Coming October 25: PeerSpot Awards will be announced! Learn more

Splunk Questions

Shibu Babuchandran - PeerSpot reviewer
Shibu Babuchandran
Regional Manager/ Service Delivery Manager at ASPL INFO Services

Hi dear professionals,

How would you compare Securonix and Splunk as a SIEM enterprise solution? 

Manoj Gautam - PeerSpot reviewer
Manoj GautamI believe when we built a solution for any customer SOC environment, we need to… more »
1 Answer
Netanya Carmi - PeerSpot reviewer
Netanya Carmi
Content Manager
PeerSpot (formerly IT Central Station)

Which is better and why?

Shibu Babuchandran - PeerSpot reviewer
Shibu BabuchandranHi @Netanya Carmi​, Below are some comparisons on features and Integrations.… more »
2 Answers
Netanya Carmi - PeerSpot reviewer
Netanya Carmi
Content Manager
PeerSpot (formerly IT Central Station)

Why?

David Swift - PeerSpot reviewer
David SwiftIt would really depend on (1) which logs you need to ingest and (2) what are… more »
1 Answer
Navin Rehnius - PeerSpot reviewer
Navin Rehnius
Security Engineer at a tech services company with 201-500 employees

Hi community members,

I'm a security engineer at a Tech Services company and I'm currently exploring SOC solutions, such as Rapid7 InsightIDR, Splunk, IBM QRadar and ArcSight Analytics.

Based on your experience, which SOC tool/solution would you recommend and why?

Kumar Mahadevan - PeerSpot reviewer
Kumar MahadevanI haven't used these big-name ones like Splunk etc. but I feel they're… more »
Jack Callaghan - PeerSpot reviewer
Jack CallaghanFor tools I’d recommend:  -SIEM- LogRhythm -SOAR- Palo Alto XSOAR Doing… more »
Jairo Willian Pereira - PeerSpot reviewer
Jairo Willian PereiraApache Metron, ELK, OSSIM, Splunk and Qradar (in cost/benefit order for… more »
12 Answers
Vivek Vijayan - PeerSpot reviewer
Vivek Vijayan
DevOps Engineer at a tech company with 10,001+ employees
Hi Experts, I'm a DevOps Engineer for a Tech Services company with 10,000+ employees. I'm comparing ELK and Splunk. We're looking to use one solution to process logs for our IBM CLM application and for application server log analysis. Which of these two solutions would you recommend and why? A...
Read More »
reviewer1182204 - PeerSpot reviewer
reviewer1182204Generally Elastic is very strong in datasearch, and Splunk has a strong security… more »
Dirk Becker - PeerSpot reviewer
Dirk BeckerFirst of all, we need to understand what those two softwares are; Splunk is a… more »
Norman Freitag - PeerSpot reviewer
Norman FreitagWe use ELK or other freeware stacks in isolated small scenarios. Think of a… more »
4 Answers
Miriam Tover - PeerSpot reviewer
Miriam Tover
Senior Delivery Ops Manager
PeerSpot (formerly IT Central Station)
Hi community,  One of the most popular comparisons on IT Central Station is Dynatrace vs Splunk. People like you are trying to decide which one is best for their company. Can you help them out? What is the biggest difference between Dynatrace and Splunk? Which of these two solutions would you ...
Read More »
Bernd Harzog - PeerSpot reviewer
Bernd HarzogThe two things are entirely different. Splunk is primarily a log collection,… more »
informat792312 - PeerSpot reviewer
informat792312Splunk and Dynatrace are two different solutions. Most organizations use both of… more »
Stacy Ness - PeerSpot reviewer
Stacy NessIt really depends on the use case. Dynatrace can actually enrich the data… more »
7 Answers
Nurit Sherman - PeerSpot reviewer
Nurit Sherman
Content Specialist
PeerSpot (formerly IT Central Station)
One of the most popular comparisons on IT Central Station is SolarWinds LEM vs Splunk. One user says about SolarWinds LEM, "It allows us to monitor access and pull cyber reports quickly. No more searching through logs on each server. There was not much customization, which we had to do with Splu...
Read More »
Johney Shade - PeerSpot reviewer
Johney ShadeComparing SolarWinds to Splunk is unwise. One responds to active monitoring… more »
Chingiz Abdukarimov - PeerSpot reviewer
Chingiz AbdukarimovI would prefer SolarWinds LEM for environments with high log volumes (e.g… more »
MS Alam - PeerSpot reviewer
MS AlamSolarWinds is good for network monitoring but analyzing for critical logs splunk… more »
18 Answers
Nurit Sherman - PeerSpot reviewer
Nurit Sherman
Content Specialist
PeerSpot (formerly IT Central Station)
One of the most popular comparisons on PeerSpot (formerly IT Central Station) is IBM QRadar vs Splunk. People like you are trying to decide which one is best for their company. Can you help them out? Which of these two solutions would you recommend for Log Management? Why? Thanks for helping...
Read More »
it_user478128 - PeerSpot reviewer
it_user478128As all consultants say...it depends. The elements I would factor in are: 1)… more »
it_user716313 - PeerSpot reviewer
it_user716313It depends on the intended purpose of the tool and the type of people… more »
Eduardo Perez - PeerSpot reviewer
Eduardo PerezI had been looking at the Security Analytics Platforms from the top right… more »
45 Answers
Miriam Tover - PeerSpot reviewer
Miriam Tover
Senior Delivery Ops Manager
PeerSpot (formerly IT Central Station)

Hi Everyone,

What do you like most about Splunk?

