We performed a comparison between ManageEngine Log360 and Trellix ESM based on real PeerSpot user reviews.
Find out in this report how the two Security Information and Event Management (SIEM) solutions compare in terms of features, pricing, service and support, easy of deployment, and ROI."The in-built SOAR of Sentinel is valuable. Kusto Query Language is also valuable for the ease of writing queries and ease of getting insights from the logs. Schedule-based queries within Sentinel are also valuable. I found these three features most useful for my projects."
"The solution has features that helped improve the security posture of our clients. It provides the ability to correlate a large variety of log sources very cost-effectively, especially for Microsoft sources."
"The machine learning and artificial intelligence on offer are great."
"It's easy to use. It's a very good product. It can easily ingest data from anywhere. It has an easily understandable language to perform actions."
"It is able to connect to an ever-growing number of platforms and systems within the Microsoft ecosystem, such as Azure Active Directory and Microsoft 365 or Office 365, as well as to external services and systems that can be brought in and managed. We can manage on-premises infrastructure. We can manage not just the things that are running in Azure in the public cloud, but through Azure Arc and the hybrid capabilities, we can monitor on-premises servers and endpoints. We can monitor VMware infrastructure, for instance, running as part of a hybrid environment."
"The AI and ML of Azure Sentinel are valuable. We can use machine learning models at the tenant level and within Office 365 and Microsoft stack. We don't need to depend upon any other connectors. It automatically provisions the native Microsoft products."
"I like the unified security console. You can close incidents using Sentinel in all other Microsoft Security portals, when it comes to incident response."
"It is quite efficient. It helps our clients in identifying their security issues and respond quickly. Our clients want to automate incident response and all those things."
"We haven't had any stability issues."
"The solution could be improved by including XDR, remediation and Sandbox."
"The most valuable feature is that this solution is more secure than others, and there are more applications and features as well."
"It is easier to deploy than are other SIEMs, which is great. You can also get an overview of your environment, which is very handy."
"The reporting is great. Everything you need is in the report for you already."
"ManageEngine Log360 is not difficult to deploy."
"The product is very user-friendly."
"It basically helps us. We have to stay in compliance with certain issues with some of our customers. We have to have these types of tools in place for protecting our network and our data. We're in the aerospace industry, so we have a lot of defense contracts. So, all those guys will make sure that we're protecting their information, and it does a good job in that aspect."
"Trellix ESM is very user-friendly."
"I rate the tool's deployment an eight out of ten. The deployment is completed in two days."
"Compared to other solutions, the user interface is good."
"The most valuable feature is for the security operation center because it provides visibility of all traffic within the company infrastructure."
"The most valuable feature for us is that it comes with many correlations, reports, and dashboards already available. It's also very easy to use."
"It blocks the things which are not to be allowed. It has an adaptive mode where it learns for itself."
"The solution is 100% stable. We really have had a great time working with it. It hasn't let us down."
"It is easy to use and deploy. It comes with user-friendly manuals."
"The performance could be improved. If I create 15 to 20 lines for a single-use case in KQL, sometimes it takes more time to execute. If I create use cases within a certain timeline, the result will show in .01 seconds. A complex query takes more time to get results."
"Its implementation could be simpler. It is not really simple or straightforward. It is in the middle. Sometimes, connectors are a little bit complex."
"Add more out-of-the-box connectors with other SaaS platforms/applications."
"If you're looking to use canned queries, the interface could be a little more straightforward. It's not immediately intuitive regarding how you use it. You have to take a canned query and paste it into an operational box and then you hit a button... They could improve the ease of deploying these queries."
"The learning curve could be improved. I am still learning it. We were able to implement the basic features to get them up and running, but there are still so many things that I don't know about all its features. They have a lot of features that we have not been able to use or apply. If they could work on reducing the solution's learning curve, that would be good. While there is a training course held by Microsoft to learn more about this solution, there is a cost associated with it."
"Microsoft Defender has a built-in threat expert option that enables you to contact an expert. That feature isn't available in Sentinel because it's a huge product that integrates all the technologies. I would like Microsoft to add the threat expert option so we can contact them. There are a few other features, like threat assessment that the PG team is working on. I expect them to release this feature in the next quarter."
"I would like to see more AI used in processes."
"The AI capabilities must be improved."
"Their technical support should be improved."
"The integration with SharePoint and Teams should be improved."
"The graphical interface could be made easier to use when you are connecting to different network equipment."
"It takes a little bit of time for Log360 to actually learn your environment."
"It is not expensive compared to other solutions."
"The solution lacks some features when compared to other products."
"The solution needs to improve hub storage. It should integrate AI and ML capabilities."
"There is room for improvement, especially in the reporting aspect. The reports are not as good as those in Splunk."
"It seems McAfee does test its product before releasing. When we - not only us, other companies also - deploy McAfee, we face multiple issues from the customer side, after which, McAfee reacts and fixes the bugs."
"The solution needs to improve case management. The UI is confusing."
"I would like to see improvements to the user interface."
"We cannot add new data sources to the most recent version."
"The only issue I have with McAfee is the amount of computer resources that it takes... it's definitely impacting some of the other applications that are running on a computer at the same time."
"The product's stability is an area of concern where improvements are required."
"There should be support for multitenancy in the product."
"The disk space needed for events is not clear. In all clients, we had at least more than 100GB free that we could not use."
ManageEngine Log360 is ranked 24th in Security Information and Event Management (SIEM) with 15 reviews while Trellix ESM is ranked 19th in Security Information and Event Management (SIEM) with 34 reviews. ManageEngine Log360 is rated 7.2, while Trellix ESM is rated 7.4. The top reviewer of ManageEngine Log360 writes "Facilitates incident backtracking and identifying the cause of incidents but insufficient intelligence-driven analysis to suppress unnecessary alerts". On the other hand, the top reviewer of Trellix ESM writes "Provides visibility of all the traffic within the company infrastructure". ManageEngine Log360 is most compared with ManageEngine EventLog Analyzer, Wazuh, Splunk Enterprise Security, Fortinet FortiSIEM and SolarWinds Security Event Manager , whereas Trellix ESM is most compared with ArcSight Enterprise Security Manager (ESM), IBM Security QRadar, LogRhythm SIEM, Splunk Enterprise Security and SQRRL. See our ManageEngine Log360 vs. Trellix ESM report.
See our list of best Security Information and Event Management (SIEM) vendors.
We monitor all Security Information and Event Management (SIEM) reviews to prevent fraudulent reviews and keep review quality high. We do not post reviews by company employees or direct competitors. We validate each review for authenticity via cross-reference with LinkedIn, and personal follow-up with the reviewer when necessary.
