Security Information and Event Management (SIEM) Reviews and Ratings

What is Security Information and Event Management (SIEM)?

SIEM is a configurable security system of record that aggregates and analyzes security event data from on-premises and cloud environments. SIEM assists with response actions to mitigate issues that cause harm to the organization and satisfy compliance and reporting requirements. The security information and event management (SIEM) system must assist with: 1. Aggregating and normalizing data from various IT and operational technology (OT) environments 2. Identifying and investigating security events of interest 3. Supporting manual and automated response actions 4. Maintaining and reporting on current and historical security events

Products In Security Information and Event Management (SIEM) Category

"SIEM Product Breakthrough: Unparalleled Scalability and Performance"

This is one of the best products on the market. Our overall experience is truly amazing. This SIEM product has all the best what logs agregators can do. Scalability is at the highest level, search head performance is one of the fastest. Splunk supports a huge amount of the applications which one can configure with the universal forwarders and deploy on the servers. It is really hard to find anything on the market similar to this platform with that amount of professionalism visible on each aspect of that SIEM system.

Read reviews

"LogRhythm SIEM review "

LogRhythm SIEM helps our company enrich data with contextual information using pre identified threats and vulnerabilities. It helps us meet regularly requirements and helps streamline audit processes. It has amazing dashboard which shows actionable insights

Read reviews

"Unveiling QRadar's Impact on Security Operations"

As a SOC admin at my organization, my overall experience with the QRadar (7.5) has been positive. The platform offers robust threat detection capabilities and comprehensive log management, which are essential for our Security Ops. The user interface is intuitive and user friendly and making it easier to navigate and configure. However, occasional parsing issues and DSM related but can be overcome by customization. QRadar significantly enhanced our ability to monitor and respond to security incidents effectively. Additionally, the support documentation provided are quite helpful in resolving any issues promptly. Overall, QRadar is a reliable and powerful tool for our security needs. Qradar and its easy deployment of EC EP and Console (that is also All-in-one) is widely used in the organizations and in our company which makes the events and flows to fetch easily and smoothly.

Read reviews

"Splunk: The Market Leader Shaping the Landscape of SIEM Segment"

Splunk is one of the market leaders in the SIEM segment for a reason. The ability of log ingestion, parsing and analysis is truly exceptional. It has a great user friendly dashboard which helps you in correlating and analyzing different kinds of logs from multiple different tools. The implementation is also simple. The alerting mechanism is impressive too. Overall the features, services, ease of operation, advancement of Splunk make it a top choice for customers in Cyber security and other domains as well.

Read reviews

"Trellix Security Solution"

Trellix Security Manager is an easy to use security software that helps prevent against viruses and threats on emails, applications, etc. It provides easy to read reports and can be used on both computers and smartphones.

Read reviews

"Complex Use-Cases Made Easy With High Functionality Product"

Very happy with our overall experience, the onboarding team tried to tailor the process around our needs, the support team has been generally very responsive to our requests, and the product itself has a lot of functionality out-of-the-box, while giving us the capabilities to create very specific and complex use-cases for our organization.

Read reviews

"Taming Complexities of Log Ingestion with Elastic (ELK Stack)"

When we first start looking for a product to help with log ingestion, Elastic (ELK Stack) was the only vendor that provided the features we were looking for at a reasonable cost. Ever since then it has been a wonderful experience dealing with the company and the product.

Read reviews

"Easy to use, powerful configuration and reporting possibilities "

After years of search of a good SIEM and testing some ones, we found LogPoint as a SIEM that our requirements fullfill.

Read reviews

"Rapid7: Next-Gen Powerhouse Adapting to New Security Attacks with Sophisticated Measures"

The overall experience with Rapid7 is exceptional. The support & engineering team work efficiently to resolve problems/issues should any arise in a timely manner. The integrations to ingest data from other solutions natively are simple and Rapid7 also supports ingestion of raw data if the integrations exist. Rapid7 also accepts ideas from its customers, and if accepted they plan a roadmap to develop the feature within the product.

Read reviews

"SolarWinds Security Event Manager: An Affordable, Easy-to-Use Solution"

The overall experience with the product is great. SolarWinds Security Event Manager is a ready-to-use and affordable solution. Easy to use and simple interface with important information makes it more useful for day to day job

Read reviews

"Unpacking the Integrated Capabilities of FortiSIEM for Efficient Incident Reporting..."

Outstanding product with lots of integrated features to make threat hunting simpler and more exciting for an Analyst. FortiSIEM has the capability to do performance monitoring for the devices through CMDB and if an agent is installed on endpoints or servers, we can do File integrity monitoring as well which is a key feature of FortiSIEM. With the help of the inbuilt UEBA feature in FortiSIEM we can get complete logs of end-user behavior and get more details on the incidents happening in the organization.