Thanks for sharing your thoughts with the community!

Julia Frohwein - PeerSpot reviewer
Julia Frohwein
Content and Social Media Manager
PeerSpot (formerly IT Central Station)

Hi Everyone,

What advice do you have for others considering Splunk?

Thanks for sharing your thoughts with the community!

Engineercb47 - PeerSpot reviewer
Engineercb47Make sure it fits your use case. Be clear about what you want to achieve, get… more »
Tomi Juslin - PeerSpot reviewer
Tomi JuslinSplunk's website is quite useful. You can find a lot of information on it. I… more »
Gavan McLaughlin - PeerSpot reviewer
Gavan McLaughlinIt works well when searching logs. If you looked to try to do things beyond… more »
79 Answers
Julia Frohwein - PeerSpot reviewer
Julia Frohwein
Content and Social Media Manager
PeerSpot (formerly IT Central Station)

Hi Everyone,

What is your primary use case for Splunk?

Thanks for sharing your thoughts with the community!

Gregg Woodcock - PeerSpot reviewer
Gregg Woodcock#1 is InfoSec #2 is BI #3 is IoT
Jairo Willian Pereira - PeerSpot reviewer
Jairo Willian PereiraBusiness indicators (KPIs) for specific (and limited) purpose together IT area… more »
98 Answers
Miriam Tover - PeerSpot reviewer
Miriam Tover
Senior Delivery Ops Manager
PeerSpot (formerly IT Central Station)

Hi Everyone,

What needs improvement with Splunk?

Thanks for sharing your thoughts with the community!

Shaveta Datta - PeerSpot reviewer
Shaveta DattaI would like to see them develop integration with the help of a rack rest API… more »
it_user762567 - PeerSpot reviewer
it_user762567The tool itself is very difficult to configure. It's great for its number of… more »
Mui Tran - PeerSpot reviewer
Mui TranIf possible, we would like to have not only a log monitoring system but a… more »
102 Answers
Julia Frohwein - PeerSpot reviewer
Julia Frohwein
Content and Social Media Manager
PeerSpot (formerly IT Central Station)
Jun 02 2022

Hi Everyone,

What is your experience regarding pricing and costs for Splunk?

Thanks for sharing your thoughts with the community!

Jairo Willian Pereira - PeerSpot reviewer
Jairo Willian PereiraCost versus volume in the medium/long term are heavy. It is a great tool but you… more »
55 Answers
it_user438393 - PeerSpot reviewer
IT Manager at a healthcare company with 1,001-5,000 employees
Folks,   What are your experiences in using Splunk as an Enterprise Class monitoring solution in either the infrastructure or application performance monitoring spaces?  How might it compare to a matured (or even not matured) instance of CA's suite inclusive of APM/Wily, CEM, ADA, and UIM?   Lo...
Read More »
it_user536142 - PeerSpot reviewer
it_user536142Hi, Well I will summarize my answer in the simplest possible way. It all… more »
it_user708444 - PeerSpot reviewer
it_user708444Totally agree. Splunk is mainly an IT Ops Analytics solution (log manaegment… more »
10 Answers
it_user544149 - PeerSpot reviewer
User at a tech services company with 10,001+ employees
From a few reviews I saw that Elastic Stack, which is an open source stack solution is gaining popularity.  Splunk has been in the market for quite some time but is commercial product.  Is it possible to replace Splunk with Elastic Stack?  If so, what are all the benefits we may ...
Read More »
it_user326337 - PeerSpot reviewer
Customer Success Manager at PeerSpot
Recently, our user activity has shown that Splunk is the most commonly searched solution on our site.  3,643 of our community members follow Splunk, and it's listed in five of our product categories: Log Management, Data Visualization, IT Operations Analytics, and Security Information and Event ...
Read More »
Randall Hinds - PeerSpot reviewer
Randall HindsI agree with Aaron & Tom on their points. Along their use cases, I have been… more »
it_user113184 - PeerSpot reviewer
it_user113184Good log management solution you can use if you know what you ae looking for… more »
it_user380727 - PeerSpot reviewer
it_user380727The flexibility that it offers, One of the most powerful features of Splunk is… more »
8 Answers
Avigail Sugarman - PeerSpot reviewer
Avigail Sugarman
Community Manager at PeerSpot (formerly IT Central Station)
The Wall Street Journal this week reported on new additions to the Splunk App to enable easier, faster threat detection and containment by empowering users to assign risk scores to any data. The app also includes new features to help users connect and visualize data on the fly and introduces guid...
Read More »
Avigail Sugarman - PeerSpot reviewer
Avigail Sugarman
Community Manager at PeerSpot (formerly IT Central Station)

What are your experiences with these vendors/solutions? Pros and Cons?

