Try our new research platform with insights from 80,000+ expert users

ArcSight Logger vs IBM Security QRadar comparison

 

Comparison Buyer's Guide

Executive SummaryUpdated on Apr 6, 2025

Review summaries and opinions

We asked business professionals to review the solutions they use. Here are some excerpts of what they said:
 

Categories and Ranking

ArcSight Logger
Ranking in Log Management
31st
Average Rating
7.8
Reviews Sentiment
6.7
Number of Reviews
31
Ranking in other categories
No ranking in other categories
IBM Security QRadar
Ranking in Log Management
6th
Average Rating
8.0
Reviews Sentiment
6.8
Number of Reviews
208
Ranking in other categories
Security Information and Event Management (SIEM) (4th), User Entity Behavior Analytics (UEBA) (1st), Endpoint Detection and Response (EDR) (17th), Security Orchestration Automation and Response (SOAR) (4th), Managed Detection and Response (MDR) (9th), Extended Detection and Response (XDR) (11th)
 

Mindshare comparison

As of April 2025, in the Log Management category, the mindshare of ArcSight Logger is 0.8%, down from 1.2% compared to the previous year. The mindshare of IBM Security QRadar is 3.8%, down from 5.2% compared to the previous year. It is calculated based on PeerSpot user engagement data.
Log Management
 

Featured Reviews

Geraldo Freitas - PeerSpot reviewer
Enhances our security incident investigation but not good for correlation
Investigation is good when you know what you want to search for in Logger. The most difficult part is parsing the logs and configuring the parsers. For investigation, it's good. For correlation, it's not good. We use Sentinel, and Sentinel has pre-built use cases that are much easier to configure. So, it enhances our security incident investigation. We have inbound integration, but configuring the parsers is sometimes very difficult. We only have two use cases where we have a correlation set up. We send the information to Check Point to block IP addresses when we see a lot of blocks from the same source. We have a trigger. So, Logger automatically blocks these IP addresses. We could have Logger put them on a blacklist. So, it offers the ease of integration.
Md. Shahriar Hussain - PeerSpot reviewer
Real-time incident detection and user-friendly dashboard benefit daily operations
There are many types of AI, and this AI is very limited in SQL and features. There may be potential for improvement. So far, it seems very limited. It shows some good features in the correlation part, but I think there is room for improvement. For instance, when creating rules, it can suggest more rules, reducing the effort needed. If AI-related support can suggest rules and integrate with existing security devices like MD, IPS, this SIM can create more relevant rules. Sometimes logs I receive don't mean anything, and I need technical stakeholders to share or forward logs, but these are sometimes inadequate. Keywords can help identify insufficient logs. I often lack time to verify logs. Sharing false positive results could be reduced to help my team.

Quotes from Members

We asked business professionals to review the solutions they use. Here are some excerpts of what they said:
 

Pros

"It's a brilliant log collection tool, and it can handle hundreds of thousands of servers in a single shot to ingest the data."
"We haven't had any crashes or bugs. It is stable."
"It provides in-depth information on business activities once we log into the system."
"I am impressed with the product's ability to pick up logs. It also has UEBA which has reduced the time to take charge of the events."
"We have a trigger. So, Logger automatically blocks these IP addresses. We could have Logger put them on a blacklist."
"Some of the most valuable features I really appreciate are the performance, how quick the solution is, and how easy it is to create a query."
"It is one of the best products available in the market."
"The technical support team is good...It is a scalable solution."
"One very useful feature is the plug-in offering that allows you to integrate it with other solutions, such as integrating it with plug-ins like Scout, Carbon Black, and the rest."
"It is a very good SIEM."
"The solution is flexible and easy to use."
"We have worked with other solutions, such as LogRhythm and Splunk. Compared to others, IBM QRadar has the best price-performance ratio so that you are able to reserve minimum costs. It starts settling in fast and gets the first results very quickly. It is also very scalable."
"The stability is good."
"It is really helpful to us from the compliance point of view."
"Integration is very easy and the reporting is good."
"Stability-wise, I rate the solution a ten out of ten."
 

Cons

"I had some latency issues for two months. I had to increase our storage capacity significantly to reduce the latency."
"It would be better if the product is cheaper."
"The speed of Logger indexing and searching for certain bugs for some queries that we provide could be improved. It can handle a huge number of logs but it can be improved."
"I think the ArcSight team should try to simplify legacy products for the customers, because that product is not easy to use or to work with. It needs more more competency or appeal to use. We hope Micro Focus is trying to resolve this."
"The solution should make it possible to integrate network analysis features."
"I would like to see better scheduling in the next release of this solution."
"The console in older versions is not user-friendly."
"The product's connectors should work better and the user manuals need an update."
"We sometimes experience downtime, but it depends on the version. There is some variability."
"Technical support really needs to be improved. Right now, they aren't where they need to be at all."
"IBM QRadar has a margin for development, for out-of-the-box use cases. It can be enhanced with better support and automate the use cases for that."
"IBM QRadar User Behavior Analytics could improve machine learning use cases because they are limited and most of the use cases are rule-based. They should develop more use cases, such as in Securonix or Exabeam because they will detect a threat. Using machine learning is mainly on the correlation rules, but if you think about Exabeam or Securonix, they detect using machine learning or machine learning-based algorithms."
"The features that could be improved include the licensing model and the dashboards and all those presentations. Overall, the user experience part can be improved."
"Communication between the silos sometimes becomes an issue, making it an area where improvements are required."
"The reporting system could use some upgrading."
"IBM QRadar has outdated technology, and this is its area for improvement. When you try to implement an analytic expression, it's not updated. The solution doesn't support newer technologies, and it doesn't update regularly. For example, around the world, others implement new technologies, while IBM updates later than others."
 

