We performed a comparison between ArcSight Logger, LogRhythm SIEM, and USM Anywhere based on real PeerSpot user reviews.
Find out what your peers are saying about Splunk, Wazuh, Datadog and others in Log Management."We have a trigger. So, Logger automatically blocks these IP addresses. We could have Logger put them on a blacklist."
"The solution provides information about the risk factors."
"The log digestion features from threat intelligence platforms like Recorded Future or Talos are valuable."
"The most valuable feature is the level of detail that you can see about certain events, even when they do not come up in the console."
"The ESM use cases are the most valuable. It enables us to use the big data collection inside our company. We are able to create use cases for whatever it suits and I find that the most interesting part of any SIEM solution."
"The most valuable feature is the search capability, which is simple to use."
"The technical support team is good...It is a scalable solution."
"I am impressed with the product's ability to pick up logs. It also has UEBA which has reduced the time to take charge of the events."
"We have to be able to show the evidence, and LogRhythm does a great job of putting it forward and making it easy to create reports with nice looking dashboards, which show off what we are doing as a security program."
"I like LogRhythm's ease of use. The solution has improved compared to previous versions. It had many issues before, like integration, the console, creating reports, false positives, etc. The AI engine has made it stronger in the latest version."
"The dashboards in the LogRhythm SIEM really help us as a starting point. It gives us a starting point we can go to every day. We walk through several dashboards to see anomalous activity for further investigation."
"The user interface is good."
"Currently, we are in the implementation phase. LogRhythm is better than QRadar from the point of view of collecting Windows events. It has a much higher view. You can enable monitoring by default."
"We should be able to response to threats and gain visibility into our environment that we don't currently have."
"LogRhythm has increased productivity because all the tools that we need are in the web UI, allowing us to find threats on our network fast and efficiently."
"AXON has the ability to add and compare use cases."
"The solution is stable."
"Its powerful correlation engine helps reduce time in manually correlating events."
"AT&T AlienVault USM is good for ELK Stack, the user experience is great because of its architecture. The ELK has a great performance and it has very good speed in the search and Kibana. Additionally, the visuals and dashboards and very nice and customizable."
"It allows for a lot of out-of-the-box features: vuln scanning, HIDS/HIPS, and IDS."
"It allows you to define what alerts you want to see, or not to see, as well as if you want them grouped, or ungrouped."
"Log-monitoring and alerting enable us to know when things happen that we need to know about."
"The vulnerability scanning is helpful to identify the areas that need patching or fixes installed."
"The vulnerability manager and the file integration are very good."
"The speed of Logger indexing and searching for certain bugs for some queries that we provide could be improved. It can handle a huge number of logs but it can be improved."
"It's not a new product and is a bit complex. So, it requires a person dedicated to working on it and to know about it in and out. It is a huge product, and the search operation is a bit complicated for a new user or someone who has not used it for long. So for that person, it becomes a bit difficult."
"I would rate the technical support only 5 out of 10. The technical support is not satisfactory."
"We have had problems with archiving."
"The product's connectors should work better and the user manuals need an update."
"In the next release, I want to see more intelligence."
"Using the ArcSight Logger dashboard is not particularly intuitive or efficient, so it is important to be trained in its use."
"I would like to see better scheduling in the next release of this solution."
"Sometimes the Platform Manager crashes because it's built around Windows."
"We've tried to work with a couple of engineering department guys there. We've called them and called them but we never hear anything back."
"The log storage capacity should be increased."
"There are other security technologies outside of this SIEM that should be inside of this SIEM. I can see in their roadmap that they're trying to address a lot of these things, and have these technologies built into the solution, because there is no point in going to another vendor or opening up a second window to obtain the data that you need."
"Their ticketing system for managing cases can be improved. They can either do that or adopt some of the open-source ticket systems into theirs. The current system works and gets the job done, but it is very bare-bones and basic. There are some things that could be improved there. They should also bring in more threat intelligence into the product and also probably start to look into the integration of more cloud or SAS products for ingesting logs. They're doing the work, but with the explosion of COVID, a lot of businesses have started to move towards more cloud applications or SAS applications. There is a whole diverse suite of SAS products out there, which is a challenge for them and I get it. They seem to be focusing on the big ones, but it'll be nice to be able to, for example, pull in Microsoft logs from Office 365. They are working towards a better way of doing that, and they have a product in the pipeline to pull logs in from other SAS applications. The biggest thing for them is going to be moving away from a Windows Server infrastructure into a straight-up Linux, which is more stable in my eyes. For the backend, they can maybe move into more of an up-to-date Elastic search engine and use less of Microsoft products."
"Right now there is the concern about being able to gather all of the data into the system."
"We would like to see more things out of the console into the web UI. I guess this is what they are doing in 7.4."
"My big thing is the easability. I don't like to go to two different systems. The fat client that you have to install to configure it, then the web console which is just for reporting and analysis. These features need to collapse, and it needs to be in a single solution. Going through the web solution in the future is the way to do it, because right now, it is a bit cumbersome."
"The other thing is the agent is OSSEC. They needed to create its own agent to help to find threats on the devices that it happens to be installed."
"Support can be slow at times, but the quality is high. Posted knowledge base articles could use improvement."
"Maybe logs are the problem, as the database query is too slow. If you want to search something, you need time to find it."
"The price of AT&T AlienVault USM could be reduced."
"The solution already has quite good tools, however, they need better integration tools for linking with Office 365, Google Suite, and so on."
"We would like more plugins. This being the main point of improvement which would benefit the users."
"Sometimes the log is unclear, and the report is a bit ambiguous."
"Adding a parsing interface for the customers would make AT&T AlienVault USM better."
