Netsurion EventTracker [EOL] Questions

Miriam Tover - PeerSpot reviewer
Miriam Tover
Senior Delivery Ops Manager
PeerSpot (formerly IT Central Station)

Hi Everyone,

What do you like most about Netsurion EventTracker?

Thanks for sharing your thoughts with the community!

it_user434868 - PeerSpot reviewer
Senior Director of Delivery at a tech services company with 51-200 employees

Hi,

We all know it's really hard to get good pricing and cost information.

Please share what you can so you can help your peers.

it_user434868 - PeerSpot reviewer
Senior Director of Delivery at a tech services company with 51-200 employees

Please share with the community what you think needs improvement with Netsurion EventTracker.

What are its weaknesses? What would you like to see changed in a future version?

it_user434868 - PeerSpot reviewer
Senior Director of Delivery at a tech services company with 51-200 employees

How do you or your organization use this solution?

Please share with us so that your peers can learn from your experiences.

Thank you!

it_user434868 - PeerSpot reviewer
Senior Director of Delivery at a tech services company with 51-200 employees

If you were talking to someone whose organization is considering Netsurion EventTracker, what would you say?

How would you rate it and why? Any other tips or advice?

it_user434868 - PeerSpot reviewer
Senior Director of Delivery at a tech services company with 51-200 employees

Hi Everyone,

What do you like most about Netsurion EventTracker?

Thanks for sharing your thoughts with the community!

Miriam Tover - PeerSpot reviewer
Miriam Tover
Senior Delivery Ops Manager
PeerSpot (formerly IT Central Station)

Hi,

We all know it's really hard to get good pricing and cost information.

Please share what you can so you can help your peers.

it_user434868 - PeerSpot reviewer
Senior Director of Delivery at a tech services company with 51-200 employees

Please share with the community what you think needs improvement with Netsurion EventTracker.

What are its weaknesses? What would you like to see changed in a future version?

Miriam Tover - PeerSpot reviewer
Miriam Tover
Senior Delivery Ops Manager
PeerSpot (formerly IT Central Station)

How do you or your organization use this solution?

Please share with us so that your peers can learn from your experiences.

Thank you!

Miriam Tover - PeerSpot reviewer
Miriam Tover
Senior Delivery Ops Manager
PeerSpot (formerly IT Central Station)

If you were talking to someone whose organization is considering Netsurion EventTracker, what would you say?

How would you rate it and why? Any other tips or advice?

Mark Lauteren - PeerSpot reviewer
Mark LauterenThe biggest lesson I have learned is that the outsourcing of this service has a… more »
11 Answers
Security Information and Event Management (SIEM) Questions
Shibu Babuchandran - PeerSpot reviewer
Shibu Babuchandran
Regional Manager/ Service Delivery Manager at ASPL INFO Services
Nov 17 2022
Hi community,  I am a Service Delivery Manager at a medium-sized tech services company. I am researching PSIM (Physical Security Information Management). What are the main use cases and benefits of products that fall under this category? Thank you for your help.
Read More »
Evgeny Belenky - PeerSpot reviewer
Evgeny Belenky
PeerSpot (formerly IT Central Station)
Aug 05 2022
Hi dear professionals, Can you share with the community 2-3 top pain points you've been experiencing during the Security Information and Event Management (SIEM) solution purchase? How have you been able to overcome them, if at all? Thanks for sharing your knowledge with other peers.
Read More »
Johannes Kresse - PeerSpot reviewer
Johannes Kresse1. License models are not communicated transparently which makes planning… more »
Jairo Willian Pereira - PeerSpot reviewer
Jairo Willian PereiraVolume versus costs. Using an intermediate (free) tool to store, transform data… more »
2 Answers
Gloria Burt - PeerSpot reviewer
Gloria Burt
PresidentPresident at TSG Networks
Nov 11 2022

Hi community,

The GDPR compliance is demanding that we use automated event log monitoring on our 8-9 servers. 

Which tool would you recommend using for this  Windows environment? Why?

Thanks in advance for your help!