it_user235365 - PeerSpot reviewer
it_user235365Hello , As someone who worked with Splunk, Arcsight and Qradar. I am sorry but… more »
6 Answers
Security Information and Event Management (SIEM) Questions
Shibu Babuchandran - PeerSpot reviewer
Shibu Babuchandran
Regional Manager/ Service Delivery Manager at ASPL INFO Services
Sep 11 2022
Hi community,  I am a Service Delivery Manager at a medium-sized tech services company. I am researching PSIM (Physical Security Information Management). What are the main use cases and benefits of products that fall under this category? Thank you for your help.
Read More »
Evgeny Belenky - PeerSpot reviewer
Evgeny Belenky
PeerSpot (formerly IT Central Station)
Aug 05 2022
Hi dear professionals, Can you share with the community 2-3 top pain points you've been experiencing during the Security Information and Event Management (SIEM) solution purchase? How have you been able to overcome them, if at all? Thanks for sharing your knowledge with other peers.
Read More »
Johannes Kresse - PeerSpot reviewer
Johannes Kresse1. License models are not communicated transparently which makes planning… more »
Jairo Willian Pereira - PeerSpot reviewer
Jairo Willian PereiraVolume versus costs. Using an intermediate (free) tool to store, transform data… more »
2 Answers
Gloria Burt - PeerSpot reviewer
Gloria Burt
PresidentPresident at TSG Networks
Aug 01 2022

Hi community,

The GDPR compliance is demanding that we use automated event log monitoring on our 8-9 servers. 

Which tool would you recommend using for this  Windows environment? Why?

Thanks in advance for your help!

Doug-Smith - PeerSpot reviewer
Doug-SmithThat would also depend on how much the budget will support and how granular you… more »
6 Answers
Bertrand - PeerSpot reviewer
Bertrand
User
Hi everyone,  I am looking for SIEM use cases and triggers. On this thread https://www.peerspot.com/questions/what-are-the-top-use-cases-to-implement-after-deploying-a-siem, @David Swift said he has written SANS papers. I have looked for them (in white papers and gold papers) and cannot find th...
Read More »
David Swift - PeerSpot reviewer
David SwiftYou may also want to consider the MITRE ATT&CK framework… more »
David Swift - PeerSpot reviewer
David SwiftBest Practice Papers Additional detail is available in several public papers… more »
5 Answers
reviewer1285209 - PeerSpot reviewer
Tech Lead at a tech services company with 1,001-5,000 employees
May 05 2022
Hi all,I'm a Tech Lead at a Tech Services company with 1K+ employees.  I've been looking at the following SIEM products: Elastic Enterprise Search, IBM QRadar, LogRhythm NextGen SIEM, McAfee ESM, Splunk, Splunk Cloud and Elastic Security. Which SIEM would you recommend for an enterprise as the ...
Read More »
David Swift - PeerSpot reviewer
David SwiftIt's best to start your search based on the use cases/problems you need to… more »
DEvi Katakam - PeerSpot reviewer
DEvi KatakamLook at aiSIEM as well.  It’s very cost-effective and includes the following… more »
PrasanthPrasad - PeerSpot reviewer
PrasanthPrasadHI,  I would go with Elastic Enterprise Search. There are a few reasons why.… more »
3 Answers
Evgeny Belenky - PeerSpot reviewer
Evgeny Belenky
PeerSpot (formerly IT Central Station)
Hi infosec professionals, What are the main architectural differences between those two technologies? What are the relations between the two of them? Are they complementary? What does an XDR solution provide that SIEM doesn't and vice versa? Thanks for sharing your knowledge with the community!
Read More »
David Swift - PeerSpot reviewer
David SwiftSIEM focuses on correlation - detection, both known (and with UEBA), unknown/0… more »
Shibu Babuchandran - PeerSpot reviewer
Shibu BabuchandranHope the below will be helpful Key differences between… more »
Kevin Mabry - PeerSpot reviewer
Kevin MabryA SIEM is basically a solution/product that collects all security and syslog… more »
6 Answers
Shibu Babuchandran - PeerSpot reviewer
Shibu Babuchandran
Regional Manager/ Service Delivery Manager at ASPL INFO Services
May 19 2022

Hi community,

What are your top 5 (or less) cyber security trends in 2022?

Thanks in advance!

Pablo Cousino - PeerSpot reviewer
Pablo Cousino1) Security in endpoints (especially because of remote work), especially to… more »
Bret Mantey - PeerSpot reviewer
Bret Mantey Look to the most recent Presidential order regarding security: Executive… more »
Jairo Willian Pereira - PeerSpot reviewer
Jairo Willian Pereira1. [True!] Cloud Security hardening/assessment.  2. AI (for massive data… more »
10 Answers
Shibu Babuchandran - PeerSpot reviewer
Shibu Babuchandran
Regional Manager/ Service Delivery Manager at ASPL INFO Services

Hi community, 

In your opinion, which is the best SaaS-based SIEM tool and why?

Thanks

Aji Joseph - PeerSpot reviewer
Aji JosephThe selection of a SIEM solution depends on a lot of parameters like the size of… more »
Avraham Sonenthal - PeerSpot reviewer
Avraham SonenthalWell I have been looking at Webinars and whitepapers and such for Palo Alto… more »
Jairo Willian Pereira - PeerSpot reviewer
Jairo Willian PereiraELK.  Why? Price, easiness, vendor-neutral and customization.
4 Answers
Evgeny Belenky - PeerSpot reviewer
Evgeny Belenky
PeerSpot (formerly IT Central Station)

Hi SOC analysts and other infosec professionals,

Which standard/custom method do you use to decide about the alert severity in your SOC? 

