No more typing reviews! Try our Samantha, our new voice AI agent.

IBM Security QRadar vs LogRhythm UEBA [EOL] comparison

Sponsored
 

Comparison Buyer's Guide

Executive SummaryUpdated on Jun 3, 2026

Review summaries and opinions

We asked business professionals to review the solutions they use. Here are some excerpts of what they said:
 

Categories and Ranking

Cortex XDR by Palo Alto Net...
Sponsored
Average Rating
8.4
Reviews Sentiment
6.8
Number of Reviews
112
Ranking in other categories
Endpoint Protection Platform (EPP) (4th), Endpoint Detection and Response (EDR) (6th), Extended Detection and Response (XDR) (4th), Ransomware Protection (2nd), AI-Powered Cybersecurity Platforms (1st)
IBM Security QRadar
Average Rating
8.0
Reviews Sentiment
6.6
Number of Reviews
218
Ranking in other categories
Log Management (6th), Security Information and Event Management (SIEM) (2nd), User Entity Behavior Analytics (UEBA) (3rd), Endpoint Detection and Response (EDR) (10th), Security Orchestration Automation and Response (SOAR) (5th), Managed Detection and Response (MDR) (7th), Extended Detection and Response (XDR) (10th)
LogRhythm UEBA [EOL]
Average Rating
7.2
Reviews Sentiment
6.5
Number of Reviews
12
Ranking in other categories
No ranking in other categories
 

Featured Reviews

ABHISHEK_SINGH - PeerSpot reviewer
Senior Process Expert at A.P. Moller - Maersk
Gained full visibility and streamlined threat detection through behavior-based insights and AI integration
Initially, we got to have a lot of false positives when we onboarded, but nowadays it's quite smooth. We have fine-tuned our security policies and allowed different levels of policies to get rid of those false positives. Currently, we are getting a fairly good amount of incidents that are not false positives or benign, but actionable items. The process is streamlined. In the initial days, the operations used to get involved in a lot of benign and other activities, but now the process is streamlined. We are leveraging the auto-detection and remediation plans. The operations teams are now more involved in other business roles as well, not just looking into the logs and fetching out what's happening there. They have fixed a lot of things. Initially, they didn't have IAC code drift detection, cloud posture management, or security posture management, but they have those now. They purchased different vendors and did a merger with that. They have now Prisma Cloud that gets integrated and now they are working with Cortex Cloud. Everything that was negative has now been addressed, and the product altogether looks to be in a very better and mature shape now. Currently, it's more or less detecting the workloads with AI-based best practices. Since most organizations are consuming AI agents and other things, we are looking forward to seeing what other feature enhancements Palo Alto can support in that.
HarshBhardiya - PeerSpot reviewer
SOC Engineer at a outsourcing company with 10,001+ employees
Have managed daily asset and alert monitoring effectively but have encountered limitations with manual processes and interface usability
It's still very manual and doesn't work on its own. It's still in an early stage and not on par where we can consider it a really successful detection system. The accuracy is not there. The UI could be better when compared to Sentinels where we can use flags and tagging. It could be much more user-friendly. IBM Security QRadar has all features and is fully competitive with other SIEM tools, but when it comes to user-friendliness, a new user takes time to get used to it. More intuitive, user-friendly interfaces and more helpful documentation would be beneficial. The query searching and data fetching could be faster. In large to very large organizations with around 5,000 or 6,000 assets or beyond, even with proper configurations and RAM and hardware backing up, the query is fairly slow.
Venda E - PeerSpot reviewer
Cloud Option Engineer at a tech vendor with 10,001+ employees
Behavior analytics has improved insider threat detection and reduces false positives for our team
The best features LogRhythm UEBA [EOL] offers are its behavioral balancing, baselining, risk scoring, and correlation with SIEM events, and what stands out most is risk scoring, which gives clear visibility into which user behaviors are genuinely risky and helps our team to focus on the highest priority threats without drowning in noise. Risk scoring helps us to quickly identify which users' activity needs immediate attention by clearly ranking threats based on impact and likelihood; it changes our day-to-day operations by reducing time spent on low-risk alerts and allowing the team to prioritize investigations and response actions more effectively and consistently. LogRhythm UEBA [EOL] has positively impacted our organization by improving our ability to detect insider threats and compromised accounts earlier, resulting in better security visibility, reduced false positives, and faster investigations and response times, which helped the team operate more effectively with greater confidence. I observed a noticeable reduction in false positive alert volume, which shortened the investigation time per incident, improving the mean time to detect and respond, and helping identify high-risk user activities earlier, which prevented potential security incidents from escalating.