Doug-Smith - PeerSpot reviewer
Doug-SmithThat would also depend on how much the budget will support and how granular you… more »
7 Answers
Bertrand - PeerSpot reviewer
Bertrand
User
Hi everyone,  I am looking for SIEM use cases and triggers. On this thread https://www.peerspot.com/questions/what-are-the-top-use-cases-to-implement-after-deploying-a-siem, @David Swift said he has written SANS papers. I have looked for them (in white papers and gold papers) and cannot find th...
Read More »
David Swift - PeerSpot reviewer
David SwiftYou may also want to consider the MITRE ATT&CK framework… more »
David Swift - PeerSpot reviewer
David SwiftBest Practice Papers Additional detail is available in several public papers… more »
5 Answers
reviewer1285209 - PeerSpot reviewer
Tech Lead at a tech services company with 1,001-5,000 employees
Hi all,I'm a Tech Lead at a Tech Services company with 1K+ employees.  I've been looking at the following SIEM products: Elastic Enterprise Search, IBM QRadar, LogRhythm NextGen SIEM, McAfee ESM, Splunk, Splunk Cloud and Elastic Security. Which SIEM would you recommend for an enterprise as the ...
Read More »
David Swift - PeerSpot reviewer
David SwiftIt's best to start your search based on the use cases/problems you need to… more »
DEvi Katakam - PeerSpot reviewer
DEvi KatakamLook at aiSIEM as well.  It’s very cost-effective and includes the following… more »
PrasanthPrasad - PeerSpot reviewer
PrasanthPrasadHI,  I would go with Elastic Enterprise Search. There are a few reasons why.… more »
3 Answers
Evgeny Belenky - PeerSpot reviewer
Evgeny Belenky
PeerSpot (formerly IT Central Station)
Hi infosec professionals, What are the main architectural differences between those two technologies? What are the relations between the two of them? Are they complementary? What does an XDR solution provide that SIEM doesn't and vice versa? Thanks for sharing your knowledge with the community!
Read More »
David Swift - PeerSpot reviewer
David SwiftSIEM focuses on correlation - detection, both known (and with UEBA), unknown/0… more »
Shibu Babuchandran - PeerSpot reviewer
Shibu BabuchandranHope the below will be helpful Key differences between… more »
Kevin Mabry - PeerSpot reviewer
Kevin MabryA SIEM is basically a solution/product that collects all security and syslog… more »
6 Answers
Shibu Babuchandran - PeerSpot reviewer
Shibu Babuchandran
Regional Manager/ Service Delivery Manager at ASPL INFO Services

Hi community,

What are your top 5 (or less) cyber security trends in 2022?

Thanks in advance!

Pablo Cousino - PeerSpot reviewer
Pablo Cousino1) Security in endpoints (especially because of remote work), especially to… more »
Bret Mantey - PeerSpot reviewer
Bret Mantey Look to the most recent Presidential order regarding security: Executive… more »
Jairo Willian Pereira - PeerSpot reviewer
Jairo Willian Pereira1. [True!] Cloud Security hardening/assessment.  2. AI (for massive data… more »
10 Answers
Shibu Babuchandran - PeerSpot reviewer
Shibu Babuchandran
Regional Manager/ Service Delivery Manager at ASPL INFO Services

Hi community, 

In your opinion, which is the best SaaS-based SIEM tool and why?

Thanks

Aji Joseph - PeerSpot reviewer
Aji JosephThe selection of a SIEM solution depends on a lot of parameters like the size of… more »
Avraham Sonenthal - PeerSpot reviewer
Avraham SonenthalWell I have been looking at Webinars and whitepapers and such for Palo Alto… more »
Jairo Willian Pereira - PeerSpot reviewer
Jairo Willian PereiraELK.  Why? Price, easiness, vendor-neutral and customization.
4 Answers
Evgeny Belenky - PeerSpot reviewer
Evgeny Belenky
PeerSpot (formerly IT Central Station)

Hi SOC analysts and other infosec professionals,

Which standard/custom method do you use to decide about the alert severity in your SOC? 

Is it possible to avoid being too subjective? How do you fight the "alert fatigue"?

