SIEM is a configurable security system of record that aggregates and analyzes security event data from on-premises and cloud environments. SIEM assists with response actions to mitigate issues that cause harm to the organization and satisfy compliance and reporting requirements. The security information and event management (SIEM) system must assist with: 1. Aggregating and normalizing data from various IT and operational technology (OT) environments 2. Identifying and investigating security events of interest 3. Supporting manual and automated response actions 4. Maintaining and reporting on current and historical security events
"SIEM Product Breakthrough: Unparalleled Scalability and Performance"
This is one of the best products on the market. Our overall experience is truly amazing. This SIEM product has all the best what logs agregators can do. Scalability is at the highest level, search head performance is one of the fastest. Splunk supports a huge amount of the applications which one can configure with the universal forwarders and deploy on the servers. It is really hard to find anything on the market similar to this platform with that amount of professionalism visible on each aspect of that SIEM system.
"LogRhythm SIEM review "
LogRhythm SIEM helps our company enrich data with contextual information using pre identified threats and vulnerabilities. It helps us meet regularly requirements and helps streamline audit processes. It has amazing dashboard which shows actionable insights
"Unveiling QRadar's Impact on Security Operations"
As a SOC admin at my organization, my overall experience with the QRadar (7.5) has been positive. The platform offers robust threat detection capabilities and comprehensive log management, which are essential for our Security Ops. The user interface is intuitive and user friendly and making it easier to navigate and configure. However, occasional parsing issues and DSM related but can be overcome by customization. QRadar significantly enhanced our ability to monitor and respond to security incidents effectively. Additionally, the support documentation provided are quite helpful in resolving any issues promptly. Overall, QRadar is a reliable and powerful tool for our security needs. Qradar and its easy deployment of EC EP and Console (that is also All-in-one) is widely used in the organizations and in our company which makes the events and flows to fetch easily and smoothly.
"Splunk: The Market Leader Shaping the Landscape of SIEM Segment"
Splunk is one of the market leaders in the SIEM segment for a reason. The ability of log ingestion, parsing and analysis is truly exceptional. It has a great user friendly dashboard which helps you in correlating and analyzing different kinds of logs from multiple different tools. The implementation is also simple. The alerting mechanism is impressive too. Overall the features, services, ease of operation, advancement of Splunk make it a top choice for customers in Cyber security and other domains as well.
"Trellix Security Solution"
Trellix Security Manager is an easy to use security software that helps prevent against viruses and threats on emails, applications, etc. It provides easy to read reports and can be used on both computers and smartphones.
"Complex Use-Cases Made Easy With High Functionality Product"
Very happy with our overall experience, the onboarding team tried to tailor the process around our needs, the support team has been generally very responsive to our requests, and the product itself has a lot of functionality out-of-the-box, while giving us the capabilities to create very specific and complex use-cases for our organization.
"Taming Complexities of Log Ingestion with Elastic (ELK Stack)"
When we first start looking for a product to help with log ingestion, Elastic (ELK Stack) was the only vendor that provided the features we were looking for at a reasonable cost. Ever since then it has been a wonderful experience dealing with the company and the product.
"Easy to use, powerful configuration and reporting possibilities "
After years of search of a good SIEM and testing some ones, we found LogPoint as a SIEM that our requirements fullfill.
"Rapid7: Next-Gen Powerhouse Adapting to New Security Attacks with Sophisticated Measures"
The overall experience with Rapid7 is exceptional. The support & engineering team work efficiently to resolve problems/issues should any arise in a timely manner. The integrations to ingest data from other solutions natively are simple and Rapid7 also supports ingestion of raw data if the integrations exist. Rapid7 also accepts ideas from its customers, and if accepted they plan a roadmap to develop the feature within the product.
"SolarWinds Security Event Manager: An Affordable, Easy-to-Use Solution"
The overall experience with the product is great. SolarWinds Security Event Manager is a ready-to-use and affordable solution. Easy to use and simple interface with important information makes it more useful for day to day job
"Unpacking the Integrated Capabilities of FortiSIEM for Efficient Incident Reporting..."
Outstanding product with lots of integrated features to make threat hunting simpler and more exciting for an Analyst. FortiSIEM has the capability to do performance monitoring for the devices through CMDB and if an agent is installed on endpoints or servers, we can do File integrity monitoring as well which is a key feature of FortiSIEM. With the help of the inbuilt UEBA feature in FortiSIEM we can get complete logs of end-user behavior and get more details on the incidents happening in the organization.
"Exabeam Fusion: Redefining SIEM with Gen-AI Integration"
Our overall experience with Exabeam Fusion has been brilliant. From threat analysis to custom correlation rules, fusion is more friendly. Also, with the recent AI integration, it has taken a step forward and are one of the first vendors to integrate Gen-AI with SIEM
"12-Year Journey with ArcSight: A Comprehensive Evaluation"
Started using ArcSight some 12 years back and I must say it has not disappointed me. Being the 1st SIEM solution I have worked on makes it close to my heart. Also, the way the product has evolved over the years and the amount of flexibility it provides is way beyond the expectations of any user using SIEM solutions. The connectors, log ingestion support for a wide variety of log sources, and flexibility of modifying configurations of connector parameters to meet our requirements are a few standout features from an ingestion point of view. The Active channels to search for logs with filters and inline filters are really helpful. Feasibility of creating our own dashboards adds on to better visibility for the SOC room. Now comes the most important feature i.e. correlation. With a powerful correlation engine, the extent to which rules can be created gives me immense satisfaction. Now the rules and arb packages are available in the marketplace which gives a better understanding of use case coverage and help in ensuing that applicable use cases are in place. Be it network modeling or segregating the devices based on Zones, the solution provides 360 views of what is happening the environment and how best it can be protected. Last but not least, the ease with which the custom connectors can be built and tested in this solution is very satisfying. This supports literally all the different log formats and post going through raw logs, custom connector creation, and normalization seems to be a piece of cake. In a nutshell, the number of features ArcSight ESM possessed is something which everyone can keep on learning no matter how long they have worked on this product.