Quotes from Members

We asked business professionals to review the solutions they use. Here are some excerpts of what they said:
 

Pros

"Since they've done their most recent update, the ease to isolate endpoints is valuable. If we find one where there is a virus on it, we can easily isolate it. We don't even have to contact the user. We don't have to manually take them off the network. We can easily isolate them."
"Based on my experience, I would recommend Cortex XDR by Palo Alto Networks to other people."
"My advice for others looking into using Cortex is that it is very easy to use and very useful for the customer environment, whether it's a public or private one."
"The product's initial setup phase is very easy."
"I've found the solution to be highly scalable for enterprises."
"When the pandemic started, Palo Alto came up with many solutions, which helped with the quick shift from on-premises to the cloud."
"From the Palo Alto side, whatever they buy, they integrate that really well into their integration suite, and that makes a massive difference."
"Cortex XDR by Palo Alto Networks is specifically designed to prevent zero-day attacks and is part of an ecosystem of Palo Alto, providing customers with a long-term vision to modify and redesign how security is applied in their company."
"It has a lot of good correlation rules. From a customer's point of view, it is one of the best solutions because you don't need to create correlation rules from scratch. You just review them and customize them as you want."
"The correlation and the parsing are important features, since it is very important for a SIEM to have a good scalability and performance."
"The support is very good. We get support whenever we need it. Sometimes they respond immediately and sometimes it will be within 24 hours. We can ask them to please do it right away and they can get a request done within an hour or two."
"QRadar is built around Red Hat Linux, which is highly robust."
"I suggest others to go with IBM Security QRadar because it is an IBM product and many companies and bank environments are using IBM Security QRadar because of its strong visibility and analysis capabilities."
"We were using a different solution, and we moved to QRadar; it has some more benefits than our previous solution, and we have totally transferred to QRadar now."
"It is really helpful to us from the compliance point of view."
"It provides many options for searching. I can see devices from different vendors, like Cisco, in one interface, which is good for me."
"I definitely think that it's good at finding things automatically, versus trying to define it."
"The tool's most valuable feature is server threat hunting."
"LogRhythm UEBA’s best feature is the dashboard. It provides several graphs, charts, and event logs."
"I typically use the product for reducing cyber risk, and I can investigate attacks more quickly using machine learning tools."
"What I like most about LogRhythm UEBA is that it allows you to identify and analyze end-user behaviors and suspicious activities within the systems."
"It is easy to monitor users and that is how the solution is adding value to our firm."
"Licensing is on a yearly basis, and it's not expensive compared to its competitors."
"The most valuable features are file activity monitoring and registry activity monitoring."
 

