We performed a comparison between ArcSight Logger, IBM Security QRadar, and Splunk Enterprise Security based on real PeerSpot user reviews.
Find out what your peers are saying about Splunk, Wazuh, Datadog and others in Log Management."It is one of the best products available in the market."
"The ability to customize the solution in great detail is its most valuable features. We can customize the use cases and also have the ability to do scripting. We can personalize our dashboard as well. The scalability the solution offers is quite impressive."
"We check a lot of logs in ArcSight Logger because we're running a massive database platform."
"The machine learning is a good feature."
"The most valuable feature is the level of detail that you can see about certain events, even when they do not come up in the console."
"The most valuable feature is the search capability, which is simple to use."
"We haven't had any crashes or bugs. It is stable."
"The ESM use cases are the most valuable. It enables us to use the big data collection inside our company. We are able to create use cases for whatever it suits and I find that the most interesting part of any SIEM solution."
"It's quite scalable. We have upgraded some solutions from 1000 APS up to 3500 APS to 5000 APS. It's a good solution, they have no scalability issues."
"Senses, tracks, and links significant incidents and threats."
"The features that I have found most valuable are that it is very stable, easy to get going, and easy to manage. It is also easy to review all incidents."
"Provided that the report is prebuilt and I can find what I am looking for, the reporting is the most valuable feature in this solution."
"It allows us to search data both on-premises and on the cloud."
"Search capabilities are sufficient for most tasks."
"The most valuable feature is user behavior analytics (UBA)."
"Technical support is good overall."
"The varied prebuilt feature is the most valuable because it ensures that we have complete coverage over all of the key questions."
"I like Splunk's data aggregation and search capabilities."
"The ability to manipulate data in Splunk is unparalleled. Splunk’s powerful, flexible query language can morph difficult to understand log formats into usable data."
"It is very scalable."
"It is very simple to tweak or write a small piece of glue code to go ahead and create a new dashboard for a business unit to make near real-time decisions to focus more on other geographies when launching the product."
"The flexibility of the solution is quite good."
"Its dashboard is valuable. If you have a good knowledge of how to create a dashboard, you can create any dashboard related to cybersecurity. If fine-tuned, the alarms that are triggered for instant review are also very valuable and useful."
"The client site login is pretty extensible and probably cost-effective."
"The solution could be improved in maintenance settings."
"It's not a new product and is a bit complex. So, it requires a person dedicated to working on it and to know about it in and out. It is a huge product, and the search operation is a bit complicated for a new user or someone who has not used it for long. So for that person, it becomes a bit difficult."
"The solution should make it possible to integrate network analysis features."
"The next release should have AI capabilities."
"It is really difficult to work in ArcSight Logger, as it is very slow."
"The console in older versions is not user-friendly."
"The integration with other systems could be improved."
"Using the ArcSight Logger dashboard is not particularly intuitive or efficient, so it is important to be trained in its use."
"QRadar UBA only keeps the data for a short while (it's refreshed every five minutes) and would be improved if this were extended to a week or month."
"If you have too many events that occur, then the storage capacity becomes a problem. You need to have more storage."
"Technical support really needs to be improved. Right now, they aren't where they need to be at all."
"Pricing model could be more cost-effective."
"The solution is expensive compared to other products."
"It would be good if the program allowed certain profiles to only see certain customer information."
"IBM Security QRadar lacks automated response. With this feature, there's no need to visit VirusTotal or other sites for IP reputation. There should be a small plug-in where users can click to retrieve details about the reputation and organization of public IP."
"What needs to be improved in IBM QRadar User Behavior Analytics is the user experience. It's not optimal. Some screens are a bit clunky. The solution needs to be more user-friendly."
"Splunk could be improved by reducing the cost. The cost is one of the biggest challenges for us in keeping to our production requirements."
"The solution could improve by giving more email details."
"There are limitations with Splunk not detecting all user activity, especially on mainframes and network devices."
"In terms of the interface, it could include some improvements for the look and feel."
"The product was designed for security and IT with business intelligence needs, such as PDF exporting, but this has not been the highest priority. While the functionality is there, it could be developed more."
"It will be helpful for customers if they can create some real-world cases, and we can find a case study to align with. I know that Splunk has tremendous potential. We only include a tiny piece of it. There is a lot of stuff that we need to learn. If Splunk can provide more real-time examples, that will be helpful for customers."
"We had an instance when Splunk failed and it took us a couple of days to recover."
"Its setup is a little bit complex for a distributed environment. Their support can also be better. If we miss the response for more than a week, they usually close the case. Sometimes, it can take us more than a week to reply."