We performed a comparison between IBM Security QRadar and Zabbix based on real PeerSpot user reviews.
Find out what your peers are saying about Splunk, Microsoft, Wazuh and others in Security Information and Event Management (SIEM)."Sentinel enables us to ingest data from our entire ecosystem. In addition to integrating our Cisco ASA Firewall logs, we get our Palo Alto proxy logs and some on-premises data coming from our hardware devices... That is very important and is one way Sentinel is playing a wider role in our environment."
"The native integration of the Microsoft security solution has been essential because it helps reduce some false positives, especially with some of the impossible travel rules that may be configured in Microsoft 365. For some organizations, that might be benign because they're using VPNs, etc."
"Mainly, this is a cloud-native product. So, there are zero concerns about managing the whole infrastructure on-premises."
"The features that stand out are the detection engine and its integration with multiple data sources."
"If you know how to do KQL (kusto query language) queries, which are how you query the log data inside Sentinel, the information is pretty rich. You can get down to a good level of detail regarding event information or notifications."
"Sentinel is a Microsoft product, so they provide very robust use cases and analytic groups, which are very beneficial for the security team. I also like the ability to integrate data sources into the software for on-premise and cloud-based solutions."
"The best feature is that onboarding to the SIM solution is quite easy. If you are using cloud-based solutions, it's just a few clicks to migrate it."
"The pricing of the product is excellent."
"The most valuable features are log monitoring, easy-to-fix issues, and problem-solving."
"It comes with many rules disabled. You can tune them and modify them according to your enterprise needs and avoid false positives."
"When it comes to QRadar, they can do the correlation and not only in networks but also endpoints. This is one of the good features that we have noticed."
"In addition to using this solution for our security operations center, we are using it for our other customers."
"It'll get you from point A to B."
"The solution is reliable."
"The scalability is awesome, because QRadar includes other solutions in the same console."
"The most valuable features of IBM Security QRadar are flexibility, IBM support, and scalability."
"Like other common Linux distributions, some of the most valuable features of this solution are the ease of use and deployment. It's simple and has a lot of packages and a lot of software."
"Zabbix can use old data to current data to set the threshold. We can use previous data to set the threshold."
"The most valuable feature is that it provides network segregation for server monitoring."
"The pricing of the product is reasonable."
"The most valuable feature is the alert and alarm monitoring."
"The most valuable feature is the protocol to manage anything."
"Simple network monitoring that is easy to install and manage."
"The template system in Zabbix is very beneficial as it saves time in configuration."
"There is room for improvement in entity behavior and the integration site."
"The solution should allow for a streamlined CI/CD procedure."
"Some of the data connectors are outdated, at least the ones that utilize Linux machines for log forwarding. I believe that Microsoft is already working on improving this."
"The playbook development environment is not as rich as it should be. There are multiple occasions when we face problems while creating the playbook."
"Improvement-wise, I would like to see more integration with third-party solutions or old-school antivirus products that have some kind of logging capability. I wouldn't mind having that exposed within Sentinel. We do have situations where certain companies have bought licensing or have made an investment in a product, and that product will be there for the next two or three years. To be able to view information from those legacy products would be great. We can then better leverage the Sentinel solution and its capabilities."
"They can work on the EDR side of things... Every time we need to onboard these kinds of machines into the EDR, we need to do it with the help of Intune, to sync up the devices, and do the configuration. I'm looking for something on the EDR side that will reduce this kind of work."
"I would like Sentinel to have more out-of-the-box analytics rules. There are already more than 400 rules, but they could add more industry-specific ones. For example, you could have sets of out-of-the-box rules for banking, financial sector, insurance, automotive, etc., so it's easier for people to use it out of the box. Structuring the rules according to industry might help us."
"Add more out-of-the-box connectors with other SaaS platforms/applications."
"SOAR is what is expected the most from QRadar. They have something called SOAR Resilient, and it would be great if that gets induced in SIEM. IBM QRadar (as well as McAfee ESM) should have analytics platform integration. Currently, SIEMs don't have full-fledged integration with analytics where we are able to dump our data in SIEM, and the same data can be called from different analytics applications. We should be able to bring this data to a platform like Hadoop for big data and run the analytics there. Currently, people are seeing the past data and taking some actions in the present, but when it comes to analytics, there should be futuristic data where you can predict something out of your present and past data. Apart from that, I would like to see a full-fledged ITSM tool in QRadar. It sometimes has some technical issues that need to be checked. It requires a dedicated QRadar engineer to completely manage it. It has different module sets, such as event collector and event processor, and some technical glitches come in between. It takes the log but doesn't exactly process it in the way we want."
"From a functionality point of view there are issues sometimes."
"In a future release, the solution could provide malware analysis."
"It needs more resilience and functionality."
"We would like to see better instrumentation for debugging changes in the log flow."
"The weak signal detection with QRadar needs improvement. You can detect what you know, but what is unknown to the rule engine can't be detected."
"The biggest problem was built on top of the QRadar in the executive operations center network. The integration was not using the network security specialist properly, and all the incidents were inferior with QRadar. Its compatibility is not really good."
"Search capability and indexing still lag behind competitors. We also need to see improved rule based access controls and rule/event tuning."
"Even though it’s such a powerful monitoring system, it would be more helpful if it had a flexible UI."
"It could be more stable."
"There are not too much documentation or manuals. We found the tutorials very easy to understand but do not go deep enough in the use of Zabbix. We need more manuals, proper use, documentation, etc."
"Zabbix is powerful, but it is difficult to understand initially. There are many things that can be improved, but we might not be using Zabbix to its fullest extent. The software has more features than we need."
"There are areas of improvement. The database grows really fast. So, when you install Zabbix, you have to deal with some issues, like the database. We become pretty big very fast."
"I am having difficulties connecting it to Grafana, as well as some of the other plugins like Kibana."
"An area for improvement would be the ease of doing aggregation from the value or different devices."
"There are some features of Zabbix that are not good for reporting. The DX Spectrum solution has better reporting."
IBM Security QRadar is ranked 4th in Security Information and Event Management (SIEM) with 198 reviews while Zabbix is ranked 1st in Network Monitoring Software with 101 reviews. IBM Security QRadar is rated 8.0, while Zabbix is rated 8.2. The top reviewer of IBM Security QRadar writes "A highly stable and scalable solution that provides good technical support". On the other hand, the top reviewer of Zabbix writes "Allows any number of customizations but lacks functionality for finding root causes". IBM Security QRadar is most compared with Splunk Enterprise Security, Wazuh, LogRhythm SIEM, Elastic Security and Sentinel, whereas Zabbix is most compared with Centreon, Checkmk, SolarWinds NPM, Nagios Core and Nagios XI.
We monitor all Security Information and Event Management (SIEM) reviews to prevent fraudulent reviews and keep review quality high. We do not post reviews by company employees or direct competitors. We validate each review for authenticity via cross-reference with LinkedIn, and personal follow-up with the reviewer when necessary.