Is it possible to avoid being too subjective? How do you fight the "alert fatigue"?

Robert Cheruiyot - PeerSpot reviewer
Robert CheruiyotHi @Evgeny Belenky, I think as long as you do this thing manually, you will… more »
Luis Apodaca - PeerSpot reviewer
Luis ApodacaI think first of all you need to establish what resources you want to handle in… more »
reviewer1331706 - PeerSpot reviewer
reviewer1331706It depends on the information in your current alerts. E.g if the alert has the… more »
6 Answers
Giusel - PeerSpot reviewer
Giusel
IT Engineer at UTMStack
Hi, community! Usually, when professionals administer the network, they use an Active Directory tool and a cybersecurity solution (e.g., EPP, anti-virus, or SIEM) separately. Are you aware of SIEM platforms that integrate these tools?
Read More »
Avraham Sonenthal - PeerSpot reviewer
Avraham SonenthalI agree with the users who mentioned Splunk. Splunk is a log message management… more »
Norman Freitag - PeerSpot reviewer
Norman FreitagHi @Giusel, I agree with Shibu Splunk it's probably the best fit (or single… more »
Robert Cheruiyot - PeerSpot reviewer
Robert CheruiyotHi @Giusel, With the rise in insider threats, the idea of UEBA is becoming a… more »
6 Answers
Evgeny Belenky - PeerSpot reviewer
Evgeny Belenky
PeerSpot (formerly IT Central Station)

Hi infosec professionals,

Which deployment model should an enterprise organization choose and in which case?

Thank you!

reviewer1331706 - PeerSpot reviewer
reviewer1331706There are many variations for a Security Operations Centre. depending on the… more »
Jairo Willian Pereira - PeerSpot reviewer
Jairo Willian PereiraI´m not sure about the answer, but I'll try... Insourcing or outsourcing,… more »
Shibu Babuchandran - PeerSpot reviewer
Shibu BabuchandranWe can have multiple SOC models depending on the requirement and budget… more »
3 Answers
Evgeny Belenky - PeerSpot reviewer
Evgeny Belenky
PeerSpot (formerly IT Central Station)
Sep 15 2022

Hi,

When would you suggest using an internal SOC and when SOC-as-a-Service? What are the pros and cons of each?

Shibu Babuchandran - PeerSpot reviewer
Shibu BabuchandranHello, Below there are views on the pros and cons of Internal SOC and… more »
Manuel Gellida - PeerSpot reviewer
Manuel GellidaEvgeny I think, SOC on-premise means a huge investment (=monthly payment)… more »
Ljubomir Djuric - PeerSpot reviewer
Ljubomir DjuricThis is a truly good and difficult question.  If we could have MSSP that is… more »
13 Answers
Giusel - PeerSpot reviewer
Giusel
IT Engineer at UTMStack

Hi community,

I'm working on a document about the Security Operation Center best practices, and I would like to get your inputs about it.

Thanks

Robert Cheruiyot - PeerSpot reviewer
Robert CheruiyotHi Giusel, From my little experience, it's always good to have a good working… more »
Shibu Babuchandran - PeerSpot reviewer
Shibu BabuchandranHi @Giusel ​, Some of the best practices that I feel is as below. 1. The SOC… more »
Steffen Hornung - PeerSpot reviewer
Steffen HornungSadly, I cant contribute due to lack of experience in that field. But I would… more »
4 Answers
Bravo Zilenn - PeerSpot reviewer
Bravo Zilenn
User at Insight Alpha

Hi,

Have you tried Google Chronicle? What's your opinion about it?

Thanks,

Chiheb Chebbi - PeerSpot reviewer
Chiheb Chebbi
Defender with 501-1,000 employees

Hi community, 

What are your methods to automate Azure Sentinel content deployment? 

Are you adopting a Detection-As-Code approach? What main challenges have you faced? 

Thank you in advance!

Shibu Babuchandran - PeerSpot reviewer
Shibu BabuchandranHi @Chiheb Chebbi ​, Please find some of the automate deployment for Azure… more »
2 Answers
Ertugrul Akbas - PeerSpot reviewer
Ertugrul Akbas
Manager at ANET
Hot data is necessary for live security monitoring.  Archive data (cold data) is not available fastly. It takes days to make archive data live if the archive data time frame is more than 30 days (in most of the SIEM solutions).  As an example, SolarWinds said the attackers first compromised its...
Read More »
reviewer1469436 - PeerSpot reviewer
reviewer1469436We changed our model to be able to cover such critical long-term cases.  We… more »
1 Answer
Chiheb Chebbi - PeerSpot reviewer
Chiheb Chebbi
Defender with 501-1,000 employees

Hi community, 

What is the best way to deploy agents/sensors (such as a SIEM agent) in large-scale Windows environments? 

Any hands-on tips or recommendations?

Thank you. 

