The solution helps us with the governance of attacks. We use the solution for threat identification and governance. The solution's use cases depend on the logs we ship to them because we ship all the logs of different products.
The easiest route - we'll conduct a 15 minute phone interview and write up the review for you.
Use our online form to submit your review. It's quick and you can post anonymously.
The solution helps us with the governance of attacks. We use the solution for threat identification and governance. The solution's use cases depend on the logs we ship to them because we ship all the logs of different products.
The solution's most valuable feature is Splunk queries, which allow us to query the logs and analyze the attack vectors. Splunk User Behavior Analytics is an easy-to-use tool.
Sometimes, we need to write explicit queries. It would be good if the solution had an analytics tool that allowed us to analyze the data without writing specific queries. The solution's user interface is not that good and could be improved.
I have been using Splunk User Behavior Analytics for three to four years.
I rate the solution an eight out of ten for stability.
Splunk User Behavior Analytics is a scalable solution.
The solution’s initial setup is complex.
The solution can be deployed in a couple of minutes.
We are using the latest version of Splunk User Behavior Analytics. Using the solution was difficult initially, but now it's okay. Users should not ship all logs because storing and manipulating the data is very expensive.
Overall, I rate Splunk User Behavior Analytics a seven out of ten.
One of the most valuable features of ArcSight Intelligence is its ease of use. This is not just one functionality; multiple aspects contribute to it. For instance, it's easy to write rules, and as you do so, the rules get populated automatically, making it simple to understand the commands.
The product could be improved in several areas; it currently requires significant enhancement. Compared to QRadar and Splunk, ArcSight Intelligence falls behind, placing it as the third choice among these software options.
We have been using ArcSight Intelligence for two and a half years.
We haven't found the product fully scalable. The scalability depends on the support resources provided by the partner.
The technical support team is capable of resolving issues. However, sometimes, their feedback is not sufficient to solve the problem.
Positive
I prefer Splunk because it offers more functionality and intelligence than ArcSight Intelligence.
Deployment took about a month to complete, but the final fine-tuning took longer, spanning several months. Each server and network device had different requirements, which prolonged the process. It eventually got settled in three months, approximately 90 days.
They offer perpetual licenses for the product.
We integrated this tool with our security infrastructure. We installed it on a Linux server, where we have a Logger and ESM installed. With the Linux server as the hub, we manage all the configurations and rules, including those for email triggers. The logs are routed through a connector to the Logger, allowing us to monitor our infrastructure effectively.
The platform helps us improve threat detection capabilities. I recommend it to others and rate it a seven out of ten.