"Cisco's Outstanding Products: A Journey of Satisfaction"
Exceptional products with Cisco backing them. I am very happy with the purchase and would recommend it to colleagues.
"ADAudit Plus: Enhancing Network Security and Regulatory Compliance"
The overall experience with ADAudit Plus has been very positive because it allows proactive and responsive monitoring and auditing of changes in the Active Directory environment. It provides valuable insights for network security and regulatory compliance.
"Graylog is the best syslog"
Among syslogs, I thing Graylog is the best one. The free version allows to do anything you need to collect logs, create dashboard, do searches, download data and receive alert. You can also use Graylog with Grafana for better graphic results. Installing and configuring Graylog is easy, as there is a lot of documentation on internet, you will need a Linux machine. Then you add users (e.g. readers or admins) and configure your inputs (generally syslog udp and beats for sidecar) and then indices and streams, to better direct your flux of logs. Remember to set the way the indices will rotate (e.g. number or log or the index size) and the number. Be sure to have enough disk space. You can collect syslog from windows and linux machines, and from many equipment (switches, firewalls, PBX...). Speaking about Sidecars you should create new collectors configuration to better meet the syslog data you need to collect. You will use WinlogBeat and Filebeat for Windows, and Filebeat for Linux. The Sidecars overview will show you the status of every machine (should be running). In the search section all the data you are collecting is shown; the search line use Lucene Synthax, you can save and load the searches without the need to rewrite them every time, and refine the results. You can configure alerts if some conditions are met and receive them via email. If some system alerts happen, you will see a number next to system/overview section (e.g. the version is old, or there is not enough space to store data). In case of need there are many forums to look at for solutions and/or improvements. You can also add many free plugin. The paid version will offer more features such as the security plugin for a better detection of any kind of threat or anomalies. I must say, it's a great product.
"Exceeding Expectations with Sentinel in Cybersecurity Management"
My overall experience with Sentinel has been extremely positive. This powerful tool has consistently exceeded me and my coworkers expectations. The platform is extremely user friendly, the community is always active, the GitHub repo is always up to date and the training provided by sentinel experts is great. The ease of use, paired with great threat protection and detection capabilities are what I think make this tool an "Industry Standard Tool"
"Empowering Cloud Native Adoption with Terraform Modules"
Nice product and great team, enabled all the required features to support our needs, solutions are built for cloud native adoption terraform modules developed and enabled. OTEL tracing is another great opportunity. Close to opensource adoption, SIEM is a great product with up to date algorithms.
"Unified Security Management with capability to most of security needs"
It is Unified Security Management Anywhere providing many features Threat detection, Incident response, compliance management, vulnerability assessment, asset discovery, file integrity monitoring
"Navigating the Ease and Hitches of Product Setup"
Great experience. Easy to use. Software was affordable, and the general installation was simple. Make sure your system has enough resources though.
A SIEM tool is used by security and risk management leaders to support the needs of attack detection, investigation, response, and compliance solutions by:
Collecting security event logs and telemetry in real-time for threat detection and compliance use cases.
Analyzing telemetry in real-time and over time to detect attacks and other activities of interest.
Investigating incidents to determine their potential severity and impact on a business.
Producing reports on these activities.
Storing relevant events and logs.
SIEM technologies provide core SIM (Security Information Management) and SEM (Security Event Management) functions, along with a variety of advanced features and complementary solutions and capabilities. Some examples of core functions are:
Data aggregation: Collect security event logs and telemetry in real-time for threat detection and compliance use cases.
Real-time analysis of events for security monitoring, advanced analysis of user and entity behaviors, querying, and long-range analytics for historical analysis.
Support for incident investigation and management.
Reporting (for example, for compliance requirements).
SIEM technology collects and analyzes event logs produced by networks, devices, systems, and applications. The primary data source has been time-series-based log data, but there are also advanced SIEM solutions that monitor logs in real-time and use other types of data (e.g Active Directory [AD], configuration management database [CMDB], vulnerability management data, HR information, and threat intelligence) to add context about users, IT assets, data, applications, threats, and vulnerabilities.
The cost of purchasing and deploying SIEM products has led organizations to explore other security analytics technologies and alternative approaches to detect and respond to attacks. These alternatives include:
Event collection and analytics platforms: Event collection and analytics products can offer both SIEM and nonsecurity use cases, while they may also provide easier cost allocation methods. Full capabilities of a SIEM product may not be available though.
Extended detection and response products: Extended detection and response platforms offer automated hands-off capabilities within the products to organizations who are willing to commit to vendor-defined and vendor-managed threat detection and response solutions.
Managed detection and response services: Providers of managed detection and response services investigate, validate, and respond to security events, rather than escalate them to the customers.
Peer Insights reviewers share their experiences with implementing SIEM solutions and highlight what advice they would give to other prospective customers. Below are some of the top recommendations:
Conduct a requirements analysis for a SIEM Solution and obtain executive sponsorship.
Analyze use cases and licenses based on SIEM requirements and evaluate multiple vendors via exhaustive POCs.
Structure the organization’s data and create a SIEM architecture before integration.
Augment the implementation by soliciting vendor assistance, and dedicate internal teams to drive adoption.
Cultivate SIEM skills by investing in training sessions for end-users.