Graylog, headquartered in Houston, offers their eponymous platform for centralized log management that helps users find meaning in data faster so as to take action immediately. Graylog is available via Enterprise and Cloud plans, but also has a Small Business Plan, and an Open (free) plan with limited features.
N/A
IBM Security QRadar SIEM
Score 8.9 out of 10
N/A
IBM Security QRadar is security information and event management (SIEM) Software.
N/A
Pricing
Graylog
IBM Security QRadar SIEM
Editions & Modules
No answers on this topic
No answers on this topic
Offerings
Pricing Offerings
Graylog
IBM Security QRadar SIEM
Free Trial
No
Yes
Free/Freemium Version
Yes
No
Premium Consulting/Integration Services
No
No
Entry-level Setup Fee
No setup fee
No setup fee
Additional Details
—
—
More Pricing Information
Community Pulse
Graylog
IBM Security QRadar SIEM
Considered Both Products
Graylog
Verified User
Anonymous
Chose Graylog
Azure Monitor is not exactly what I mean, but I couldn't find Azure Application Insights. Anyway, for a large organization, Azure makes more sense than using Graylog because a lot of logging will already be inside Azure. And you don't want to have two "central" logging …
We use the free edition, because it is free and open source. We evaluated numerous other products, but we decided to go down the Graylog track because of initial costs. While the competition (Splunk, AlienVault, etc.) are very good products and come highly recommended, it …
In terms of log aggregation, the free product fully stacks up with the competitors listed. Full control over the data ingests for flexible configuration. Graylog even better on that front than Alienvault USM because you cannot configure the variable mapping. We haven't used …
Graylog does what other similar products that cost more do, but the more expansive one typically has more features or are multiple products wrapped in one. We went with Graylog because it does everything we need it too, and the price was less than other and fit into our budget. …
We previously used Syslog(-ng) and considered moving to the Logstash with Kibana as part of the standard ELK stack as we are consumers of ELK in other scenarios, but we determined that maintaining a distributed Graylog system was going to require less work overtime for our main …
Graylog provides some great functionality for free. There are some more premium products that would handle more logs and would be a little easier to configure.
Due to its performance, it is a more practical way to analyze and respond to an incident. It is a graphic with good interaction and multiple integrated platforms.
I would always recommend Splunk over IBM Security QRadar SIEM unless you're trying to save money or only onboarding and normalizing well known data sources. IBM Security QRadar SIEM doesn't seem to handle RBA and complicated, chaining correlation rules very effectively and if I …
We chose IBM Security QRadar SIEM not only because it was a leader but because it convinced us it was a solid product suitable for multiple scenarios but most importantly we needed a really secure and powerful software for our infrastructure.
IBM Security QRadar SIEM has been quite a revolutionary siem solution compared to its counterparts. Be it the use case building to maintaining log source integrations, Qradar has proved to be one of the most efficient and easy to use solution. Having IBM SOAR along with the …
It provides practicality by containing several domains in a single tenant and being able to subdivide them in a single place, in addition to the fact that the price is very competitive in the market.
The QRadar licensing process is based on EPS (Events Per Second) and there are no limitations on event collection, regardless of the origin of the logs. This becomes an advantage as the price is agreed between the parties before purchase, so you have knowledge of what you can …
ArcSight is more difficult to understand and administer, and it looks more like a box for programming and needs a lot of high-level skills personnel. IBM Security QRadar SIEM is well suited for organization cybersecurity in large and medium organizations. IBM Security QRadar …
IBM Security QRadar SIEM offers a wide range of features and capabilities, such as behavioral analysis, event correlation and incident management, making it a robust and effective choice.
QRadar's open architecture is easy to integrate with a wide range of security tools and third-party applications, which are available at the IBM X-force library to enhance overall flexibility. Its powerful analytics and correlation capabilities provide advanced threat detection …
I found that IBM Security QRadar SIEM has better threat detection methods and the identification of cyber kill chains followed by attackers. Analysis of the data gives visibility that other SIEM solutions need to improve. Integration in IBM Security QRadar SIEM is also better …
User friendly and use case management portal which helps to get brief idea about security posture based on mitre mapping is best thing i have experienced in qradar.
