IT Central Station is now PeerSpot: Here's why
Buyer's Guide
Log Management
July 2022
Get our free report covering ManageEngine, Splunk, Fortinet, and other competitors of ManageEngine EventLog Analyzer. Updated: July 2022.
621,327 professionals have used our research since 2012.

Read reviews of ManageEngine EventLog Analyzer alternatives and competitors

Muhammad Junaid Raza - PeerSpot reviewer
Sr. Security Engineer at Ebryx
Real User
Top 20
Because it is a cloud-based deployment, we don't need to worry about hardware infrastructure
Pros and Cons
  • "Azure Application Gateway makes things a lot easier. You can create dashboards, alert rules, hunting and custom queries, and functions with it."
  • "There are certain delays. For example, if an alert has been rated on Microsoft Defender for Endpoint, it might take up to an hour for that alert to reach Sentinel. This should ideally take no more than one or two seconds."

What is our primary use case?

We work as a managed security services provider (MSSP). We have different clients who have their own security team. 

One company that I worked for recently had a security team of three people, then they hired us for 24/7 analysis and monitoring. For that, I solely worked on building this product, then there are the eight to nine people who do 24/7 monitoring and analysis.

Sentinel is a full-fledged SIEM and SOAR solution. It is made to enhance your security posture and entirely centered around enhancing security. Every feature that is built into Azure Sentinel is for enhancing security posture.

How has it helped my organization?

It has increased our security posture a lot because there are a lot of services natively integrated to Azure Sentinel from Microsoft, e.g., Microsoft Defender for Endpoint and Defender for Office 365. 

From an analyst's point of view, we have created a lot of automation. This has affected the productivity of analysts because we have automated a lot of tasks that we used to do manually. From an end user's perspective, they don't even notice most of the time because most of our end users are mostly non-technical. They don't feel the difference. It is all about the security and operations teams who have felt the difference after moving from LogRhythm to Azure Sentinel.

What is most valuable?

It is cloud-based, so there isn't an accessibility issue. You don't have to worry about dialing a VPN to access it. Azure does require that for an on-prem solution that the security part is entirely on Microsoft's and Azure's sign-in and login processes.

Because it is a cloud-based deployment, we don't need to worry about hardware infrastructure. That is taken care of by Microsoft.

Azure Application Gateway makes things a lot easier. You can create dashboards, alert rules, hunting and custom queries, and functions with it.

Its integration capabilities are great. We have integrated everything from on-prem to the cloud.

What needs improvement?

There are certain delays. For example, if an alert has been rated on Microsoft Defender for Endpoint, it might take up to an hour for that alert to reach Sentinel. This should ideally take no more than one or two seconds.

There are a couple of delays with the service-to-service integration with Azure Sentinel as well as the tracking point.

For how long have I used the solution?

I have been using it for 14 to 15 months.

What do I think about the stability of the solution?

Azure Sentinel is pretty stable. Sometimes, the agents installed on endpoints go down for a bit. Also, we have faced a lot of issues with its correctors in particular. However, the platform is highly stable, and there have been no issues with that.

For operations, one to two people are actively using the solution. For analysis, there are eight to 10 people who are actively using it.

What do I think about the scalability of the solution?

Sentinel is scalable. If you want, you can hook up a lower balance security corrector. So, there are no issues with scalability.

We have coverage for around 60% to 70% of our environment. While this is not an ideal state, it has the capability to go to an ideal state, if needed.

How are customer service and support?

I have worked with Azure Sentinel for four clients. With only one of those clients, the support was great. For the last three clients, there were a lot of delays. For example, the issues that could have been resolved within one or two hours did not get resolved for a month or two. So, it depends on your support plan. It depends on the networking connections that you have with Microsoft. If you are on your own with a lower priority plan, it will take a lot of time to resolve minor issues. Therefore, Microsoft support is not that great. They are highly understaffed. I would rate them as six or seven out of 10.

How would you rate customer service and support?

Neutral

Which solution did I use previously and why did I switch?

We had a full-fledged SIEM, LogRhythm, already working, but we wanted to migrate towards something that was cloud-based and more inclusive of all technologies. So, we shifted to Azure Sentinel and migrated all our log sources onto Azure Sentinel. We also added a lot of log sources besides those that were reporting to LogRhythm.

