We performed a comparison between Exabeam Fusion SIEM and ThreatQ based on real PeerSpot user reviews.
Find out what your peers are saying about Microsoft, Palo Alto Networks, Splunk and others in Security Orchestration Automation and Response (SOAR)."There are a lot of things you can explore as a user. You can even go and actively hunt for threats. You can go on the offensive rather than on the defensive."
"The UI-based analytics are excellent."
"The native integration of the Microsoft security solution has been essential because it helps reduce some false positives, especially with some of the impossible travel rules that may be configured in Microsoft 365. For some organizations, that might be benign because they're using VPNs, etc."
"The most valuable feature is the onboarding of the workloads. You can see all that has been onboarded in your account on the dashboards."
"The pricing of the product is excellent."
"I've worked on most of the top SIEM solutions, and Sentinel has an edge in most areas. For example, it has built-in SOAR capabilities, allowing you to run playbooks automatically. Other vendors typically offer SOAR as a separate licensed solution or module, but you get it free with Sentinel. In-depth incident integration is available out of the box."
"The best functionality that you can get from Azure Sentinel is the SOAR capability. So, you can estimate any type of activity, such as when an alert was triggered or an incident was found."
"I like the ability to run custom KQL queries. I don't know if that feature is specific to Sentinel. As far as I know, they are using technology built into Azure's Log Analytics app. Sentinel integrates with that, and we use this functionality heavily."
"It's a very user-friendly product and it's a very comprehensive technology."
"The most valuable feature of Exabeam Fusion SIEM is the easy-to-use user interface."
"The way it can connect with AWS is very useful, and the integrations are pretty good."
"The solution's initial setup process is easy."
"Exabeam Fusion SIEM has a good performance and more advantages than traditional solutions."
"The setup is not difficult. It was easy."
"I have customers that like the EUBA functionality of it. The solution has the ability to build a session, basically. It pulls a lot of information together, for example, everything a user does in a specific timeframe. It's quite helpful."
"The advanced analytics has a really great overview of user behavior."
"Integrating the solution with our existing security tools and workflows was easy."
"The reporting services are great. With reporting services, if you have customers that just visit a URL you can see the result - including why it's blocked and how and how the URL was first recognized as malicious."
"There is room for improvement in entity behavior and the integration site."
"The on-prem log sources still require a lot of development."
"When we pass KPIs to the governance department, there's no option to provide rights to the data or dashboard to colleagues. We can use Power BI for this, but it isn't easy or convenient. They should just come up with a way to provide limited role-based access to auditing personnel"
"The learning curve could be improved. I am still learning it. We were able to implement the basic features to get them up and running, but there are still so many things that I don't know about all its features. They have a lot of features that we have not been able to use or apply. If they could work on reducing the solution's learning curve, that would be good. While there is a training course held by Microsoft to learn more about this solution, there is a cost associated with it."
"There is a wider thing called Jupyter Notebooks, which is around the automation side of things. It would be good if there are playbooks that you can utilize without having to have the developer experience to do it in-house. Microsoft could provide more playbooks or more Jupyter Notebooks around MITRE ATT&CK Framework."
"Microsoft Sentinel is relatively expensive, and its cost should be improved."
"If you're looking to use canned queries, the interface could be a little more straightforward. It's not immediately intuitive regarding how you use it. You have to take a canned query and paste it into an operational box and then you hit a button... They could improve the ease of deploying these queries."
"We do have in-built or out-of-the-box metrics that are shown on the dashboard, but it doesn't give the kind of metrics that we need from our environment whereby we need to check the meantime to detect and meantime to resolve an incident. I have to do it manually. I have to pull all the logs or all the alerts that are fed into Sentinel over a certain period. We do this on a monthly basis, so I go into Microsoft Sentinel and pull all the alerts or incidents we closed over a period of thirty days."
"The organzation is rigid and not flexible in the way they operate"
"I believe if it were more flexible it would be a better product."
"They need to focus on more of the MITRE ATT&CK Framework and coverage. They claim they cover about 70 to 80%. I'm not sure if it's really quite that much, however."
"The initial setup of Exabeam Fusion SIEM is complex because it needs to integrate with the SIEM solution, but after this is complete it is straightforward."
"We still have questions surrounding hardware deployment."
"We had a large volume right from the beginning and they weren't quite prepared for that. That's something that they should think about when it comes to customers that have a large volume to start off with."
"They should provide detailed information about detecting phishing emails."
"Adding to the number of certifications that they have, for example, ISO 27001, would be helpful."
"The solution should be simpler for the end-user in terms of reporting and navigating the product."
"The tool is not user-friendly."
Exabeam Fusion SIEM is ranked 12th in Security Orchestration Automation and Response (SOAR) with 10 reviews while ThreatQ is ranked 23rd in Security Orchestration Automation and Response (SOAR) with 2 reviews. Exabeam Fusion SIEM is rated 8.0, while ThreatQ is rated 7.0. The top reviewer of Exabeam Fusion SIEM writes "Enables centralized log collection on a single platform". On the other hand, the top reviewer of ThreatQ writes "Improves the threat intelligence gathering process, but it is not user-friendly". Exabeam Fusion SIEM is most compared with IBM Security QRadar, Splunk Enterprise Security, Splunk User Behavior Analytics, Palo Alto Networks Cortex XSOAR and Gurucul UEBA, whereas ThreatQ is most compared with ThreatConnect Threat Intelligence Platform (TIP), Anomali ThreatStream, Recorded Future and Palo Alto Networks Cortex XSOAR.
See our list of best Security Orchestration Automation and Response (SOAR) vendors.
We monitor all Security Orchestration Automation and Response (SOAR) reviews to prevent fraudulent reviews and keep review quality high. We do not post reviews by company employees or direct competitors. We validate each review for authenticity via cross-reference with LinkedIn, and personal follow-up with the reviewer when necessary.