The problem I was facing was with the UI when trying to identify the exact services and server names. The UI's left panel was not as informative as I expected. Often, when we needed to retrieve specific information or details, the UI provided a lot of information along with filter criteria. Without the filter criteria, we had to make certain changes in the Exabeam UI. For example, there were three options available to display logs: raw, execution, and view. When selecting "raw," we obtained comprehensive information, but some details were repetitive, such as the server name, service name, method, and agent activities at different times. Although we could access this information, it took time to identify the exact log statement, especially in the case of exception-related log statements. Determining the timestamp at which a particular log was ingested posed a challenge.

This improvement will assist our developers in precisely identifying their logs. Even though you have provided a bar to create a customized dashboard for verifying logs of any service, there is still a problem. If a log is generated on the production server, let's say at 8:30 PM IST or at the present time, it takes a few seconds to be ingested into Exabeam Cloud. However, in the company, Exabeam always shows repetitive logs if my log file hasn't been generated. For example, if nothing has been logged or no action has been performed on the application for the past two hours, my log file will be empty. But still, by default, the agent collectors will check the specific location we configured for log ingestion. If that location doesn't contain anything, the logs are displayed on the screen by default. This is why we need to filter and search through numerous timestamps to find the exact location of our logs.

Updating the new release of Exabeam Fusion SIEM takes time and slows our performance.

Exabeam Fusion SIEM's login could be better. Also, its performance could be improved by reducing the response time.

We still have questions surrounding hardware deployment. 

The solution's data lake features could be easier to understand for end users. They should also provide detailed information about detecting phishing emails and integrating another platform for development.

Adding to the number of certifications that they have, for example, ISO 27001, would be helpful. Currently, they only have SOC 2.

It's not a complete solution. It really focuses on user behavioral analytics, which is a big part of the product. It doesn't support flow analysis. Not everything is left in logs, to be conveniently reviewed. However, if they had flow analysis, it's possible you can catch a lot of hackers looking at the behavior and network flow. Things need to be cross-correlated with logs. They need real-time flow analysis.

They need to focus on more of the MITRE ATT&CK Framework and coverage. They claim they cover about 70 to 80%. I'm not sure if it's really quite that much, however.

The product could be improved by implementing cost use cases. I believe if it were more flexible it would be a better product. 

For additional features, I'd like to see more visibility in the networking.

The product is good but the organzation is rigid and not flexible in the way they operate. Their response time is very bad. They obviously have a small team and not enough staff. They have their own priorities, it seems but the customer should be their first priority. The company really needs to improve their commitment to their customers.