Security Information and Event Management (SIEM) Reviews and Ratings

This is one of the best products on the market. Our overall experience is truly amazing. This SIEM product has all the best what logs agregators can do. Scalability is at the highest level, search head performance is one of the fastest. Splunk supports a huge amount of the applications which one can configure with the universal forwarders and deploy on the servers. It is really hard to find anything on the market similar to this platform with that amount of professionalism visible on each aspect of that SIEM system.

LogRhythm SIEM helps our company enrich data with contextual information using pre identified threats and vulnerabilities. It helps us meet regularly requirements and helps streamline audit processes. It has amazing dashboard which shows actionable insights

As a SOC admin at my organization, my overall experience with the QRadar (7.5) has been positive. The platform offers robust threat detection capabilities and comprehensive log management, which are essential for our Security Ops. The user interface is intuitive and user friendly and making it easier to navigate and configure. However, occasional parsing issues and DSM related but can be overcome by customization. QRadar significantly enhanced our ability to monitor and respond to security incidents effectively. Additionally, the support documentation provided are quite helpful in resolving any issues promptly. Overall, QRadar is a reliable and powerful tool for our security needs. Qradar and its easy deployment of EC EP and Console (that is also All-in-one) is widely used in the organizations and in our company which makes the events and flows to fetch easily and smoothly.

Splunk is one of the market leaders in the SIEM segment for a reason. The ability of log ingestion, parsing and analysis is truly exceptional. It has a great user friendly dashboard which helps you in correlating and analyzing different kinds of logs from multiple different tools. The implementation is also simple. The alerting mechanism is impressive too. Overall the features, services, ease of operation, advancement of Splunk make it a top choice for customers in Cyber security and other domains as well.

Trellix Security Manager is an easy to use security software that helps prevent against viruses and threats on emails, applications, etc. It provides easy to read reports and can be used on both computers and smartphones.

Very happy with our overall experience, the onboarding team tried to tailor the process around our needs, the support team has been generally very responsive to our requests, and the product itself has a lot of functionality out-of-the-box, while giving us the capabilities to create very specific and complex use-cases for our organization.

When we first start looking for a product to help with log ingestion, Elastic (ELK Stack) was the only vendor that provided the features we were looking for at a reasonable cost. Ever since then it has been a wonderful experience dealing with the company and the product.

After years of search of a good SIEM and testing some ones, we found LogPoint as a SIEM that our requirements fullfill.

The overall experience with Rapid7 is exceptional. The support & engineering team work efficiently to resolve problems/issues should any arise in a timely manner. The integrations to ingest data from other solutions natively are simple and Rapid7 also supports ingestion of raw data if the integrations exist. Rapid7 also accepts ideas from its customers, and if accepted they plan a roadmap to develop the feature within the product.

The overall experience with the product is great. SolarWinds Security Event Manager is a ready-to-use and affordable solution. Easy to use and simple interface with important information makes it more useful for day to day job

Outstanding product with lots of integrated features to make threat hunting simpler and more exciting for an Analyst. FortiSIEM has the capability to do performance monitoring for the devices through CMDB and if an agent is installed on endpoints or servers, we can do File integrity monitoring as well which is a key feature of FortiSIEM. With the help of the inbuilt UEBA feature in FortiSIEM we can get complete logs of end-user behavior and get more details on the incidents happening in the organization.

Our overall experience with Exabeam Fusion has been brilliant. From threat analysis to custom correlation rules, fusion is more friendly. Also, with the recent AI integration, it has taken a step forward and are one of the first vendors to integrate Gen-AI with SIEM

Started using ArcSight some 12 years back and I must say it has not disappointed me. Being the 1st SIEM solution I have worked on makes it close to my heart. Also, the way the product has evolved over the years and the amount of flexibility it provides is way beyond the expectations of any user using SIEM solutions. The connectors, log ingestion support for a wide variety of log sources, and flexibility of modifying configurations of connector parameters to meet our requirements are a few standout features from an ingestion point of view. The Active channels to search for logs with filters and inline filters are really helpful. Feasibility of creating our own dashboards adds on to better visibility for the SOC room. Now comes the most important feature i.e. correlation. With a powerful correlation engine, the extent to which rules can be created gives me immense satisfaction. Now the rules and arb packages are available in the marketplace which gives a better understanding of use case coverage and help in ensuing that applicable use cases are in place. Be it network modeling or segregating the devices based on Zones, the solution provides 360 views of what is happening the environment and how best it can be protected. Last but not least, the ease with which the custom connectors can be built and tested in this solution is very satisfying. This supports literally all the different log formats and post going through raw logs, custom connector creation, and normalization seems to be a piece of cake. In a nutshell, the number of features ArcSight ESM possessed is something which everyone can keep on learning no matter how long they have worked on this product.

Exceptional products with Cisco backing them. I am very happy with the purchase and would recommend it to colleagues.

The overall experience with ADAudit Plus has been very positive because it allows proactive and responsive monitoring and auditing of changes in the Active Directory environment. It provides valuable insights for network security and regulatory compliance.

Among syslogs, I thing Graylog is the best one. The free version allows to do anything you need to collect logs, create dashboard, do searches, download data and receive alert. You can also use Graylog with Grafana for better graphic results. Installing and configuring Graylog is easy, as there is a lot of documentation on internet, you will need a Linux machine. Then you add users (e.g. readers or admins) and configure your inputs (generally syslog udp and beats for sidecar) and then indices and streams, to better direct your flux of logs. Remember to set the way the indices will rotate (e.g. number or log or the index size) and the number. Be sure to have enough disk space. You can collect syslog from windows and linux machines, and from many equipment (switches, firewalls, PBX...). Speaking about Sidecars you should create new collectors configuration to better meet the syslog data you need to collect. You will use WinlogBeat and Filebeat for Windows, and Filebeat for Linux. The Sidecars overview will show you the status of every machine (should be running). In the search section all the data you are collecting is shown; the search line use Lucene Synthax, you can save and load the searches without the need to rewrite them every time, and refine the results. You can configure alerts if some conditions are met and receive them via email. If some system alerts happen, you will see a number next to system/overview section (e.g. the version is old, or there is not enough space to store data). In case of need there are many forums to look at for solutions and/or improvements. You can also add many free plugin. The paid version will offer more features such as the security plugin for a better detection of any kind of threat or anomalies. I must say, it's a great product.

My overall experience with Sentinel has been extremely positive. This powerful tool has consistently exceeded me and my coworkers expectations. The platform is extremely user friendly, the community is always active, the GitHub repo is always up to date and the training provided by sentinel experts is great. The ease of use, paired with great threat protection and detection capabilities are what I think make this tool an "Industry Standard Tool"

Nice product and great team, enabled all the required features to support our needs, solutions are built for cloud native adoption terraform modules developed and enabled. OTEL tracing is another great opportunity. Close to opensource adoption, SIEM is a great product with up to date algorithms.

It is Unified Security Management Anywhere providing many features Threat detection, Incident response, compliance management, vulnerability assessment, asset discovery, file integrity monitoring

Great experience. Easy to use. Software was affordable, and the general installation was simple. Make sure your system has enough resources though.