We performed a comparison between FileAudit and Trellix ESM based on real PeerSpot user reviews.
Find out what your peers are saying about Microsoft, Splunk, Wazuh and others in Security Information and Event Management (SIEM)."The ability of all these solutions to work together natively is essential. We have an Azure subscription, including Log Analytics. This feature automatically acts as one of the security baselines and detects recommendations because it also integrates with Defender. We can pull the sysadmin logs from Azure. It's all seamless and native."
"The analytic rule is the most valuable feature."
"The UI of Sentinel is very good and easy to use, even for beginners."
"The features that stand out are the detection engine and its integration with multiple data sources."
"Native integration with Microsoft security products or other Microsoft software is also crucial. For example, we can integrate Sentinel with Office 365 with one click. Other integrations aren't as easy. Sometimes, we have to do it manually."
"There are a lot of things you can explore as a user. You can even go and actively hunt for threats. You can go on the offensive rather than on the defensive."
"The scalability is great. You can put unlimited logs in, as long as you can pay for it. There are commitment tiers, up to six terabytes per day, which is nowhere close to what any one of our customers is running."
"It's easy to use. It's a very good product. It can easily ingest data from anywhere. It has an easily understandable language to perform actions."
"It is a good and stable solution...It is a scalable solution."
"Our customer acquires the complete report which is kept for future auditing purposes."
"Alerting upon file changes is the most valuable aspect of the product."
"It blocks the things which are not to be allowed. It has an adaptive mode where it learns for itself."
"The support I have received from the vendor has been great."
"The most valuable feature is for the security operation center because it provides visibility of all traffic within the company infrastructure."
"The ease of use is the most valuable feature. Over the years I have always been using this solution and have become comfortable with it."
"The solution's technical support is great."
"The most valuable features of McAfee ESM are intrusion detection, malware protection, and the device controller."
"The product’s most valuable feature is log monitoring."
"It has performed well and delivered the results that I have been looking for."
"We'd like also a better ticketing system, which is older."
"I would like to see more AI used in processes."
"The dashboards can be improved. Creating dashboards is very easy, but the visualizations are not as good as Microsoft Power BI. People who are using Microsoft Power BI do not like Sentinel's dashboards."
"Improvement-wise, I would like to see more integration with third-party solutions or old-school antivirus products that have some kind of logging capability. I wouldn't mind having that exposed within Sentinel. We do have situations where certain companies have bought licensing or have made an investment in a product, and that product will be there for the next two or three years. To be able to view information from those legacy products would be great. We can then better leverage the Sentinel solution and its capabilities."
"The interface could be more user-friendly. It''s a small improvement that they could make if they wanted to."
"Azure Sentinel will be directly competing with tools such as Splunk or Qradar. These are very established kinds of a product that have been around for the last seven, eight years or more."
"I believe one of the challenges I encountered was the absence of live training sessions, even with the option to pay for them."
"The performance could be improved. If I create 15 to 20 lines for a single-use case in KQL, sometimes it takes more time to execute. If I create use cases within a certain timeline, the result will show in .01 seconds. A complex query takes more time to get results."
"The DLP function, including installation of the agent on the workstation and controlling the DLP restrictions, are areas where the product lacks."
"The updates management and central management console could be improved."
"Whenever someone cuts and paste, it shows as "file is deleted"."
"The only drawback is that they don't have any packet capturing or network behavior analysis."
"Tech support is required each time there is a system update of the solution."
"The support from McAfee ESM could improve. They could improve the speed."
"Product currently requires Flash."
"Cloud integration has room for improvement because they're not full-fledged to integrate with the cloud solutions that come. They use different integration platforms to bring in data, and that needs to be improved."
"There are some banking and transactional cases that are local, South America transactions. I would like to see them add features that can be used locally, to make those transactions more reliable."
"Product-wise, adding accounts on a single data source by batch would be a really great help."
"The product’s alert response feature needs improvement. It could be more flexible and secure."
FileAudit is ranked 38th in Security Information and Event Management (SIEM) with 3 reviews while Trellix ESM is ranked 18th in Security Information and Event Management (SIEM) with 34 reviews. FileAudit is rated 9.0, while Trellix ESM is rated 7.4. The top reviewer of FileAudit writes "A scalable SIEM solution for monitoring a user's activity in the file server". On the other hand, the top reviewer of Trellix ESM writes "Provides visibility of all the traffic within the company infrastructure". FileAudit is most compared with ManageEngine File Audit Plus, whereas Trellix ESM is most compared with ArcSight Enterprise Security Manager (ESM), IBM Security QRadar, Splunk Enterprise Security, LogRhythm SIEM and Cybereason Endpoint Detection & Response.
See our list of best Security Information and Event Management (SIEM) vendors.
We monitor all Security Information and Event Management (SIEM) reviews to prevent fraudulent reviews and keep review quality high. We do not post reviews by company employees or direct competitors. We validate each review for authenticity via cross-reference with LinkedIn, and personal follow-up with the reviewer when necessary.