We performed a comparison between FileAudit and Trellix Helix based on real PeerSpot user reviews.
Find out in this report how the two Security Information and Event Management (SIEM) solutions compare in terms of features, pricing, service and support, easy of deployment, and ROI."Mainly, this is a cloud-native product. So, there are zero concerns about managing the whole infrastructure on-premises."
"The most valuable feature is the performance because unlike legacy SIEMs that were on-premises, it does not require as much maintenance."
"Log aggregation and data connectors are the most valuable features."
"The most valuable features are its threat handling and detection. It's a powerful tool because it's based on machine learning and on the behavior of malware."
"The most valuable feature is the alert notifications, which are categorized by severity levels: informational, low, medium, and high."
"The solution has features that helped improve the security posture of our clients. It provides the ability to correlate a large variety of log sources very cost-effectively, especially for Microsoft sources."
"The features that stand out are the detection engine and its integration with multiple data sources."
"The Log analytics are useful."
"Our customer acquires the complete report which is kept for future auditing purposes."
"It is a good and stable solution...It is a scalable solution."
"Alerting upon file changes is the most valuable aspect of the product."
"FireEye Helix's best features are its speed and use of an easy-to-understand language to send queries to the raw logs."
"Trellix Helix helps prevent email attacks, like phishing and email spoofing attacks."
"The product offers very strong automation. Our cyber security analysts don't have to correlate the information to detect problems. They only need to analyze problems that have been identified by the platform."
"The most valuable features include predefined use cases and threatening states."
"It is kind of simple and very easily deployable. You can start working with it very fast."
"The integration is very useful and very easy. You can have an API connection with any cloud and I'll be able to do both ways of communication with the help of APA."
"I like that it's easy. It's got the protection set up, and we can see whatever is required. We write our own rules and the rules that we can input. I think it is good."
"If you're looking to use canned queries, the interface could be a little more straightforward. It's not immediately intuitive regarding how you use it. You have to take a canned query and paste it into an operational box and then you hit a button... They could improve the ease of deploying these queries."
"There are certain delays. For example, if an alert has been rated on Microsoft Defender for Endpoint, it might take up to an hour for that alert to reach Sentinel. This should ideally take no more than one or two seconds."
"Multi-tenancy, in my opinion, needs to be improved. I believe it can do better as a managed service provider."
"I can't think of anything other than just getting the name out there. I think a lot of customers don't fully understand the full capabilities of Azure Sentinel yet. It is kind of like when they're first starting to use Azure, it might not be something they first think about. So, they should just kind of get to the point where it is more widely used."
"They need to work with other security vendors. For example, we replaced our email gateway with Symantec, but we couldn't collect these logs with Azure Sentinel. Instead of collecting these logs with Azure Sentinel, we are collecting them on Qradar. We couldn't do it with Sentinel, which is a problem for us."
"Sometimes, we are observing large ingestion delays. We expect logs within 5 minutes, but it takes about 10 to 15 minutes."
"If their UI was a bit more streamlined and easy to find when I need it, then that would be a great improvement."
"Sometimes, it is hard for us to estimate the costs of Microsoft Sentinel."
"The updates management and central management console could be improved."
"Whenever someone cuts and paste, it shows as "file is deleted"."
"The DLP function, including installation of the agent on the workstation and controlling the DLP restrictions, are areas where the product lacks."
"Trellix Helix's configuration and learning could be improved to identify normal traffic from abnormal and to identify trusted domains."
"FireEye Helix would be improved with the option of an on-prem version, which they don't currently offer."
"We have certain challenges with integrating the SOAR platform with multiple vendors."
"Integrations could be improved, and the dashboard could be a little better."
"The graphical user interface could be improved. It's not easy to handle and it's not easy for a customer or end-user to learn how to manage the solution."
"Sometimes the rules are disabled by FireEye, and we basically get it after the patch. I think there needs to be a better way of creating the application rules. I would like to see better pricing for our licensing."
"It should have more cloud connectors. It could also be cheaper."
FileAudit is ranked 38th in Security Information and Event Management (SIEM) with 3 reviews while Trellix Helix is ranked 31st in Security Information and Event Management (SIEM) with 7 reviews. FileAudit is rated 9.0, while Trellix Helix is rated 8.6. The top reviewer of FileAudit writes "A scalable SIEM solution for monitoring a user's activity in the file server". On the other hand, the top reviewer of Trellix Helix writes "Helps prevent email attacks, like phishing and email spoofing attacks". FileAudit is most compared with ManageEngine File Audit Plus, whereas Trellix Helix is most compared with LogRhythm SIEM, Splunk Enterprise Security, Trellix ESM, IBM Security QRadar and USM Anywhere. See our FileAudit vs. Trellix Helix report.
See our list of best Security Information and Event Management (SIEM) vendors.
We monitor all Security Information and Event Management (SIEM) reviews to prevent fraudulent reviews and keep review quality high. We do not post reviews by company employees or direct competitors. We validate each review for authenticity via cross-reference with LinkedIn, and personal follow-up with the reviewer when necessary.