David Swift - PeerSpot reviewer
David SwiftMost SIEMs shouldn't require agents. You can generally configure Windows Event… more »
Jairo Willian Pereira - PeerSpot reviewer
Jairo Willian PereiraSome products permit generating a native .MSI package. Sometimes, you can use… more »
2 Answers
Chiheb Chebbi - PeerSpot reviewer
Chiheb Chebbi
Defender with 501-1,000 employees

Hi community, 

When one writes detection rules for SIEM solutions, what are the criteria of a good detection rule? 

Can you share any examples?

Thanks.

Shibu Babuchandran - PeerSpot reviewer
Shibu Babuchandran@Chiheb Chebbi, I hope the below test cases are helpful. Test 1 - Recon:… more »
3 Answers
Chiheb Chebbi - PeerSpot reviewer
Chiheb Chebbi
Defender with 501-1,000 employees
Sep 15 2022

Hi community,

Once a SIEM is deployed successfully, what are the top use cases you'd recommend to implement for the Microsoft environment? 

Thank you in advance!

Shibu Babuchandran - PeerSpot reviewer
Shibu BabuchandranSome of the use cases that are important and a good start would be: -… more »
Shibu Babuchandran - PeerSpot reviewer
Shibu BabuchandranSome of the Top use cases for SIEM:  1. Authentication activities Security… more »
David Swift - PeerSpot reviewer
David SwiftThere are 26 base use cases every SIEM should run that find Indicators of… more »
8 Answers
Felicia Jonelle - PeerSpot reviewer
Felicia Jonelle
User

Hi community,

Which SIEM for small/medium-sized companies do you consider the most economical?

Splunk, Security Onion, UTMStack, other? What do you like about it vs other ones?

Shibu Babuchandran - PeerSpot reviewer
Shibu BabuchandranPersonally, the way I have analyzed is depending on the requirement of the… more »
Jairo Willian Pereira - PeerSpot reviewer
Jairo Willian PereiraELK, graylog, OSSIM and Apache Metron (or another Hadoop-like open… more »
3 Answers
Navin Rehnius - PeerSpot reviewer
Navin Rehnius
Security Engineer at a tech services company with 201-500 employees

Hello,

Is Rapid7 InsightIDR an efficient solution (to be used in SOC as an analysis tool) in comparison with other SIEM products, such as IBM QRadar, Splunk, and LogRhythm NextGen SIEM?

John Rendy - PeerSpot reviewer
John RendyNo, Navin,  The use of SIEM products will focus a lot broader on managing all… more »
John Stanford - PeerSpot reviewer
John StanfordYes, Rapid7 is a great tool for a SOC to use for analysis of Security Events, as… more »
3 Answers
Evgeny Belenky - PeerSpot reviewer
Evgeny Belenky
PeerSpot (formerly IT Central Station)

Hi community members,

Let's discuss what are the main differences between UEBA (User and Entity Behavior Analytics) and SIEM (Security Information and Event Management) solutions.

David Swift - PeerSpot reviewer
David SwiftSIEM vs UEBA 1. SIEM is designed to store events for extended periods… more »
Tjeerd Saijoen - PeerSpot reviewer
Tjeerd SaijoenMany SIEM solutions like QRadar are using UEBA in a SIEM solution. User and… more »
Navin Rehnius - PeerSpot reviewer
Navin RehniusSIEM is the platform where we can see all of the security events. Here we can… more »
4 Answers
Evgeny Belenky - PeerSpot reviewer
Evgeny Belenky
PeerSpot (formerly IT Central Station)
Aug 23 2022
Hi community members, We would like to hear your insights on the latest trends in SOC. What are you seeing in the field or forecasting?  Please share your opinions on how these trends are going to influence the future of the relevant tools and solutions used in SOC. Thanks!
Read More »
John Rendy - PeerSpot reviewer
John RendyEvgeny,  My personal experience tells me that SOC will be driven by… more »
Johannes Kresse - PeerSpot reviewer
Johannes Kresse- Decentralization: SOC Analysts do not sit in one room, not even work for one… more »
4 Answers
William Milton - PeerSpot reviewer
William Milton
User at VAE-MARMARA8

Hi peers,

I'm looking for a technical comparison between Splunk Phantom SOAR and FireEye SOAR solutions.

Can anyone help with the insights?

reviewer1532622 - PeerSpot reviewer
Electronics Engineering Lab Technician(R&D) at a engineering company with 11-50 employees
I have slowly switched our entire network over to Fortinet products over the past few years and been pleased with the products overall.  I would like to utilize FortiSIEM for more robust monitoring and response, but the cost is extremely prohibitive for my company (<25 employees). Suggestions?
Read More »
Rony_Sklar - PeerSpot reviewer
Rony_Sklar
PeerSpot (formerly IT Central Station)
There are many cybersecurity tools available, but some aren't doing the job that they should be doing.  What are some of the threats that may be associated with using 'fake' cybersecurity tools? What can people do to ensure that they're using a tool that actually does what it says it does?
Read More »
SimonClark - PeerSpot reviewer
SimonClark Dan Doggendorf gave sound advice. Whilst some of the free or cheap… more »
Dan Doggendorf - PeerSpot reviewer
Dan DoggendorfThe biggest threat is risks you think you have managed are not managed at all so… more »
Javier Medina - PeerSpot reviewer
Javier MedinaYou should build a lab, try the tools and analyze the traffic and behavior with… more »
12 Answers
Rony_Sklar - PeerSpot reviewer
Rony_Sklar
PeerSpot (formerly IT Central Station)
How do log management and SIEM differ? Is it necessary to have separate tools for each function or can these functions be rolled into one solution? Which products are best for SIEM, and which are better for log management? Do you have recommendations of products that effectively combine both log...
Read More »
Lindsay Mieth - PeerSpot reviewer
Lindsay MiethRony, Daniel's answer is right on the money.  There are many solutions for each… more »
Daniel Sichel - PeerSpot reviewer
Daniel SichelLog Management is just that, it looks at logs from devices and attempts to make… more »
David Rivas Huete - PeerSpot reviewer
David Rivas HueteIn short, Log Management refers to the collection, storage, and organizing of… more »
6 Answers
Rony_Sklar - PeerSpot reviewer
Rony_Sklar
PeerSpot (formerly IT Central Station)

