We performed a comparison between ArcSight Enterprise Security Manager (ESM) and Logz.io based on real PeerSpot user reviews.
Find out in this report how the two Security Information and Event Management (SIEM) solutions compare in terms of features, pricing, service and support, easy of deployment, and ROI."It is able to connect to an ever-growing number of platforms and systems within the Microsoft ecosystem, such as Azure Active Directory and Microsoft 365 or Office 365, as well as to external services and systems that can be brought in and managed. We can manage on-premises infrastructure. We can manage not just the things that are running in Azure in the public cloud, but through Azure Arc and the hybrid capabilities, we can monitor on-premises servers and endpoints. We can monitor VMware infrastructure, for instance, running as part of a hybrid environment."
"Previously, it was a little bit difficult to find where an incident came from, including which IP address and which country. So in Sentinel, it's very easy to find where the incident came from since we can easily get the information from the dashboard, after which we take action quickly."
"We have no complaints about the features or functionality."
"Sentinel is a SIEM and SOAR tool, so its automation is the best feature; we can reduce human interaction, freeing up our human resources."
"The UI-based analytics are excellent."
"The most valuable features in my experience are the UEBA, LDAP, the threat scheduler, and integration with third-party straight perform like the MISP."
"One of the most valuable features of Microsoft Sentinel is that it's cloud-based."
"The best feature is that onboarding to the SIM solution is quite easy. If you are using cloud-based solutions, it's just a few clicks to migrate it."
"The feature that I have found the most useful is that it can be deployed to the cloud."
"I would rate the ease of use for new users an eight out of ten, with ten being easy to use. It is a good tool."
"We have been satisfied with the support."
"ArcSight ESM provides us the flexibility to write our own passwords and customize the solution. It lets us search and log a variety of SmartConnectors. It has 480-plus SmartConnectors."
"The webpage algorithm is the most valuable feature because it was the fastest feature for searching the logs, events, and correlation."
"The tool sends an automated mail to all the operators, which makes it easy to share the information and reporting."
"It is a vital tool for live monitoring and helps us to understand the traffic alerts of any major issue on the network, thereby reducing hacking attempts."
"The reports that we are from getting from ArcSight are very valuable. The reporting in ArcSight is good. Our regulators ask us for the reports on a regular basis, and we have been able to provide the required data. Its overall functionality in terms of log analysis and the speed at which it does that is also valuable. It is very quick. Whatever alerts we had configured were extremely fast. We immediately get alerts when there is unauthorized access or unknown access, or even positive access. This is where we found the difference between ArcSight and other solutions."
"InsightOne is the main reason why we use LogMeIn. This is mostly because of log data that we are pushing tools and logs in general."
"The tool is simple to setup where it is just plug and play. The tool is reliable and we never had any performance issues."
"It is massively useful and great for testing. We can just go, find logs, and attach them easily. It has a very quick lookup. Whereas, before we would have to go, dig around, and find the server that the logs were connected to, then go to the server, download the log, and attach it. Now, we can just go straight to this solution, type in the log ID and server ID, and obtain the information that we want."
"We use the product for log collection and monitoring."
"The query mechanism for response codes and application health is valuable."
"The visualizations in Kibana are the most valuable feature. It's much more convenient to have a visualization of logs. We can see status really clearly and very fast, with just a couple of clicks."
"We use the tool to track the dev and production environment."
"The other nice thing about Logz.io is their team. When it comes to onboarding, their support is incredibly proactive. They bring the brand experience from a customer services perspective because their team is always there to help you refine filters and tweak dashboards. That is really a useful thing to have. Their engagement is really supportive."
"We'd like to see more connectors."
"Currently, the watchlist feature is being utilized, and although there have been improvements, it is still not fully optimized."
"Documentation is the main thing that could be improved. In terms of product usage, the documentation is pretty good, but I'd like a lot more documentation on Kusto Query Language."
"The only thing is sometimes you can have a false positive."
"Only one thing is missing: NDR is not available out-of-the-box. The competitive cloud-native SIEM providers have the NDR component. Currently, Sentinel needs NDR to be powered from either Corelight or some other NDR provider."
"One key area that can be improved is by building a strong integration with our XDR platform."
"Microsoft Defender has a built-in threat expert option that enables you to contact an expert. That feature isn't available in Sentinel because it's a huge product that integrates all the technologies. I would like Microsoft to add the threat expert option so we can contact them. There are a few other features, like threat assessment that the PG team is working on. I expect them to release this feature in the next quarter."
"There is a wider thing called Jupyter Notebooks, which is around the automation side of things. It would be good if there are playbooks that you can utilize without having to have the developer experience to do it in-house. Microsoft could provide more playbooks or more Jupyter Notebooks around MITRE ATT&CK Framework."
"The weakness in this system comes about because, with so many different logs, it is possible that the security analyst will lose information."
"The customer experience could be improved."
"They also could improve the product by integrating user and identity behavior analytics."
"The stability isn't quite perfect. We occasionally run into problems."
"HPE ArcSight has a quite steep learning curve."
"ArcSight ESM could improve the alerts for the storage capacities or actions."
"The biggest requirement is that there is no cloud solution for this product yet. They need to create a cloud version. It's the biggest thing they can do to make the solution better."
"ArcSight is incredibly complex when configuring and deploying, and if your organization doesn't know what they want and what they need, ArcSight will be a challenge for them."
"The solution needs to expand its access control and make it accessible through API."
"When it comes to reducing our troubleshooting time, it depends. When there are no bugs in Logz.io, it reduces troubleshooting by 5 to 10 percent. When there are bugs, it increases our troubleshooting time by 200 percent or more."
"I would like them to improve how they manage releases. Some of our integrations integrate specifically with set versions. Logz.io occasionally releases an update that might break that integration. On one occasion, we found out a little bit too late, then we had to roll it back."
"The price can be cheaper and they should have better monitoring."
"Capacity planning could be a little bit of a struggle."
"The solution needs to improve its data retention. It should be greater than seven days. The product needs to improve its documentation as well."
"The product needs improvement from a filtering perspective."
"I would like granularity on alerting so we can get tentative alerts and major alerts, then break it down between the two."
More ArcSight Enterprise Security Manager (ESM) Pricing and Cost Advice →
ArcSight Enterprise Security Manager (ESM) is ranked 12th in Security Information and Event Management (SIEM) with 93 reviews while Logz.io is ranked 27th in Security Information and Event Management (SIEM) with 8 reviews. ArcSight Enterprise Security Manager (ESM) is rated 7.8, while Logz.io is rated 8.2. The top reviewer of ArcSight Enterprise Security Manager (ESM) writes "Allows for monitoring logs according to industry standards within ESM but has a total capacity capped at 12 TB, limiting real-time data retention periods". On the other hand, the top reviewer of Logz.io writes "The solution is a consistent logging platform that provides excellent query mechanisms". ArcSight Enterprise Security Manager (ESM) is most compared with Splunk Enterprise Security, ArcSight Intelligence, Trellix ESM, IBM Security QRadar and Wazuh, whereas Logz.io is most compared with Datadog, Wazuh, Coralogix, Splunk Enterprise Security and ManageEngine File Audit Plus. See our ArcSight Enterprise Security Manager (ESM) vs. Logz.io report.
See our list of best Security Information and Event Management (SIEM) vendors.
We monitor all Security Information and Event Management (SIEM) reviews to prevent fraudulent reviews and keep review quality high. We do not post reviews by company employees or direct competitors. We validate each review for authenticity via cross-reference with LinkedIn, and personal follow-up with the reviewer when necessary.