We have used a lot of SIEMs. We have used Wazuh, QRadar, Rapid7's SIEM, EventLog Analyzer (ELA), and Splunk. We used Wazuh with ELK Stack, then we shifted to Azure Sentinel because of client requirements.

How was the initial setup?

The initial setup was really straightforward because I had already worked with FireEye Security Orchestrator, so the automation parts were not that difficult. There were a couple of things that got me confused, but it was pretty straightforward overall.

Initially, the deployment took seven and a half months.

What about the implementation team?

We used a lot of forums. We used Microsoft support and online help. We used a lot of things to get everything into one picture. There is plenty of help available online for any log sources that you want to move to Azure Sentinel.

What's my experience with pricing, setup cost, and licensing?

I have worked with a lot of SIEMs. We are using Sentinel three to four times more than other SIEMs that we have used. Azure Sentinel's only limitation is its price point. Sentinel costs a lot if your ingestion goes up to a certain point.

Initially, you should create cost alerts in the cost management of Azure. With one of my clients, we deployed the solution. We estimated that the ingestion would be up to this particular mark, but that ingestion somehow got way beyond that. Within a month to a month and a half, they got charged 35,000 CAD, which was a huge turn off for us. So, at the very beginning, do your cost estimation, then apply a cost alert in the cost management of Azure. You will then get notified if anything goes out of bounds or unexpected happens. After that, start building your entire security operation center on Sentinel.

Which other solutions did I evaluate?

The SOAR capabilities of Azure Sentinel are great. FireEye Security Orchestrator looks like an infant in front of Azure Sentinel's SOAR capabilities, which is great.

What other advice do I have?

The solution is great. As far as the product itself is concerned, not the pricing, I would rate it as nine out of 10. Including pricing, I would rate the product as five to six out of 10.

Which deployment model are you using for this solution?

Public Cloud

If public cloud, private cloud, or hybrid cloud, which cloud provider do you use?

Microsoft Azure
Disclosure: I am a real user, and this review is based on my own experience and opinions.
Flag as inappropriate
Senior Infra Manager at a tech vendor with 10,001+ employees
Real User
Top 20
Great for PCI compliance but issues with stability and large amounts of data
Pros and Cons
  • "The most valuable feature is the predefined reports for PCI compliance."
  • "The correlation suite needs to be improved."

What is our primary use case?

I mainly use this solution to meet PCI compliance.

How has it helped my organization?

The automation of compliance reports and the correlation of the log have been major improvements. 

What is most valuable?

The most valuable feature is the predefined reports for PCI compliance.

What needs improvement?

The correlation suite needs to be improved. I also think they need to improve the product's handling of large amounts of data. In the next release, I would like to see real-time data correlation.

For how long have I used the solution?

I've been using NNT Log Tracker Enterprise for around three years.

What do I think about the stability of the solution?

There are some issues with the stability - the correlation engine has failed multiple times, and the reports sometimes take too long, so we have to involve the tech team to get them.

What do I think about the scalability of the solution?

This solution can scale vertically and horizontally, depending on the Windows server where it is deployed. I think this tool can be used for an endpoint of between 100-200 - however, if the count increases, it may create performance issues.

How are customer service and support?

NNT's technical support is sound, but the overall time for resolutions could be improved.

How would you rate customer service and support?

Neutral

How was the initial setup?

The initial setup was straightforward and smooth, and deployment took no more than two weeks. I would rate the setup process as four out of five.

What about the implementation team?

Our implementation was done by a vendor team.

What was our ROI?

We have seen some ROI from this solution - I would rate the ROI as between three and four out of five.

What's my experience with pricing, setup cost, and licensing?

NNT's pricing is moderate - I would rate their pricing two-and-a-half out of ten. There are no additional costs, they include the entire package in a single license.

Which other solutions did I evaluate?

We evaluated ManageEngine Event Log and SolarWinds Log Tracker.

What other advice do I have?

I would recommend this solution to anyone looking to meet PCI requirements. I would give this solution a rating of seven out of ten.

Which deployment model are you using for this solution?