Do you have recommendations for the best SIEM tool to invest in for a large financial services provider? What particular features of your recommended tool make it the best choice?

Abhishek RVRK Sharma - PeerSpot reviewer
Abhishek RVRK SharmaHello, First off, look for a SIEM that offers customized content for financial… more »
Daniel Sichel - PeerSpot reviewer
Daniel SichelI would take a long hard look at IBM QRadar. The user behavior analytics will… more »
2 Answers
Dan Feraru - PeerSpot reviewer
Dan Feraru
Owner at Infodava

Hi community,

I'm the owner of a tech services company. 

I'm looking for help with a template for a SIEM PoC (high-level, generic document). Can anyone help? 

Thank you, 

Dan

Abhishek RVRK Sharma - PeerSpot reviewer
Abhishek RVRK SharmaHello Dan,  Most SIEM vendors have a PoC script that they will run you… more »
2 Answers
Rony_Sklar - PeerSpot reviewer
Rony_Sklar
PeerSpot (formerly IT Central Station)
Hello community,  What are the differences between how NDR and SIEM work?  What are the pros and cons of each? Is it necessary to have both types of tools?
Read More »
DK Shrivastava - PeerSpot reviewer
DK ShrivastavaNDR is just analysis of network behaviour and forms a part of SIEM strategy. it… more »
Jairo Willian Pereira - PeerSpot reviewer
Jairo Willian PereiraSIEM aggregates data from multiple systems (like an EDR solution, IDS/IPs etc.)… more »
Lindsay Mieth - PeerSpot reviewer
Lindsay MiethYour SIEM should receive and process traffic generated by your NDR as well as… more »
7 Answers
Sanguan Treejareonwiwat - PeerSpot reviewer
Sanguan Treejareonwiwat
President at Chunbok Company Limited

Can anyone advise on which SIEM will work best with Palo Alto Cortex XDR?

Thanks!

Jairo Willian Pereira - PeerSpot reviewer
Jairo Willian PereiraI think most of them understand "de-facto standards" very well (including Palo… more »
Michael Dean - PeerSpot reviewer
Michael DeanI would advise not using LogRhythm. They do not have a log parser for the… more »
reviewer1406157 - PeerSpot reviewer
reviewer1406157 Palo Alto Networks and IBM have partnered to deliver logging extensions for… more »
6 Answers
Menachem D Pritzker - PeerSpot reviewer
Menachem D Pritzker
Director of Growth
PeerSpot (formerly IT Central Station)
Buying a SIEM solution, especially for a large enterprise, is a massive decision. How long does your organization spend on making this decision? How long does it then take to implement? What are your considerations before pulling the trigger on a particular solution? What's your shortlist proc...
Read More »
KevinGraham - PeerSpot reviewer
KevinGrahamHow long does your organization spend on making this decision? How long does it… more »
1 Answer
Rony_Sklar - PeerSpot reviewer
Rony_Sklar
PeerSpot (formerly IT Central Station)

What features should companies look out for when selecting an event monitoring tool?

Mathieu TESSON - PeerSpot reviewer
Mathieu TESSONAgentless or not? what kind of notifications (mail, SNMP, script...) ? existing… more »
reviewer1275930 - PeerSpot reviewer
reviewer1275930What are the monitoring software capabilities for discovery?  Is it agentless… more »
2 Answers
Malola Varadhan - PeerSpot reviewer
Malola Varadhan
User at First Abu Dhabi Bank P.j.s.c

I work at mid-sized enterprise bank. I am researching SIEM solutions. Which is the best tool for security information and event management: Arcsight or Securonix?

