We performed a comparison between ArcSight Logger, LogRhythm SIEM, and Splunk Enterprise Security based on real PeerSpot user reviews.
Find out what your peers are saying about Splunk, Wazuh, Datadog and others in Log Management."The ability to customize the solution in great detail is its most valuable features. We can customize the use cases and also have the ability to do scripting. We can personalize our dashboard as well. The scalability the solution offers is quite impressive."
"It's a brilliant log collection tool, and it can handle hundreds of thousands of servers in a single shot to ingest the data."
"We have a trigger. So, Logger automatically blocks these IP addresses. We could have Logger put them on a blacklist."
"It's an efficient solution."
"The log digestion features from threat intelligence platforms like Recorded Future or Talos are valuable."
"We haven't had any crashes or bugs. It is stable."
"It provides in-depth information on business activities once we log into the system."
"In our country we are a little bit private in terms of solutions, so we are just starting to use the basic data capture. Now some users can start to use additional features that come with Micro Focus ArcSight like user behavior analytics for investigating."
"The dashboards in the LogRhythm SIEM really help us as a starting point. It gives us a starting point we can go to every day. We walk through several dashboards to see anomalous activity for further investigation."
"Its ability to work with all different sorts of log sources has been extremely valuable."
"LogRhythm NextGen SIEM covers all our primary security analysis needs. It makes it easier for us to analyze threats and improves our response times. It's a versatile platform that performs queries fast compared to other SIEM solutions."
"We use this solution to examine disparate log sources and provide a cohesive method to search for anomalous behavior."
"Overall effectiveness is very good. I like how it is oriented to both analysts and technical support people. It's easily adopted by end users as much as by technologists."
"File Integrity Monitoring is really valuable because we have it set up on our core assets. This is one of the key features that I utilize. We also use it quite a lot for event management to do reporting."
"It gives us insight into our entire installation, where we are multiple sites, going as far as the East Coast to the Central West Coast."
"The most valuable features would be the automation, reporting, and the support."
"The most valuable feature is the log aggregation, being able to scan through all of the logs."
"Compared to IBM QRadar, Splunk Enterprise Security offers faster alert resolution."
"It allows the centralization of data and makes possible new sorts of correlations that were previously impossible using traditional SIEMs such as ArcSight or QRadar."
"Splunk can extract all kinds of data. There's no limitation on what kind of structured and unstructured data one needs to extract — it can access any kind of data, including machine-generated data."
"It's very flexible. If you look from the cloud implementation it is there. Reports are made quickly. Unlike other tools, it caters to all kinds of technical information on the front very easily. There's no need to put in any technical information. You can pull on the reports very easily, take action, and notify stakeholders."
"The solution's newly developed dashboard is pretty amazing."
"It provides a risk score for each object, device, or user. We can then take action if they are at a higher risk."
"The initial setup isn't overly complex."
"The solution should make it possible to integrate network analysis features."
"It is really difficult to work in ArcSight Logger, as it is very slow."
"We have had problems with archiving."
"The initial setup was a little bit complex."
"Using the ArcSight Logger dashboard is not particularly intuitive or efficient, so it is important to be trained in its use."
"The product's connectors should work better and the user manuals need an update."
"I had some latency issues for two months. I had to increase our storage capacity significantly to reduce the latency."
"The integration with other systems could be improved."
"Move it to Linux. I would like to see it get off the SQL Server."
"One of the challenges of the SIEM for the LogRhythm 7 platform is the amount of time it takes to bring new log sources into the MDI."
"One thing we have mentioned to them before is that we'd like to be able to do searches, or drill-downs, directly from an alarm. When you click it and the Inspector tab slides out, that might be a good place to be able to click the host to search for the last 24 hours. I know the search is right there but it would be even nicer to just click that and then have an option to search something there."
"I don't think the cloud model in LogRhythm is developed enough."
"When we had version 7.2.6, there were a lot of issues deploying that version and with the indexing. The indexer was unstable. So, we were not able to use the platform when we were on that version until we were able to upgrade to 7.3.4."
"For our market, the solution is quite expensive. It would be ideal if they could work on and improve their existing pricing plans to help make it more affordable in our country."
"In terms of blind spots, we are looking for more improvements since we don't have visibility over everything."
"More help and assistance with some of the open source products, everything seems to be focused on Windows versus giving some guidance and some documentation on how to use it."
"In the next releases, I would like to see more pricing flexibility."
"Technical support needs to be more responsive."
"On-premises scaling of the solution is a bit more limited than it is on the cloud."
"The product's price may be an area of concern where improvements are required."
"Deployment is not difficult but the lock sources and configurations can take time."
"More control with Splunk Cloud as it seems a bit limited. I used to manage an on-premise instance of Splunk Enterprise and really liked having more control over it."
"The historical data extraction needs improvement. I would like the capability of taking data and having it trend longer."
"Cybersecurity and infrastructure monitoring have room for improvement."