[pas]

The simple fact, that IBM stuff is never used by big sites (fb, spotify, google, etc..) despite their solutions being available for ages should lead anyone to the conclusion that they are salesware.

QRadar is a glorified syslog server with a query interface (bought by IBM in 2011, formerly developed by Q1 Labs, est 2001), and ... again the fact that Splunk is available (started 2 years after Q1 Labs), that the ELK stack is even mentioned in SIEM circles, that OSSIM an open source alternative is seen as more usable all just point to the conclusion that QRadar too is just salesware :/

[ChuckNorris89]

> The simple fact, that IBM stuff is never used by big sites (fb, spotify, google, etc..) despite their solutions being available for ages should lead anyone to the conclusion that they are salesware.

They are used by big sites, governments are the biggest sites you can get.

[majkinetor]

Gov systems are orders of magnitude smaller then Facebook & friends.

[dta3456]

I don't think QRadar is Salesware, we use it in our SOC and it's not bad. It's serviceable at least.

[pas]

What does serviceable means for QRadar?

[klausjensen]

What's salesware?

[tmikaeld]

Sales people pitch it to executives, shows some fancy demo and then sign a contract that's "appealing" in cost and "savings".