Abhishek RVRK Sharma - PeerSpot reviewer
Abhishek RVRK SharmaThat is kind of like asking - I want a car, what would you recommend? your… more »
Consulta85d2 - PeerSpot reviewer
Consulta85d2Neither, or both.  Having done literally thousands of SIEM deployments, I can… more »
Himanshu Shah - PeerSpot reviewer
Himanshu ShahArcsight is a legacy SIEM a Ro-bust log management tool however works on EPS (… more »
11 Answers
Rony_Sklar - PeerSpot reviewer
Rony_Sklar
PeerSpot (formerly IT Central Station)
SIEM and SOAR have a lot of components in common. How do they differ in the role they play in Cyber Security? If you've been working in cybersecurity, you've likely come across SOAR and SIEM technologies. There are differences between their capabilities, although they have a fair amount of commo...
Read More »
Ashraf Abbas - PeerSpot reviewer
Ashraf AbbasSIEM involves in collection, correlation and aggregation of security logs and… more »
Hasan Zuberi ( HZ ) - PeerSpot reviewer
Hasan Zuberi ( HZ )It's not easy to understand the key differences when looking at SOAR vs. SIEM… more »
Denis L - PeerSpot reviewer
Denis LTLDR: SIEM: Security information management: Long-term storage as well as… more »
8 Answers
Rony_Sklar - PeerSpot reviewer
Rony_Sklar
PeerSpot (formerly IT Central Station)

Are event correlation and aggregation both needed for effective event monitoring and SIEM? 

David Collier - PeerSpot reviewer
David CollierBoth are techniques aimed at reducing the number of active alerts an operator… more »
Ertugrul Akbas - PeerSpot reviewer
Ertugrul AkbasThey are not same. For evet monitoring (log management) aggregation is enough… more »
Willa Ou - PeerSpot reviewer
Willa OuYes, both of them are needed. Since their concepts have been well discussed… more »
18 Answers
Rony_Sklar - PeerSpot reviewer
Rony_Sklar
PeerSpot (formerly IT Central Station)
Is AWS Cloudwatch enough on its own, or is it a good idea to use a SIEM platform in conjunction with it?
Read More »
Consulta85d2 - PeerSpot reviewer
Consulta85d2CloudWatch is great, but it's not enough on its own. CloudWatch provides some… more »
2 Answers
Dr. Thulaganyo Rabogadi - PeerSpot reviewer
Dr. Thulaganyo Rabogadi
Director, Technical at a government with 201-500 employees

I am the technical director of a science and technology division for the government. 

Which SIEM solution would deliver the best ability to identify, protect, detect, respond and recover from a cyber attack?

Thanks! I appreciate your help. 

Gabriel Crespo - PeerSpot reviewer
Gabriel CrespoI think you are missing the point here. Many SIEM solutions will give you… more »
Gregg Woodcock - PeerSpot reviewer
Gregg WoodcockI am admittedly biased but there are very good reasons that Splunk is the leader… more »
AdrianMache - PeerSpot reviewer
AdrianMacheDepending on your goals in designing and implementing this resource, whatever… more »
21 Answers
Miriam Tover - PeerSpot reviewer
Miriam Tover
Senior Delivery Ops Manager
PeerSpot (formerly IT Central Station)
Hi dear community members,  There's a lot of SIEM solutions. SIEMs are not something you just install and wait for great things to happen, right? What questions should someone ask before purchasing a SIEM? Help your peers ask the right questions so that they'll make the best decision. Thanks
Read More »
reviewer1057374 - PeerSpot reviewer
reviewer1057374Some areas and questions for evaluating a SIEM solution. These are some common… more »
Rainier Varilla - PeerSpot reviewer
Rainier VarillaDiscovery questions you should ask any SIEM vendor: -Would you like more… more »
Simo Sim - PeerSpot reviewer
Simo SimThat is correct, you don't just install it and that is it. There is quite some… more »
15 Answers
Miriam Tover - PeerSpot reviewer
Miriam Tover
Senior Delivery Ops Manager
PeerSpot (formerly IT Central Station)
SIEM is one of the fastest trending topics on IT Central Station. Why do companies need to purchase SIEM? Is it due to compliance reporting, system monitoring, intrusion detection, or something else? Why is it so important? Thanks for helping your peers cut through vendor hype and make the r...
Read More »
Sofiane Medhkour - PeerSpot reviewer
Sofiane MedhkourSIEM provides real-time analysis of security alerts generated by applications… more »
reviewer916710 - PeerSpot reviewer
reviewer916710SIEM is needed for compliance reporting, system monitoring, intrusion detection… more »
Jacob Hinkle - PeerSpot reviewer
Jacob HinkleA SIEM is a tool which sorts logs and alerts on security-related events… more »
17 Answers
Nurit Sherman - PeerSpot reviewer
Nurit Sherman
Content Specialist
PeerSpot (formerly IT Central Station)
There are so many SIEM solutions out there and so much vendor hype in the market. Conducting an effective trial is really important! A number of community members are currently evaluating solutions. Do you have any advice for them about the best way to conduct a trial or POC?  How do you cond...
Read More »
it_user844146 - PeerSpot reviewer
it_user8441461. Understand your environment: Segments, microsegments etc. Know where… more »
Siddhant Mishra - PeerSpot reviewer
Siddhant MishraHi Rhea, When it comes to evaluating a SIEM solution, there is a bit of… more »
Mohamed OTHMAN - PeerSpot reviewer
Mohamed OTHMANWhen speaking SIEM it should be (probably) one of the last solutions that with… more »
26 Answers
it_user840669 - PeerSpot reviewer
Computer & Network Systems Administrator at a aerospace/defense firm with 1,001-5,000 employees
My organization has one last piece to the puzzle in our completion for NIST 800-171 compliance. I know nothing about Network Security and Event Management. I have a team of two Systems and Network Admins that already spend a lot of time ensuring the organization is running smooth, dealing with an...
Read More »
it_user587232 - PeerSpot reviewer
it_user587232There are many good SIEM products on the market today. Our company evaluated… more »
Farhan Tariq - PeerSpot reviewer
Farhan TariqChris, you need to understand three areas where you will be required to work to… more »
Andre B. - PeerSpot reviewer
Andre B.The best paid-for system is Splunk. However it will get very expensive for… more »
39 Answers
Nurit Sherman - PeerSpot reviewer
Nurit Sherman
Content Specialist
PeerSpot (formerly IT Central Station)
I'm a community manager here at IT Central Station and I'm doing some research to try to make our platform even better. I'd really appreciate it if you could answer a few quick questions. Was your research of SIEM products on our site for a purchase? If not, what was it for? Which product did y...
Read More »
it_user718647 - PeerSpot reviewer
User with 10,001+ employees