Robert Cheruiyot - PeerSpot reviewer
Robert CheruiyotHi @Evgeny Belenky, I think as long as you do this thing manually, you will… more »
Luis Apodaca - PeerSpot reviewer
Luis ApodacaI think first of all you need to establish what resources you want to handle in… more »
reviewer1331706 - PeerSpot reviewer
reviewer1331706It depends on the information in your current alerts. E.g if the alert has the… more »
6 Answers
Giusel - PeerSpot reviewer
Giusel
IT Engineer at UTMStack
Oct 03 2022
Hi, community! Usually, when professionals administer the network, they use an Active Directory tool and a cybersecurity solution (e.g., EPP, anti-virus, or SIEM) separately. Are you aware of SIEM platforms that integrate these tools?
Read More »
Avraham Sonenthal - PeerSpot reviewer
Avraham SonenthalI agree with the users who mentioned Splunk. Splunk is a log message management… more »
Norman Freitag - PeerSpot reviewer
Norman FreitagHi @Giusel, I agree with Shibu Splunk it's probably the best fit (or single… more »
Robert Cheruiyot - PeerSpot reviewer
Robert CheruiyotHi @Giusel, With the rise in insider threats, the idea of UEBA is becoming a… more »
7 Answers
Evgeny Belenky - PeerSpot reviewer
Evgeny Belenky
PeerSpot (formerly IT Central Station)

Hi infosec professionals,

Which deployment model should an enterprise organization choose and in which case?

Thank you!

reviewer1331706 - PeerSpot reviewer
reviewer1331706There are many variations for a Security Operations Centre. depending on the… more »
Jairo Willian Pereira - PeerSpot reviewer
Jairo Willian PereiraI´m not sure about the answer, but I'll try... Insourcing or outsourcing,… more »
Shibu Babuchandran - PeerSpot reviewer
Shibu BabuchandranWe can have multiple SOC models depending on the requirement and budget… more »
3 Answers
Evgeny Belenky - PeerSpot reviewer
Evgeny Belenky
PeerSpot (formerly IT Central Station)
Sep 15 2022

Hi,

When would you suggest using an internal SOC and when SOC-as-a-Service? What are the pros and cons of each?

Shibu Babuchandran - PeerSpot reviewer
Shibu BabuchandranHello, Below there are views on the pros and cons of Internal SOC and… more »
Manuel Gellida - PeerSpot reviewer
Manuel GellidaEvgeny I think, SOC on-premise means a huge investment (=monthly payment)… more »
Ljubomir Djuric - PeerSpot reviewer
Ljubomir DjuricThis is a truly good and difficult question.  If we could have MSSP that is… more »
13 Answers
Giusel - PeerSpot reviewer
Giusel
IT Engineer at UTMStack

Hi community,

I'm working on a document about the Security Operation Center best practices, and I would like to get your inputs about it.

Thanks

Robert Cheruiyot - PeerSpot reviewer
Robert CheruiyotHi Giusel, From my little experience, it's always good to have a good working… more »
Shibu Babuchandran - PeerSpot reviewer
Shibu BabuchandranHi @Giusel ​, Some of the best practices that I feel is as below. 1. The SOC… more »
Steffen Hornung - PeerSpot reviewer
Steffen HornungSadly, I cant contribute due to lack of experience in that field. But I would… more »
4 Answers
Bravo Zilenn - PeerSpot reviewer
Bravo Zilenn
User at Insight Alpha

Hi,

Have you tried Google Chronicle? What's your opinion about it?

Thanks,

Chiheb Chebbi - PeerSpot reviewer
Chiheb Chebbi
Defender with 501-1,000 employees

Hi community, 

What are your methods to automate Azure Sentinel content deployment? 

Are you adopting a Detection-As-Code approach? What main challenges have you faced? 

Thank you in advance!

