Security Information and Event Management (SIEM) Reviews and Ratings

During my 5 years of experience ( so far ) with Splunk, i had the privilege to be in classes with Splunk educators, and i also had the chance to interact with Splunk support as well as Splunk Sales persons. All i can say is that i was always in good hands!

LogRhythm SIEM helps our company enrich data with contextual information using pre identified threats and vulnerabilities. It helps us meet regularly requirements and helps streamline audit processes. It has amazing dashboard which shows actionable insights

As a SOC admin at my organization, my overall experience with the QRadar (7.5) has been positive. The platform offers robust threat detection capabilities and comprehensive log management, which are essential for our Security Ops. The user interface is intuitive and user friendly and making it easier to navigate and configure. However, occasional parsing issues and DSM related but can be overcome by customization. QRadar significantly enhanced our ability to monitor and respond to security incidents effectively. Additionally, the support documentation provided are quite helpful in resolving any issues promptly. Overall, QRadar is a reliable and powerful tool for our security needs. Qradar and its easy deployment of EC EP and Console (that is also All-in-one) is widely used in the organizations and in our company which makes the events and flows to fetch easily and smoothly.

Trellix Security Manager is an easy to use security software that helps prevent against viruses and threats on emails, applications, etc. It provides easy to read reports and can be used on both computers and smartphones.

Splunk Enterprise Security offers centralized log management for our security team and data associates by gathering and analyzing data from across our organization's IT resources and granting up-to-date visibility into all security events. Our experience with the platform has been monumental so far.

i like to work with elastic security as there as a lot of use cases and covered a lots of challenge or issues may anyone faced

After years of search of a good SIEM and testing some ones, we found LogPoint as a SIEM that our requirements fullfill.

comprehensive security solution Have advanced threat detection Easy compliance& regulatory multi-functionality tool

InsightIDR is an extremely versatile SIEM, offering multiple ways to deploy it with little to no downtime to your workflow. Deploying it into each workstation and adding new log sources is typically a breeze, and you are able to import logs from multiple sources such as S3 buckets. There is a very big degree of customization that you can do with your logging, and their automatic rule-builder is very useful when parsing unknown logs.

solarwinds event manager is the best to manage all the network events such as device down, interface down etc and is being used as per our requirement that when we want to trigger the event.

I really enjoy working with Exabeam because have been improving all their capabilities through time making my work easier and faster every time. The visualization capabilities have been improved a lot and let us have a lot of important information in a single view. I also enjoy the customization capabilities that offer for everything, since making new parsers (or modifying existing ones) as well as create new use cases creating new models and rules for Advanced Analytics. We also reduce a lot of time because of the SOAR capabilities we have once we find something anomalous or interesting. Finally the threat hunter module help us find interesting things through the organization very quickly.

SIEM Engineering for over 15 in ArcSight in different countries with different

For me Splunk Cloud is the most advanced and reliable tools that is full-featured and efficient customer support which is very proactive and responsive 24/7. Its used by the whole department which has been very helpful a lot in security information and event management. It offers real-time analysis which are good for accurate insights which i use to make data-driven decisions. It also enables me to create easy-to-follow dashboards that i easily share with other users. It also very fast and reliable to use and also the learning curve is not very steep. It also helps us by consolidating multiple data points and offers several features and creating dashboards and managing alert workflows. Overall this has been a terrific tool on handling our security concerns and efficiency while managing our environments.

ADAudit Plus has helped my organization manage and organize our access control systems by giving us deep insight into everything that goes on in our day by day process.

Among syslogs, I thing Graylog is the best one. The free version allows to do anything you need to collect logs, create dashboard, do searches, download data and receive alert. You can also use Graylog with Grafana for better graphic results. Installing and configuring Graylog is easy, as there is a lot of documentation on internet, you will need a Linux machine. Then you add users (e.g. readers or admins) and configure your inputs (generally syslog udp and beats for sidecar) and then indices and streams, to better direct your flux of logs. Remember to set the way the indices will rotate (e.g. number or log or the index size) and the number. Be sure to have enough disk space. You can collect syslog from windows and linux machines, and from many equipment (switches, firewalls, PBX...). Speaking about Sidecars you should create new collectors configuration to better meet the syslog data you need to collect. You will use WinlogBeat and Filebeat for Windows, and Filebeat for Linux. The Sidecars overview will show you the status of every machine (should be running). In the search section all the data you are collecting is shown; the search line use Lucene Synthax, you can save and load the searches without the need to rewrite them every time, and refine the results. You can configure alerts if some conditions are met and receive them via email. If some system alerts happen, you will see a number next to system/overview section (e.g. the version is old, or there is not enough space to store data). In case of need there are many forums to look at for solutions and/or improvements. You can also add many free plugin. The paid version will offer more features such as the security plugin for a better detection of any kind of threat or anomalies. I must say, it's a great product.

FortiSIEM is one of the standard platform which helps us to collect the logs from all the platform in our environment. We had no challenges while integrating our critical log sources, such as Windows, Linux, Network devices, Databases and so on. It is also a affordable solution for enterprises of all sizes, with implementations and monitoring support.

It is Unified Security Management Anywhere providing many features Threat detection, Incident response, compliance management, vulnerability assessment, asset discovery, file integrity monitoring

The only issue I have ever had with Sumo Logic with price. We can eat up credits very fast. We see that they have a tier now that is unlimited that we might be interested in.

Overall, the support for ELA is great. We've had a few issues arise over the time that we've used the prduct but support has always been able to resolve them. I think the program does exactly what is advertised and creates a great web portal to view logs.

Very flexible and powerful platform for detect and respond of security incidents