On-premises
Disclosure: I am a real user, and this review is based on my own experience and opinions.
Flag as inappropriate
Chief Information Security Officer (CISO) at a financial services firm with 51-200 employees
Real User
Top 20
Good correlation rules, competitive pricing, and good stability
Pros and Cons
  • "The correlation rules and the user platform are most valuable."
  • "They can add behavior analytics and AI or machine learning technology. They also improve their correlation engine. In addition to collecting logs from devices, they can collect the traffic and then correlate these logs and the traffic information."

What is our primary use case?

We use it for log and threat management and compliance.

What is most valuable?

The correlation rules and the user platform are most valuable.

What needs improvement?

They can add behavior analytics and AI or machine learning technology. They also improve their correlation engine. In addition to collecting logs from devices, they can collect the traffic and then correlate these logs and the traffic information. 

They can also improve a lot of rules and vulnerability assessment. For vulnerability management, they can add more features. 

For how long have I used the solution?

I have been using this solution for three years. 

What do I think about the stability of the solution?

It is stable. You just log in, and there are no issues.

What do I think about the scalability of the solution?

I use it as software as a service. Scalability depends on whether I have included redundancy in the link or communication between my network and the third-party network.

How are customer service and technical support?

Their technical support is okay. I have contacted them for technical issues, and they have dealt with those issues very well.

How was the initial setup?

Its initial setup is of medium complexity. I would rate it a seven out of ten in terms of complexity.

What's my experience with pricing, setup cost, and licensing?

They have changed the pricing policy. Its price is competitive. Its price is less than half of the price of QRadar, LogRhythm, and Splunk.

Which other solutions did I evaluate?

We evaluated AlienVault and ManageEngine.

What other advice do I have?

I would recommend this solution depending on the size of the organization and whether you require software as a service or on-prem. I prefer ClearSkies for small organizations that require software as a service and have up to 500 employees. In Saudi Arabia, we consider organizations with up to 500 employees as small. Organizations with 500 to 1,000 employees are considered mid-sized. Organizations with more than 1,000 employees are considered large. This categorization would vary based on the region. ClearSkies is the best for software as a service and small organizations with up to 500 employees.

I would rate ClearSkies SaaS NG SIEM an eight out of ten.

Disclosure: I am a real user, and this review is based on my own experience and opinions.
IT System Developer/Admin at a manufacturing company with 10,001+ employees
Real User
A stable, scalable solution with comprehensive dashboards and helpful technical support
Pros and Cons
  • "The scalability of the solution is amazing because it can collect a lot of data and you can have your own structure to monitor this data."
  • "An area of improvement would be the licensing of the solution. They need a free license, which would allow faster lead times."

What is our primary use case?

The primary use case of this solution is to monitor Cyber Mission databases.

I create the diagrams to create an architecture that is then implemented. However, creating these diagrams are for my own learnings since these implementations are usually already available in the cloud office logs.

What is most valuable?

The features I have found most valuable are the dashboards. 

I monitor the complete capacity that users are using in the company.

What needs improvement?

An area of improvement would be the licensing of the solution. They need a free license, which would allow faster lead times.

They also need to update their documentation.

What do I think about the stability of the solution?

The solution is stable.

What do I think about the scalability of the solution?

The scalability of the solution is amazing because it can collect a lot of data and you can have your own structure to monitor this data.

How are customer service and technical support?

The customer service/technical support was helpful and they answered my questions as best they could.

How was the initial setup?

The setup was easy, but you have to have a VPN connection depending on the security protocols in place.

What about the implementation team?

The deployment was in-house and took about two days with the correct licenses and permissions.

What other advice do I have?

It is important to define different guidelines to integrate Splunk in development, QA, and production deployments. Additionally, define the applications that will be used and the configuration of the databases to collect the data. If this is not done, there will be a lot of issues due to, for example, master access or permissions to use the database collector and blocks.

Which deployment model are you using for this solution?

Hybrid Cloud

If public cloud, private cloud, or hybrid cloud, which cloud provider do you use?

Amazon Web Services (AWS)
Disclosure: I am a real user, and this review is based on my own experience and opinions.
Buyer's Guide
Log Management
July 2022
Get our free report covering ManageEngine, Splunk, Fortinet, and other competitors of ManageEngine EventLog Analyzer. Updated: July 2022.
621,327 professionals have used our research since 2012.