Shibu Babuchandran - PeerSpot reviewer
Shibu BabuchandranHi @Chiheb Chebbi ​, Please find some of the automate deployment for Azure… more »
2 Answers
Ertugrul Akbas - PeerSpot reviewer
Ertugrul Akbas
Manager at ANET
Hot data is necessary for live security monitoring.  Archive data (cold data) is not available fastly. It takes days to make archive data live if the archive data time frame is more than 30 days (in most of the SIEM solutions).  As an example, SolarWinds said the attackers first compromised its...
Read More »
reviewer1469436 - PeerSpot reviewer
reviewer1469436We changed our model to be able to cover such critical long-term cases.  We… more »
1 Answer
Chiheb Chebbi - PeerSpot reviewer
Chiheb Chebbi
Defender with 501-1,000 employees

Hi community, 

What is the best way to deploy agents/sensors (such as a SIEM agent) in large-scale Windows environments? 

Any hands-on tips or recommendations?

Thank you. 

David Swift - PeerSpot reviewer
David SwiftMost SIEMs shouldn't require agents. You can generally configure Windows Event… more »
Jairo Willian Pereira - PeerSpot reviewer
Jairo Willian PereiraSome products permit generating a native .MSI package. Sometimes, you can use… more »
2 Answers
Chiheb Chebbi - PeerSpot reviewer
Chiheb Chebbi
Defender with 501-1,000 employees

Hi community, 

When one writes detection rules for SIEM solutions, what are the criteria of a good detection rule? 

Can you share any examples?

Thanks.

Shibu Babuchandran - PeerSpot reviewer
Shibu Babuchandran@Chiheb Chebbi, I hope the below test cases are helpful. Test 1 - Recon:… more »
3 Answers
Chiheb Chebbi - PeerSpot reviewer
Chiheb Chebbi
Defender with 501-1,000 employees
Sep 15 2022

Hi community,

Once a SIEM is deployed successfully, what are the top use cases you'd recommend to implement for the Microsoft environment? 

Thank you in advance!

Shibu Babuchandran - PeerSpot reviewer
Shibu BabuchandranSome of the use cases that are important and a good start would be: -… more »
Shibu Babuchandran - PeerSpot reviewer
Shibu BabuchandranSome of the Top use cases for SIEM:  1. Authentication activities Security… more »
David Swift - PeerSpot reviewer
David SwiftThere are 26 base use cases every SIEM should run that find Indicators of… more »
8 Answers
Felicia Jonelle - PeerSpot reviewer
Felicia Jonelle
User

Hi community,

Which SIEM for small/medium-sized companies do you consider the most economical?

Splunk, Security Onion, UTMStack, other? What do you like about it vs other ones?

Shibu Babuchandran - PeerSpot reviewer
Shibu BabuchandranPersonally, the way I have analyzed is depending on the requirement of the… more »
Jairo Willian Pereira - PeerSpot reviewer
Jairo Willian PereiraELK, graylog, OSSIM and Apache Metron (or another Hadoop-like open… more »
3 Answers
Navin Rehnius - PeerSpot reviewer
Navin Rehnius
Security Engineer at a tech services company with 201-500 employees

Hello,

Is Rapid7 InsightIDR an efficient solution (to be used in SOC as an analysis tool) in comparison with other SIEM products, such as IBM QRadar, Splunk, and LogRhythm NextGen SIEM?

John Rendy - PeerSpot reviewer
John RendyNo, Navin,  The use of SIEM products will focus a lot broader on managing all… more »
John Stanford - PeerSpot reviewer
John StanfordYes, Rapid7 is a great tool for a SOC to use for analysis of Security Events, as… more »
3 Answers
Evgeny Belenky - PeerSpot reviewer
Evgeny Belenky
PeerSpot (formerly IT Central Station)

Hi community members,

Let's discuss what are the main differences between UEBA (User and Entity Behavior Analytics) and SIEM (Security Information and Event Management) solutions.

