacks functionality for finding root causes". IBM Security QRadar is most compared with Splunk Enterprise Security, Wazuh, LogRhythm SIEM, Elastic Security and Sentinel, whereas Zabbix is most compared with Centreon, Checkmk, SolarWinds NPM, Nagios Core and Nagios XI.
We monitor all Security Information and Event Management (SIEM) reviews to prevent fraudulent reviews and keep review quality high. We do not post reviews by company employees or direct competitors. We validate each review for authenticity via cross-reference with LinkedIn, and personal follow-up with the reviewer when necessary.