Pricing and Cost Advice

"We have a lifetime license, so we don't pay a monthly fee."
"ArcSight is an expensive solution."
"It's not cheap at all as it's a big product and has been in the market for quite some time now."
"ArcSight Logger is very expensive compared to their competitors, but when we talk to the customer and explain what the features are and how we can scale, they understand. Still, ArcSight is more expensive than the competition."
"Pricing is reasonable compared to similar tools on the market. They offer perpetual licenses."
"I rate the product’s pricing a seven out of ten, where one is inexpensive, and ten is expensive."
"The pricing is quite harsh."
"I would rate the product a seven out of ten since it's an enterprise product."
"We use QRadar as a managed service and we pay licensing fees to the partner."
"It is overly expensive and overly complex in terms of licensing. They have many different appliances, which makes it extremely difficult to choose the technology. It is very difficult to choose the technology or QRadar components that you should be deploying. They have improved some of it in the last few years. They have made it slightly easy with the fact that you can now buy virtual versions of all the appliances, which is good, but it is still very fragmented. For instance, on some of the smaller appliances, there is no upgrade path. So, if you exceed the capacity of the appliance, you have to buy a bigger appliance, which is not helpful because it is quite a major cost. If you want to add more disks to the system, they'll say that you can't."
"Only enterprise businesses can afford the tool."
"The product is expensive. We have purchased the perpetual license, but we pay for the support."
"think the pricing is quite flexible."
"Most of the time, it is easier and cheaper to buy a new product or the QRadar box."
"found other solutions, with more features at the same cost or less. You don’t have to leave the Gartner Magic Quadrant to beat their price."
"The tool is priced in a competitive manner. The tool's price is dependent on the installation and the product size, but it is competitive in the marketplace."
report
Use our free recommendation engine to learn which Log Management solutions are best for your needs.
848,716 professionals have used our research since 2012.
 

Comparison Review

VS
Jun 28, 2015
Qradar vs. ArcSight
Continuing with the SIEM posts we have done at Infosecnirvana, this post is a Head to head comparison of the two Industry leading SIEM products in the market – HP ArcSight and IBM QRadar Both the products have consistently been in the Gartner Leaders Quadrant. Both HP and IBM took over niche SIEM…
 

Top Industries

By visitors reading reviews
Financial Services Firm
19%
Computer Software Company
17%
Government
9%
Educational Organization
6%
Educational Organization
24%
Computer Software Company
14%
Financial Services Firm
10%
Government
6%
 

Company Size

By reviewers
Large Enterprise
Midsize Enterprise
Small Business
 

Questions from the Community

What do you like most about ArcSight Logger?
We have a trigger. So, Logger automatically blocks these IP addresses. We could have Logger put them on a blacklist.
What is your experience regarding pricing and costs for ArcSight Logger?
The pricing isn't the problem. We have a lifetime license, so we don't pay a monthly fee.
What needs improvement with ArcSight Logger?
The solution has room for improvement. We're currently upgrading to the newer version, where they have something like Kafka, a hub for all solutions feeding information into Logger. However, I thin...
What are the biggest differences between Securonix UEBA, Exabeam, and IBM QRadar?
It mostly depends on your use-cases and environment. Exabeam and Securonix have a stronger UEBA feature set, friendlier GUI and are not licensed based on capacity (amount of logs and information in...
What SOC product do you recommend?
For tools I’d recommend: -SIEM- LogRhythm -SOAR- Palo Alto XSOAR Doing commercial w/o both (or at least an XDR) is asking to miss details that are critical, and ending up a statistic. Also, rememb...
What is your experience regarding pricing and costs for IBM Security QRadar?
The cost depends. The price I negotiated varies by region and relationship with the OEM. Cost is not shared due to another procurement team handling negotiations, but it was reasonable as far as I ...
 

Also Known As

Micro Focus Arcsight Logger, HPE Arcsight Logger
IBM QRadar, QRadar SIEM, QRadar UBA, QRadar on Cloud, IBM QRadar Advisor with Watson
 

Overview

 

Sample Customers

China Merchants Bank, Bank AlJazira, Banca Intesa
Clients across multiple industries, such as energy, financial, retail, healthcare, government, communications, and education use QRadar.
Find out what your peers are saying about ArcSight Logger vs. IBM Security QRadar and other solutions. Updated: April 2025.
848,716 professionals have used our research since 2012.