David Swift - PeerSpot reviewer
David SwiftSIEM vs UEBA 1. SIEM is designed to store events for extended periods… more »
Tjeerd Saijoen - PeerSpot reviewer
Tjeerd SaijoenMany SIEM solutions like QRadar are using UEBA in a SIEM solution. User and… more »
Navin Rehnius - PeerSpot reviewer
Navin RehniusSIEM is the platform where we can see all of the security events. Here we can… more »
4 Answers
Evgeny Belenky - PeerSpot reviewer
Evgeny Belenky
PeerSpot (formerly IT Central Station)
Aug 23 2022
Hi community members, We would like to hear your insights on the latest trends in SOC. What are you seeing in the field or forecasting?  Please share your opinions on how these trends are going to influence the future of the relevant tools and solutions used in SOC. Thanks!
Read More »
John Rendy - PeerSpot reviewer
John RendyEvgeny,  My personal experience tells me that SOC will be driven by… more »
Johannes Kresse - PeerSpot reviewer
Johannes Kresse- Decentralization: SOC Analysts do not sit in one room, not even work for one… more »
4 Answers
William Milton - PeerSpot reviewer
William Milton
User at VAE-MARMARA8

Hi peers,

I'm looking for a technical comparison between Splunk Phantom SOAR and FireEye SOAR solutions.

Can anyone help with the insights?

reviewer1532622 - PeerSpot reviewer
Electronics Engineering Lab Technician(R&D) at a engineering company with 11-50 employees
I have slowly switched our entire network over to Fortinet products over the past few years and been pleased with the products overall.  I would like to utilize FortiSIEM for more robust monitoring and response, but the cost is extremely prohibitive for my company (<25 employees). Suggestions?
Read More »
Rony_Sklar - PeerSpot reviewer
Rony_Sklar
PeerSpot (formerly IT Central Station)
There are many cybersecurity tools available, but some aren't doing the job that they should be doing.  What are some of the threats that may be associated with using 'fake' cybersecurity tools? What can people do to ensure that they're using a tool that actually does what it says it does?
Read More »
SimonClark - PeerSpot reviewer
SimonClark Dan Doggendorf gave sound advice. Whilst some of the free or cheap… more »
Dan Doggendorf - PeerSpot reviewer
Dan DoggendorfThe biggest threat is risks you think you have managed are not managed at all so… more »
Javier Medina - PeerSpot reviewer
Javier MedinaYou should build a lab, try the tools and analyze the traffic and behavior with… more »
12 Answers
Rony_Sklar - PeerSpot reviewer
Rony_Sklar
PeerSpot (formerly IT Central Station)
How do log management and SIEM differ? Is it necessary to have separate tools for each function or can these functions be rolled into one solution? Which products are best for SIEM, and which are better for log management? Do you have recommendations of products that effectively combine both log...
Read More »
Lindsay Mieth - PeerSpot reviewer
Lindsay MiethRony, Daniel's answer is right on the money.  There are many solutions for each… more »
Daniel Sichel - PeerSpot reviewer
Daniel SichelLog Management is just that, it looks at logs from devices and attempts to make… more »
David Rivas Huete - PeerSpot reviewer
David Rivas HueteIn short, Log Management refers to the collection, storage, and organizing of… more »
6 Answers
Rony_Sklar - PeerSpot reviewer
Rony_Sklar
PeerSpot (formerly IT Central Station)

Do you have recommendations for the best SIEM tool to invest in for a large financial services provider? What particular features of your recommended tool make it the best choice?

Abhishek RVRK Sharma - PeerSpot reviewer
Abhishek RVRK SharmaHello, First off, look for a SIEM that offers customized content for financial… more »
Daniel Sichel - PeerSpot reviewer
Daniel SichelI would take a long hard look at IBM QRadar. The user behavior analytics will… more »
2 Answers
Dan Feraru - PeerSpot reviewer
Dan Feraru
Owner at Infodava

Hi community,

I'm the owner of a tech services company. 

I'm looking for help with a template for a SIEM PoC (high-level, generic document). Can anyone help? 

Thank you, 

Dan

Abhishek RVRK Sharma - PeerSpot reviewer
Abhishek RVRK SharmaHello Dan,  Most SIEM vendors have a PoC script that they will run you… more »
2 Answers
Rony_Sklar - PeerSpot reviewer
Rony_Sklar
PeerSpot (formerly IT Central Station)
Hello community,  What are the differences between how NDR and SIEM work?  What are the pros and cons of each? Is it necessary to have both types of tools?
Read More »
DK Shrivastava - PeerSpot reviewer
DK ShrivastavaNDR is just analysis of network behaviour and forms a part of SIEM strategy. it… more »
Jairo Willian Pereira - PeerSpot reviewer
Jairo Willian PereiraSIEM aggregates data from multiple systems (like an EDR solution, IDS/IPs etc.)… more »
Lindsay Mieth - PeerSpot reviewer
Lindsay MiethYour SIEM should receive and process traffic generated by your NDR as well as… more »
7 Answers
Sanguan Treejareonwiwat - PeerSpot reviewer
Sanguan Treejareonwiwat
President at Chunbok Company Limited

Can anyone advise on which SIEM will work best with Palo Alto Cortex XDR?