Read reviews

"Exabeam Fusion: Redefining SIEM with Gen-AI Integration"

Our overall experience with Exabeam Fusion has been brilliant. From threat analysis to custom correlation rules, fusion is more friendly. Also, with the recent AI integration, it has taken a step forward and are one of the first vendors to integrate Gen-AI with SIEM

Read reviews

"12-Year Journey with ArcSight: A Comprehensive Evaluation"

Started using ArcSight some 12 years back and I must say it has not disappointed me. Being the 1st SIEM solution I have worked on makes it close to my heart. Also, the way the product has evolved over the years and the amount of flexibility it provides is way beyond the expectations of any user using SIEM solutions. The connectors, log ingestion support for a wide variety of log sources, and flexibility of modifying configurations of connector parameters to meet our requirements are a few standout features from an ingestion point of view. The Active channels to search for logs with filters and inline filters are really helpful. Feasibility of creating our own dashboards adds on to better visibility for the SOC room. Now comes the most important feature i.e. correlation. With a powerful correlation engine, the extent to which rules can be created gives me immense satisfaction. Now the rules and arb packages are available in the marketplace which gives a better understanding of use case coverage and help in ensuing that applicable use cases are in place. Be it network modeling or segregating the devices based on Zones, the solution provides 360 views of what is happening the environment and how best it can be protected. Last but not least, the ease with which the custom connectors can be built and tested in this solution is very satisfying. This supports literally all the different log formats and post going through raw logs, custom connector creation, and normalization seems to be a piece of cake. In a nutshell, the number of features ArcSight ESM possessed is something which everyone can keep on learning no matter how long they have worked on this product.

Read reviews

"Exploring Splunk: The Integral Player in Cybersecurity"

As a cybersecurity professional, Splunk has been invaluable being one of the top SIEM tools on the market. Very intuitive, easy to analyze, and my job wouldn't be possible without it.

Read reviews

"ADAudit Plus - My Single Most Used Support Tool"

All too often these days I feel that any of our vendors who are true giants in the IT world just look at anything below a mega-corporation as small potato not worth a great deal of their time and you often end up in a take it or leave it situation with them. This has not been my experience with Manage Engine. Working with them is like working with a smaller company who still has the personal touch. Reaching someone in their support group when I need is fast and easy, they go out of their way to accommodate customization requests, and have really been responsive to everything I have ever needed. They are simply my favorite vendor to work with as I know I will get the support and assistance I need every time.

Read reviews

"Why would you NOT use Graylog?"

It's easy to figure this out and has a very nice interface! Has a lot of nice features for both those that like to dig into the logs and for management to view dashboards.

Read reviews

"Exceeding Expectations with Sentinel in Cybersecurity Management"

My overall experience with Sentinel has been extremely positive. This powerful tool has consistently exceeded me and my coworkers expectations. The platform is extremely user friendly, the community is always active, the GitHub repo is always up to date and the training provided by sentinel experts is great. The ease of use, paired with great threat protection and detection capabilities are what I think make this tool an "Industry Standard Tool"

Read reviews

"Versatile Product Offers Lightning Fast Searches and Helpful Sales Team"

Outstanding product and extremely good Sales Engineering team.

Read reviews

"Unified Security Management with capability to most of security needs"

It is Unified Security Management Anywhere providing many features Threat detection, Incident response, compliance management, vulnerability assessment, asset discovery, file integrity monitoring

Read reviews

"Navigating the Ease and Hitches of Product Setup"

Great experience. Easy to use. Software was affordable, and the general installation was simple. Make sure your system has enough resources though.

Read reviews
Products 1 - 20

Frequently Asked Questions

helpWhat does a Security Information and Event Management (SIEM) tool do?

A SIEM tool is used by security and risk management leaders to support the needs of attack detection, investigation, response, and compliance solutions by:

  • Collecting security event logs and telemetry in real-time for threat detection and compliance use cases.

  • Analyzing telemetry in real-time and over time to detect attacks and other activities of interest.

  • Investigating incidents to determine their potential severity and impact on a business.

  • Producing reports on these activities.

  • Storing relevant events and logs.


helpWhat are the core functions of SIEM technologies?

SIEM technologies provide core SIM (Security Information Management) and SEM (Security Event Management) functions, along with a variety of advanced features and complementary solutions and capabilities. Some examples of core functions are:

  • Data aggregation: Collect security event logs and telemetry in real-time for threat detection and compliance use cases.

  • Real-time analysis of events for security monitoring, advanced analysis of user and entity behaviors, querying, and long-range analytics for historical analysis.

  • Support for incident investigation and management.

  • Reporting (for example, for compliance requirements).


helpHow does SIEM technology work?

SIEM technology collects and analyzes event logs produced by networks, devices, systems, and applications. The primary data source has been time-series-based log data, but there are also advanced SIEM solutions that monitor logs in real-time and use other types of data (e.g Active Directory [AD], configuration management database [CMDB], vulnerability management data, HR information, and threat intelligence) to add context about users, IT assets, data, applications, threats, and vulnerabilities.


helpWhat are SIEM alternatives?

The cost of purchasing and deploying SIEM products has led organizations to explore other security analytics technologies and alternative approaches to detect and respond to attacks. These alternatives include:

  • Event collection and analytics platforms: Event collection and analytics products can offer both SIEM and nonsecurity use cases, while they may also provide easier cost allocation methods. Full capabilities of a SIEM product may not be available though.

  • Extended detection and response products: Extended detection and response platforms offer automated hands-off capabilities within the products to organizations who are willing to commit to vendor-defined and vendor-managed threat detection and response solutions.

  • Managed detection and response services: Providers of managed detection and response services investigate, validate, and respond to security events, rather than escalate them to the customers.


helpWhat do Peer Insights reviewers recommend to implement SIEM solutions?

Peer Insights reviewers share their experiences with implementing SIEM solutions and highlight what advice they would give to other prospective customers. Below are some of the top recommendations:

  • Conduct a requirements analysis for a SIEM Solution and obtain executive sponsorship.

  • Analyze use cases and licenses based on SIEM requirements and evaluate multiple vendors via exhaustive POCs.

  • Structure the organization’s data and create a SIEM architecture before integration.

  • Augment the implementation by soliciting vendor assistance, and dedicate internal teams to drive adoption.

  • Cultivate SIEM skills by investing in training sessions for end-users.