I do not have a business email address. How can I download PDFs?

it_user710541 - PeerSpot reviewer
Student

Is there any comparison criteria on Tableau depicting SIEM vendors weaknesses and strengths?

it_user708033 - PeerSpot reviewer
Senior Consultant-Information Security at a tech services company with 51-200 employees

I would like to know the evaluation parameters and reviews for SIEM-Alien Vault and LogRhythm to implement in a banking environment in Gulf region.

Shaikh Jamal Uddin - PeerSpot reviewer
Shaikh Jamal UddinIBM QRadar is the best option because they are using UBA for the quick detection… more »
14 Answers
it_user669684 - PeerSpot reviewer
Security Analyst at a tech vendor with 51-200 employees
We're looking for real-life experience on behalf of a client in integrating QRadar data into Splunk ES, or Splunk/Splunk ES into QRadar or both into a 3rd option for PA/SA. This client has one of the largest and most complex networks among the federal agencies, currently is using both products in...
Read More »
it_user647754 - PeerSpot reviewer
User at a consultancy with 5,001-10,000 employees

I am looking for features comparison between AlienVault, SolarWinds LEM, HPE Arcsight, and any other similar enterprise grade products. Can you share a feature comparison document?

it_user579435 - PeerSpot reviewer
FO Engineer at a comms service provider with 501-1,000 employees
Hi everyone,I would like to export Nessus Scanner reports into ArcSight ESM Console but I do not have any idea how to do this.  Can anyone help me, please? Sam
Read More »
it_user302034 - PeerSpot reviewer
Senior Information Assurance Specialist at a tech services company with 51-200 employees

I would like to understand the basic difference between Nessus and Arcsight. Thanks.

it_user178008 - PeerSpot reviewer
Developer at a tech vendor with 1,001-5,000 employees

I'm comparing RSA Envision to some of its competitor SIEM products. Can you help me with a comparison matrix?

Thanks. 

Santhakumar

Ariel Lindenfeld - PeerSpot reviewer
Ariel Lindenfeld
Sr. Director of Community
PeerSpot (formerly IT Central Station)
One of our community members wrote that what's important is  "compatibility with diverse sources, including the ability to adapt to unknown ones, performance, and the ability to do multi-level correlation." What do you think? See other excellent answers below. Let the community know what you t...
Read More »
Michael SCHLEICH - PeerSpot reviewer
Michael SCHLEICHBased on my experience with SIEM, 7 years I worked with ArcSight on a daily… more »
it_user331212 - PeerSpot reviewer
it_user331212Real-time threat analysing and reporting capabilities
it_user324942 - PeerSpot reviewer
it_user324942Ability to quickly extract information when required (forensic). The ease at… more »
36 Answers
it_user153546 - PeerSpot reviewer
User with 5,001-10,000 employees
Looking at SolarWinds LEM as a SIEM tool. Several of my managers are questioning the scalability for a global deployment. I am having difficulty providing adequate information as to its distributed architecture and the ability to access the raw (and/or) normalized data directly so that I can ex...
Read More »
Byron Anderson - PeerSpot reviewer
Byron AndersonIf you are looking at scaling LEM for a global deployment it's really going to… more »
2 Answers
Avigail Sugarman - PeerSpot reviewer
Avigail Sugarman
Community Manager at PeerSpot (formerly IT Central Station)

Can you name a few based on the Solutions you have used?

Gabor Mayer - PeerSpot reviewer
Gabor Mayer- Organisation of the company - Leadership commitment - Enough money to get… more »
8 Answers
it_user108681 - PeerSpot reviewer
Security Solution Architect with 501-1,000 employees
Has anyone got experience in deployment of a SIEM solution using either McAfee Nitro or IBM Qradar or AlienVault USM? I am looking to understand the pitfalls associated. I find that the vendor documentation is often short on specifics in relation to the overall components needed and am concerned ...
Read More »
it_user214419 - PeerSpot reviewer
it_user214419Hello. If you need any assistance through sizing and deployment of IBM QRadar… more »
A.J. DiLorenzo - PeerSpot reviewer
A.J. DiLorenzoI've implemented AccelOps SIEM which also does Server/Network Performance and… more »
it_user280122 - PeerSpot reviewer
it_user280122The basic things like adding log sources is hopefully not a problem but i think… more »
9 Answers