Cons

"One thing that was missing was the integration part. Currently, they don't have out-of-box integration with IBM QRadar, or if they have the integration, the integration doesn't work well."
"The encryption is not up to the mark."
"It's very time-consuming to log support issues and the people that answer the tickets aren't very knowledgeable."
"If Palo Alto reduces the pricing slightly for their products, it would make them more scalable in markets such as India and globally for cybersecurity."
"Cortex XDR by Palo Alto Networks could improve by offering remote management. It would be useful to look at the client's issue to fix it."
"Technology evolves every day, so it would be nice if it gets more secure. It can also have more integration with other platforms."
"It's more focused on network communication. If a customer wants to increase the level of protection and start working with documents, it's impossible to integrate these features into the system. It's more of a communication-oriented system than a content security-oriented system."
"In reporting they should have a customizable dashboard due to the fact that C-level people don't like reporting to the IT department. They prefer to have a real-time dashboard. That kind of dashboard needs to have various customizations."
"I need a solution which will send alerts in the event of any behavior."
"SOAR is what is expected the most from QRadar. They have something called SOAR Resilient, and it would be great if that gets induced in SIEM. IBM QRadar (as well as McAfee ESM) should have analytics platform integration. Currently, SIEMs don't have full-fledged integration with analytics where we are able to dump our data in SIEM, and the same data can be called from different analytics applications. We should be able to bring this data to a platform like Hadoop for big data and run the analytics there. Currently, people are seeing the past data and taking some actions in the present, but when it comes to analytics, there should be futuristic data where you can predict something out of your present and past data. Apart from that, I would like to see a full-fledged ITSM tool in QRadar. It sometimes has some technical issues that need to be checked. It requires a dedicated QRadar engineer to completely manage it. It has different module sets, such as event collector and event processor, and some technical glitches come in between. It takes the log but doesn't exactly process it in the way we want."
"QRadar needs to be improved on the storage side, particularly when the disc exceeded the maximum threshold."
"IBM technical support is always terrible."
"AI is superb but need improvements."
"It needs more resilience and functionality."
"They keep on adding products based on a simple feature set that they can do real well, but they can't integrate them into the rest of the security economy."
"I would like to see some artificial intelligence and alternative solutions."
"In general, if something needs to be improved in the algorithm, it would be the dashboards."
"LogRhythm UEBA [EOL] could be improved with more flexible tuning options and clearer model transparency to better understand why certain behaviors are flagged; enhanced integrations with additional data sources and more intuitive dashboards would also help improve usability and investigation efficiency."
"The UI could be improved a little bit."
"It would be helpful if there were more guidance provided for integrating with unsupported devices."
"The on-premises LogRhythm is not very scalable. When considering packets per second or the MPS needed for additional logs such as web application logs, scalability is usually found in cloud products."
"The solution is very expensive. There are also costs beyond the standard licensing fee."
"The only problem is that the agents consume too much memory and system resources; the memory and resource consumption is high."
"The product should improve its dashboards. Splunk has neat dashboards. Additionally, we would like to enhance the use cases provided by LogRhythm as its use case library is not as extensive as other tools. Its machine-learning capabilities need to improve when compared to other solutions. It lacks risk quantification in a single, transparent view for individuals such as CSOs."
 

Pricing and Cost Advice

"Its pricing is kind of in line with its competitors and everybody else out there."
"Traps pays for itself within the first 16 months of a three-year subscription. This is attributed to OPEX savings, as security teams spent less time trying to identify and isolate malware for analysis as a result of a reduction in malware incidents, false positives, and breach avoidance."
"When we first bought it, it was a bit expensive, but it was worth it. The licensing was straightforward."
"I don't like that they have different types of licenses."
"I did PoCs on products called Cylance and CrowdStrike. Although, I consider these products and they were also good, when it come to cost and budgetary factors, Traps has been proven to be better than the other two products. It is quite cost-effective and delivers all the entire solution which we require."
"It is present, but when compared to other competitive products, I would say it is not less expensive; however, when all of the other added values are considered, the price is reasonable."
"It's about $55 per license on a yearly basis."
"Cortex XDR by Palo Alto Networks is an expensive solution."
"Licensing is very expensive, IBM QRadar is a very expensive solution. If you want to minimize costs then IBM QRadar is not for you."
"I would like for them to lower the price."
"I think that the price is fair, but we can always say that the price could be cheaper."
"Pricing (based on EPS) will be more accurate."
"It is overly expensive and overly complex in terms of licensing. They have many different appliances, which makes it extremely difficult to choose the technology. It is very difficult to choose the technology or QRadar components that you should be deploying. They have improved some of it in the last few years. They have made it slightly easy with the fact that you can now buy virtual versions of all the appliances, which is good, but it is still very fragmented. For instance, on some of the smaller appliances, there is no upgrade path. So, if you exceed the capacity of the appliance, you have to buy a bigger appliance, which is not helpful because it is quite a major cost. If you want to add more disks to the system, they'll say that you can't."
"A good approach would be to begin with an On Cloud subscription, then later on do a more exact sizing."
"The price of this solution is a little bit expensive, so if it were cheaper then it would help."
"It would be great if this product were cheaper."
"It is quite a budget-friendly product."
"As LogRhythm UEBA is pretty expensive, I'd give its pricing a seven out of ten."
"Licensing is on a yearly basis. It's not expensive compared to its competitors."
"LogRhythm UEBA's pricing is affordable for small and medium businesses."
"I rate the product's pricing a three out of ten. However, the cloud version is expensive. You need to hire professional services for deployment and migrations, which can be expensive."
"The pricing is nice when compared to other products in the industry."
report
Use our free recommendation engine to learn which User Entity Behavior Analytics (UEBA) solutions are best for your needs.
900,644 professionals have used our research since 2012.
 