Thanks!

Jairo Willian Pereira - PeerSpot reviewer
Jairo Willian PereiraI think most of them understand "de-facto standards" very well (including Palo… more »
Michael Dean - PeerSpot reviewer
Michael DeanI would advise not using LogRhythm. They do not have a log parser for the… more »
reviewer1406157 - PeerSpot reviewer
reviewer1406157 Palo Alto Networks and IBM have partnered to deliver logging extensions for… more »
6 Answers
Rony_Sklar - PeerSpot reviewer
Rony_Sklar
PeerSpot (formerly IT Central Station)

What features should companies look out for when selecting an event monitoring tool?

Mathieu TESSON - PeerSpot reviewer
Mathieu TESSONAgentless or not? what kind of notifications (mail, SNMP, script...) ? existing… more »
reviewer1275930 - PeerSpot reviewer
reviewer1275930What are the monitoring software capabilities for discovery?  Is it agentless… more »
2 Answers
Malola Varadhan - PeerSpot reviewer
Malola Varadhan
User at First Abu Dhabi Bank P.j.s.c

I work at mid-sized enterprise bank. I am researching SIEM solutions. Which is the best tool for security information and event management: Arcsight or Securonix?

Abhishek RVRK Sharma - PeerSpot reviewer
Abhishek RVRK SharmaThat is kind of like asking - I want a car, what would you recommend? your… more »
Consulta85d2 - PeerSpot reviewer
Consulta85d2Neither, or both.  Having done literally thousands of SIEM deployments, I can… more »
Himanshu Shah - PeerSpot reviewer
Himanshu ShahArcsight is a legacy SIEM a Ro-bust log management tool however works on EPS (… more »
11 Answers
Rony_Sklar - PeerSpot reviewer
Rony_Sklar
PeerSpot (formerly IT Central Station)
SIEM and SOAR have a lot of components in common. How do they differ in the role they play in Cyber Security? If you've been working in cybersecurity, you've likely come across SOAR and SIEM technologies. There are differences between their capabilities, although they have a fair amount of commo...
Read More »
Ashraf Abbas - PeerSpot reviewer
Ashraf AbbasSIEM involves in collection, correlation and aggregation of security logs and… more »
Hasan Zuberi ( HZ ) - PeerSpot reviewer
Hasan Zuberi ( HZ )It's not easy to understand the key differences when looking at SOAR vs. SIEM… more »
Denis L - PeerSpot reviewer
Denis LTLDR: SIEM: Security information management: Long-term storage as well as… more »
8 Answers
Rony_Sklar - PeerSpot reviewer
Rony_Sklar
PeerSpot (formerly IT Central Station)

Are event correlation and aggregation both needed for effective event monitoring and SIEM? 

David Collier - PeerSpot reviewer
David CollierBoth are techniques aimed at reducing the number of active alerts an operator… more »
Ertugrul Akbas - PeerSpot reviewer
Ertugrul AkbasThey are not same. For evet monitoring (log management) aggregation is enough… more »
Willa Ou - PeerSpot reviewer
Willa OuYes, both of them are needed. Since their concepts have been well discussed… more »
18 Answers
Rony_Sklar - PeerSpot reviewer
Rony_Sklar
PeerSpot (formerly IT Central Station)
Is AWS Cloudwatch enough on its own, or is it a good idea to use a SIEM platform in conjunction with it?
Read More »
Consulta85d2 - PeerSpot reviewer
Consulta85d2CloudWatch is great, but it's not enough on its own. CloudWatch provides some… more »
2 Answers
Dr. Thulaganyo Rabogadi - PeerSpot reviewer
Dr. Thulaganyo Rabogadi
Director, Technical at a government with 201-500 employees

I am the technical director of a science and technology division for the government. 

