Capabilities in your IBM QRadar product
IBM® QRadar® product documentation describes functionality such as offenses, flows, assets, and historical correlation, that might not be available in all QRadar products. Depending on the product that you are using, some documented features might not be available in your deployment.
- IBM QRadar Log Manager
-
QRadar Log Manager is a basic, high-performance, and scalable solution for collecting, analyzing, storing, and reporting on large volumes of network and security event logs.
- IBM QRadar SIEM
-
QRadar SIEM is an advanced offering that includes the full range of security intelligence capabilities for on-premises deployments. It consolidates log source and network flow data from thousands of assets, devices, endpoints, and applications that are distributed throughout your network, and performs immediate normalization and correlation activities on the raw data to distinguish real threats from false positives.
- IBM QRadar on Cloud
-
QRadar on Cloud provides IBM security professionals to manage the infrastructure, while your security analysts perform the threat detection and management tasks. You can protect your network, and meet compliance monitoring and reporting requirements, with reduced total cost of ownership.
QRadar product capabilities
Review the following table to compare the capabilities in each QRadar product.
Capability | QRadar SIEM | IBM QRadar on Cloud | IBM QRadar Log Manager |
---|---|---|---|
Full administrative capabilities | Yes | No | Yes |
Supports hosted deployments | No | Yes | No |
Customizable dashboards | Yes | Yes | Yes |
Custom rules engine | Yes | Yes | Yes |
Manage network and security events | Yes | Yes | Yes |
Manage host and application logs | Yes | Yes | Yes |
Threshold-based alerts | Yes | Yes | Yes |
Compliance templates | Yes | Yes | Yes |
Data archiving | Yes | Yes | Yes |
IBM Security X-Force® Threat Intelligence IP reputation feed integration | Yes | Yes | Yes |
WinCollect stand-alone deployments | Yes | Yes | Yes |
WinCollect managed deployments | Yes | No | Yes |
Network activity monitoring | Yes | Yes | No |
Asset profiling | Yes | Yes | No 1 |
Offenses management | Yes | Yes | No |
Network flow capture and analysis | Yes | Yes | No |
Historical correlation | Yes | Yes | No |
QRadar Network Insights integration | Yes | Yes | No |
QRadar Vulnerability Manager integration | Yes | Yes | Yes |
QRadar Risk Manager integration | Yes | No | No |
QRadar Incident Forensics integration | Yes | No | No |
Vulnerability assessment scanners | Yes | Yes | Yes |
1 QRadar Log Manager tracks asset data only if QRadar Vulnerability Manager is installed.
Some documentation, such as the Administration Guide and the User Guide, is common across multiple products and might describe capabilities that are not available in your deployment. For example, IBM QRadar on Cloud users do not have full administrative capabilities as described in the IBM QRadar Administration Guide and do not have access to API endpoints that require the admin security profile.