Comparison Review

VS
Manager, Enterprise Risk Consulting at a tech company with 1,001-5,000 employees
Jun 28, 2015
Qradar vs. ArcSight
Continuing with the SIEM posts we have done at Infosecnirvana, this post is a Head to head comparison of the two Industry leading SIEM products in the market – HP ArcSight and IBM QRadar Both the products have consistently been in the Gartner Leaders Quadrant. Both HP and IBM took over niche SIEM…
 

Top Industries

By visitors reading reviews
Construction Company
12%
Financial Services Firm
11%
Manufacturing Company
10%
Comms Service Provider
9%
Financial Services Firm
12%
Computer Software Company
10%
Construction Company
8%
Manufacturing Company
8%
Retailer
10%
Construction Company
10%
Computer Software Company
10%
Financial Services Firm
8%
 

Company Size

By reviewers
Large Enterprise
Midsize Enterprise
Small Business
By reviewers
Company SizeCount
Small Business46
Midsize Enterprise20
Large Enterprise52
By reviewers
Company SizeCount
Small Business92
Midsize Enterprise39
Large Enterprise107
By reviewers
Company SizeCount
Small Business4
Midsize Enterprise4
Large Enterprise4
 

Questions from the Community

Cortex XDR by Palo Alto vs. Sentinel One
Cortex XDR by Palo Alto vs. SentinelOne SentinelOne offers very detailed specifics with regard to risks or attacks. ...
Comparing CrowdStrike Falcon to Cortex XDR (Palo Alto)
Cortex XDR by Palo Alto vs. CrowdStrike Falcon Both Cortex XDR and Crowd Strike Falcon offer cloud-based solutions th...
How is Cortex XDR compared with Microsoft Defender?
Microsoft Defender for Endpoint is a cloud-delivered endpoint security solution. The tool reduces the attack surface,...
What are the biggest differences between Securonix UEBA, Exabeam, and IBM QRadar?
It mostly depends on your use-cases and environment. Exabeam and Securonix have a stronger UEBA feature set, friendli...
What SOC product do you recommend?
For tools I’d recommend: -SIEM- LogRhythm -SOAR- Palo Alto XSOAR Doing commercial w/o both (or at least an XDR) is a...
What is your experience regarding pricing and costs for IBM Security QRadar?
Pricing and the license of EPS were managed by the governance team. I was not responsible for managing those. I was s...
What needs improvement with LogRhythm UserXDR?
In general, if something needs to be improved in the algorithm, it would be the dashboards. The dashboards with solut...
What is your primary use case for LogRhythm UserXDR?
I typically use the product for reducing cyber risk, and I can investigate attacks more quickly using machine learnin...
What advice do you have for others considering LogRhythm UserXDR?
I would not necessarily recommend LogRhythm due to its complexity and lack of modularity. I would always recommend Sp...
 

Also Known As

Cyvera, Cortex XDR, Palo Alto Networks Traps
IBM QRadar, QRadar SIEM, QRadar UBA, QRadar on Cloud, IBM QRadar Advisor with Watson
LogRhythm UserXDR, LogRhythm Enterprise UEBA
 

Overview

 

Sample Customers

CBI Health Group, University Honda, VakifBank
Clients across multiple industries, such as energy, financial, retail, healthcare, government, communications, and education use QRadar.
Information Not Available
Find out what your peers are saying about Exabeam, One Identity, IBM and others in User Entity Behavior Analytics (UEBA). Updated: June 2026.
900,644 professionals have used our research since 2012.