Which SIEM solution would deliver the best ability to identify, protect, detect, respond and recover from a cyber attack?

Thanks! I appreciate your help. 

Gabriel Crespo - PeerSpot reviewer
Gabriel CrespoI think you are missing the point here. Many SIEM solutions will give you… more »
Gregg Woodcock - PeerSpot reviewer
Gregg WoodcockI am admittedly biased but there are very good reasons that Splunk is the leader… more »
AdrianMache - PeerSpot reviewer
AdrianMacheDepending on your goals in designing and implementing this resource, whatever… more »
21 Answers
Miriam Tover - PeerSpot reviewer
Miriam Tover
Senior Delivery Ops Manager
PeerSpot (formerly IT Central Station)
Hi dear community members,  There's a lot of SIEM solutions. SIEMs are not something you just install and wait for great things to happen, right? What questions should someone ask before purchasing a SIEM? Help your peers ask the right questions so that they'll make the best decision. Thanks
Read More »
it_user1057374 - PeerSpot reviewer
it_user1057374Some areas and questions for evaluating a SIEM solution. These are some common… more »
Rainier Varilla - PeerSpot reviewer
Rainier VarillaDiscovery questions you should ask any SIEM vendor: -Would you like more… more »
Simo Sim - PeerSpot reviewer
Simo SimThat is correct, you don't just install it and that is it. There is quite some… more »
15 Answers
Miriam Tover - PeerSpot reviewer
Miriam Tover
Senior Delivery Ops Manager
PeerSpot (formerly IT Central Station)
SIEM is one of the fastest trending topics on IT Central Station. Why do companies need to purchase SIEM? Is it due to compliance reporting, system monitoring, intrusion detection, or something else? Why is it so important? Thanks for helping your peers cut through vendor hype and make the r...
Read More »
Sofiane Medhkour - PeerSpot reviewer
Sofiane MedhkourSIEM provides real-time analysis of security alerts generated by applications… more »
reviewer916710 - PeerSpot reviewer
reviewer916710SIEM is needed for compliance reporting, system monitoring, intrusion detection… more »
Jacob Hinkle - PeerSpot reviewer
Jacob HinkleA SIEM is a tool which sorts logs and alerts on security-related events… more »
17 Answers
it_user840669 - PeerSpot reviewer
Computer & Network Systems Administrator at a aerospace/defense firm with 1,001-5,000 employees
My organization has one last piece to the puzzle in our completion for NIST 800-171 compliance. I know nothing about Network Security and Event Management. I have a team of two Systems and Network Admins that already spend a lot of time ensuring the organization is running smooth, dealing with an...
Read More »
it_user587232 - PeerSpot reviewer
it_user587232There are many good SIEM products on the market today. Our company evaluated… more »
Farhan Tariq - PeerSpot reviewer
Farhan TariqChris, you need to understand three areas where you will be required to work to… more »
Andre B. - PeerSpot reviewer
Andre B.The best paid-for system is Splunk. However it will get very expensive for… more »
39 Answers
it_user718647 - PeerSpot reviewer
User with 10,001+ employees

I do not have a business email address. How can I download PDFs?

it_user710541 - PeerSpot reviewer
Student

Is there any comparison criteria on Tableau depicting SIEM vendors weaknesses and strengths?

it_user708033 - PeerSpot reviewer
Senior Consultant-Information Security at a tech services company with 51-200 employees

I would like to know the evaluation parameters and reviews for SIEM-Alien Vault and LogRhythm to implement in a banking environment in Gulf region.

