We performed a comparison between ArcSight Intelligence and Snare based on real PeerSpot user reviews.
Find out in this report how the two Security Information and Event Management (SIEM) solutions compare in terms of features, pricing, service and support, easy of deployment, and ROI."What is most useful, is that it has a good connection to the Microsoft ecosystem, and I think that's the key part."
"It has basic out-of-the-box integrations with multiple log sources."
"The most valuable feature is the alert notifications, which are categorized by severity levels: informational, low, medium, and high."
"The automation rules and playbooks are the most useful that I've seen. A number of other places segregate the automation and playbook as separate tools, whereas Microsoft is a SIEM and SOAR tool in one."
"Mainly, this is a cloud-native product. So, there are zero concerns about managing the whole infrastructure on-premises."
"The best functionality that you can get from Azure Sentinel is the SOAR capability. So, you can estimate any type of activity, such as when an alert was triggered or an incident was found."
"The AI and ML of Azure Sentinel are valuable. We can use machine learning models at the tenant level and within Office 365 and Microsoft stack. We don't need to depend upon any other connectors. It automatically provisions the native Microsoft products."
"I believe one of the main advantages is Microsoft Sentinel's seamless integration with other Microsoft products."
"The ability to tailor an environment to suit our specific use cases is a major advantage of ArcSight compared to other logging servers such as Splunk."
"The product has a valuable interface."
"We found the correlation engine to be very good. It takes logs from different types of devices and does the correlation in a good way."
"The most valuable feature of ArcSight Intelligence is a single console where the entire dashboard gives all the connected details in a single place."
"The platform helps us improve threat detection capabilities."
"Snare has good agents, especially for Windows."
"The most valuable feature of Snare is flexibility or the ability to filter all things you don't want and don't have security value."
"The best thing about Snare is its format and consistency."
"We'd like also a better ticketing system, which is older."
"We'd like to see more connectors."
"Documentation is the main thing that could be improved. In terms of product usage, the documentation is pretty good, but I'd like a lot more documentation on Kusto Query Language."
"The on-prem log sources still require a lot of development."
"If you're looking to use canned queries, the interface could be a little more straightforward. It's not immediately intuitive regarding how you use it. You have to take a canned query and paste it into an operational box and then you hit a button... They could improve the ease of deploying these queries."
"In terms of features I would like to see in future releases, I'm interested in a few more use cases around automation. I do believe a lot of automation is available, and more is in progress, but that would be my area of interest."
"They only classify alerts into three categories: high, medium, and low. So, from the user's point of view, having another critical category would be awesome."
"Some of the data connectors are outdated, at least the ones that utilize Linux machines for log forwarding. I believe that Microsoft is already working on improving this."
"The dashboard is not user-friendly and is in black and white."
"ArcSight Intelligence's pricing needs improvement."
"We haven't found the product fully scalable."
"ArcSight Intelligence is a bit slower, and its speed should be improved."
"The frequency of the updates that we are getting can be improved because the number and types of incidents that are happening at the global level are far more than what we are receiving. The frequency of updates feeds related to our rules should be increased. There should be more frequent information about the new rules that are coming and the global threats that are happening. There should be better options for dashboard creation. At present, the dashboards are good, but there is scope to make them better."
"Snare should modernize its GUI a little bit."
"Users will initially find it difficult to identify the event types and installation in Snare."
"The solution is now developing a SIEM-like feature on Snare Central Server, but it's not complete yet."
ArcSight Intelligence is ranked 33rd in Security Information and Event Management (SIEM) with 5 reviews while Snare is ranked 37th in Security Information and Event Management (SIEM) with 3 reviews. ArcSight Intelligence is rated 8.0, while Snare is rated 8.0. The top reviewer of ArcSight Intelligence writes "A user-friendly solution that can be used to integrate the logs properly with different connectors". On the other hand, the top reviewer of Snare writes "A highly scalable solution that is easy to manage and super easy to set up". ArcSight Intelligence is most compared with ArcSight Enterprise Security Manager (ESM) and Exabeam Fusion SIEM, whereas Snare is most compared with Splunk Enterprise Security, syslog-ng, SolarWinds Kiwi Syslog Server, LogRhythm SIEM and ArcSight Enterprise Security Manager (ESM). See our ArcSight Intelligence vs. Snare report.
See our list of best Security Information and Event Management (SIEM) vendors.
We monitor all Security Information and Event Management (SIEM) reviews to prevent fraudulent reviews and keep review quality high. We do not post reviews by company employees or direct competitors. We validate each review for authenticity via cross-reference with LinkedIn, and personal follow-up with the reviewer when necessary.