IBM Qradar takes the best from its competitors. Reliable and stable but sometimes very expensive, the SIEM from IBM offers a wide range of scenarios in which the customers can suite and size their own infrastructures. IBM Qradar doesn't really needs to stack up againt its …
As a part of core security service provider, we could not stand with the tools that are used as a generic data processor. The compliance, log reading and events are well managed in QRadar compared to other tools
If you already have a basic understanding of Elasticsearch and/or MongoDB, Graylog will be a great fit when it comes to log aggregation. It will be a decent option even if you don't have any experience but have the time and willingness to roll up your sleeves that learning those tools will require. Graylog supports plugins to extend functionality for things like SNMP traps, telemetry collection, and solar flares. As is the case with most software with plugins, if the core functionality for which you are looking (i.e. not logging) is based on a plugin, Graylog probably isn't for you. The majority of the plugins in the marketplace are developed by third-parties looking to solve their specific use case so bug fixes and new features are not a given.
QRadar is very well suited on environments where there are not multiple tenants or domains, we do have success on this kind of scenario. IBM Security QRadar SIEM is less appropriate for environments with multiple tenants, specially when each tenant represent a different End Costumer (such as for MSSP companies), those environments require a high amount of rules and building blocks replications, since each tenant will have its own "BB definitions", servers, rules exception, etc. Also, some information, such as EPS count or EPS dropped are generated by QRadar's own log sources, which takes place on default domain, therefore users associated with different domain can not have access to those logs, even when the information is related to other domain's environment. For example, even if Event Collector 1 is associated to Domain A, the log informing its dropped EPS is generated by System notification, log source that must be associated to Default domain.
Need to spend more time configuring the system to properly interpret and normalize different type of data collected from multiple resources.
While Rule creation QRadar uses that rules to detect security threats and generate alerts, but to creating and managing rules is bit complex & tedious work to complete.
IBM Security QRadar SIEM is excellent in handling large & complex systems that requires in-depth knowledge and extensive training to configure and maintain the system which includes upgrading, optimization of performance & issue troubleshooting.
With the arrival of IBM Security QRadar SIEM at our company, we have a better vision of all the security needs that may arise, it is a very safe software to use that prevents threats from damaging our IT environment, it is impossible to change it for another software.
As a grade I give 8 as QRadar is not easy to learn. It requires some time to master it. It also needs a team of people actively working on the product. Once you learn to use it the software works very well and it is easy to correlate and understand detected threats. It only takes time to learn how to use it well and configure it properly.
I am still unhappy with the pricing model for the enterprise. Graylog competes against the likes of IBM and Splunk, but your still the new kid on the block. To price Graylog enterprise at 50k for 20GB ingest an unrealistic data. It would require multiple facets of Graylog to be stood up and only forward pruned logs to the paid version.
Customer support is Good of IBM, While Using IBM QRadar its deployment is to slow and suddenly stop working and crashed we have contacted IBM Support and Rised a Ticket within a few minute we get call back from customer support and Query Resolved by them Fast And Rapid Support of Ibm
The training was very useful and the people who taught us were very knowledgeable. Although the software may initially seem difficult to learn they made things much easier for us.
The training was very useful and the people who taught us were very knowledgeable. Although the software may initially seem difficult to learn they made things much easier for us.
Initial patience is required to learn how to use the product, and it takes a dedicated team to use it. One person is not enough, and it's not enough to just set it up and check it once in a while. It has to be used daily and kept under control to be used effectively
Azure Monitor is not exactly what I mean, but I couldn't find Azure Application Insights. Anyway, for a large organization, Azure makes more sense than using Graylog because a lot of logging will already be inside Azure. And you don't want to have two "central" logging locations. But Azure is chaos and highly "not intuitive." So for small and mid-size organizations, Graylog is still the better option.
I would always recommend Splunk over IBM Security QRadar SIEM unless you're trying to save money or only onboarding and normalizing well known data sources. IBM Security QRadar SIEM doesn't seem to handle RBA and complicated, chaining correlation rules very effectively and if I had to write a custom add-on for custom data, I found it easier to do so in Splunk.