Shaikh Jamal Uddin - PeerSpot reviewer
Shaikh Jamal UddinIBM QRadar is the best option because they are using UBA for the quick detection… more »
14 Answers
it_user669684 - PeerSpot reviewer
Security Analyst at a tech vendor with 51-200 employees
We're looking for real-life experience on behalf of a client in integrating QRadar data into Splunk ES, or Splunk/Splunk ES into QRadar or both into a 3rd option for PA/SA. This client has one of the largest and most complex networks among the federal agencies, currently is using both products in...
Read More »
it_user647754 - PeerSpot reviewer
User at a consultancy with 5,001-10,000 employees

I am looking for features comparison between AlienVault, SolarWinds LEM, HPE Arcsight, and any other similar enterprise grade products. Can you share a feature comparison document?

it_user579435 - PeerSpot reviewer
FO Engineer at a comms service provider with 501-1,000 employees
Hi everyone,I would like to export Nessus Scanner reports into ArcSight ESM Console but I do not have any idea how to do this.  Can anyone help me, please? Sam
Read More »
it_user302034 - PeerSpot reviewer
Senior Information Assurance Specialist at a tech services company with 51-200 employees

I would like to understand the basic difference between Nessus and Arcsight. Thanks.

it_user178008 - PeerSpot reviewer
Developer at a tech vendor with 1,001-5,000 employees

I'm comparing RSA Envision to some of its competitor SIEM products. Can you help me with a comparison matrix?

Thanks. 

Santhakumar

Ariel Lindenfeld - PeerSpot reviewer
Ariel Lindenfeld
Sr. Director of Community
PeerSpot
One of our community members wrote that what's important is  "compatibility with diverse sources, including the ability to adapt to unknown ones, performance, and the ability to do multi-level correlation." What do you think? See other excellent answers below. Let the community know what you t...
Read More »
Michael SCHLEICH - PeerSpot reviewer
Michael SCHLEICHBased on my experience with SIEM, 7 years I worked with ArcSight on a daily… more »
it_user331212 - PeerSpot reviewer
it_user331212Real-time threat analysing and reporting capabilities
it_user324942 - PeerSpot reviewer
it_user324942Ability to quickly extract information when required (forensic). The ease at… more »
36 Answers
it_user153546 - PeerSpot reviewer
User with 5,001-10,000 employees
Looking at SolarWinds LEM as a SIEM tool. Several of my managers are questioning the scalability for a global deployment. I am having difficulty providing adequate information as to its distributed architecture and the ability to access the raw (and/or) normalized data directly so that I can ex...
Read More »
Byron Anderson - PeerSpot reviewer
Byron AndersonIf you are looking at scaling LEM for a global deployment it's really going to… more »
2 Answers
Avigail Sugarman - PeerSpot reviewer
Avigail Sugarman
Community Manager at PeerSpot (formerly IT Central Station)

Can you name a few based on the Solutions you have used?

Gabor Mayer - PeerSpot reviewer
Gabor Mayer- Organisation of the company - Leadership commitment - Enough money to get… more »
8 Answers
Avigail Sugarman - PeerSpot reviewer
Avigail Sugarman
Community Manager at PeerSpot (formerly IT Central Station)
The Wall Street Journal this week reported on new additions to the Splunk App to enable easier, faster threat detection and containment by empowering users to assign risk scores to any data. The app also includes new features to help users connect and visualize data on the fly and introduces guid...
Read More »
Avigail Sugarman - PeerSpot reviewer
Avigail Sugarman
Community Manager at PeerSpot (formerly IT Central Station)

What are your experiences with these vendors/solutions? Pros and Cons?

it_user235365 - PeerSpot reviewer
it_user235365Hello , As someone who worked with Splunk, Arcsight and Qradar. I am sorry but… more »
6 Answers
it_user108681 - PeerSpot reviewer
Security Solution Architect with 501-1,000 employees
Has anyone got experience in deployment of a SIEM solution using either McAfee Nitro or IBM Qradar or AlienVault USM? I am looking to understand the pitfalls associated. I find that the vendor documentation is often short on specifics in relation to the overall components needed and am concerned ...
Read More »
it_user214419 - PeerSpot reviewer
it_user214419Hello. If you need any assistance through sizing and deployment of IBM QRadar… more »
A.J. DiLorenzo - PeerSpot reviewer
A.J. DiLorenzoI've implemented AccelOps SIEM which also does Server/Network Performance and… more »
it_user280122 - PeerSpot reviewer
it_user280122The basic things like adding log sources is hopefully not a problem but i think… more »
9 Answers