We performed a comparison between ArcSight Enterprise Security Manager (ESM) and SolarWinds Security Event Manager based on real PeerSpot user reviews.
Find out in this report how the two Security Information and Event Management (SIEM) solutions compare in terms of features, pricing, service and support, easy of deployment, and ROI."You can fine-tune the SOAR and you'll be charged only when your playbooks are triggered. That is the beauty of the solution because the SOAR is the costliest component in the market today... but with Sentinel it is upside-down: the SOAR is the lowest-hanging fruit. It's the least costly and it delivers more value to the customer."
"I believe one of the main advantages is Microsoft Sentinel's seamless integration with other Microsoft products."
"Sentinel has features that have helped improve our security poster. It helped us in going ahead and identifying the gaps via analysis and focusing on the key elements."
"The connectivity and analytics are great."
"Another area where it is helping us is in creating a single dashboard for our environment. We can collect all the logs into a log analytics workset and run queries on top of it. We get all the results in the dashboard. Even a layman can understand this stuff. The way Microsoft presents it is really incredible."
"Sentinel also enables you to ingest data from your entire ecosystem and not just from the Microsoft ecosystem. It can receive data from third-party vendors' products such firewalls, network devices, and antivirus solutions. It's not only a Microsoft solution, it's for everything."
"The solution offers a lot of data on events. It helps us create specific detection strategies."
"The Log analytics are useful."
"ArcSight is customizable. You can integrate just about anything. I also like the ease of use."
"I would rate the ease of use for new users an eight out of ten, with ten being easy to use. It is a good tool."
"The user interfaces are quite good and speedy."
"ArcSight ESM allows us to find if someone is doing an administrative operation at inappropriate times of day or trying to do something they're not allowed to."
"It is a vital tool for live monitoring and helps us to understand the traffic alerts of any major issue on the network, thereby reducing hacking attempts."
"We have been satisfied with the support."
"The real-time analysis adds value."
"It makes maintenance very easy."
"The graphical user interface is very user-friendly. SolarWinds is a hybrid solution so you can use it across many platforms."
"SolarWinds' stability is fine. I don't think we've had any software issues."
"It has in-depth monitoring capabilities and an easy way for setting up dashboards. I can expand in various areas, or I can reduce areas. It supports different types of breakdowns, filters, and rules. It is very simple for an out-of-the-box type of product. It doesn't take a lot of time to figure it out, which is unlike some of the solutions that I have looked at. It meets all the aspects."
"The most valuable feature of this solution is the visibility into both attempted and failed logins."
"The solution helps me to go back in time and search for different events. For example, if you wanted to know who activated an account; you could go back in time and find out."
"We did previously use a different solution, but SolarWinds is much better. It's easy to interact with SolarWinds. It's easy to operate, easy to configure and is generally easier compared to what we were working with before."
"The most valuable feature is the reporting."
"The out of the box reports and dashboard. It was easy to trim down these windows to something we could quickly use."
"Everyone has their favorites. There is always room for improvement, and everybody will say, "I wish you could do this for me or that for me." It is a personal thing based on how you use the tool. I do not necessarily have those thoughts, and they are probably not really valuable because they are unique to the context of the user, but broadly, where it can continue to improve is by adding more connectors to more systems."
"The learning curve could be improved. I am still learning it. We were able to implement the basic features to get them up and running, but there are still so many things that I don't know about all its features. They have a lot of features that we have not been able to use or apply. If they could work on reducing the solution's learning curve, that would be good. While there is a training course held by Microsoft to learn more about this solution, there is a cost associated with it."
"The KQL query does not function effectively with Windows 11 machines, and in the majority of machine-based investigations, KQL queries are essential for organizing the data during investigations."
"Improvement-wise, I would like to see more integration with third-party solutions or old-school antivirus products that have some kind of logging capability. I wouldn't mind having that exposed within Sentinel. We do have situations where certain companies have bought licensing or have made an investment in a product, and that product will be there for the next two or three years. To be able to view information from those legacy products would be great. We can then better leverage the Sentinel solution and its capabilities."
"Documentation is the main thing that could be improved. In terms of product usage, the documentation is pretty good, but I'd like a lot more documentation on Kusto Query Language."
"If their UI was a bit more streamlined and easy to find when I need it, then that would be a great improvement."
"We'd like to see more connectors."
"They should integrate it with many other software-as-a-service providers and make connectors available so that you don't have to do any sort of log normalization."
"They should try to include business logic vulnerabilities in the SIEM tool."
"HPE ArcSight has a quite steep learning curve."
"The first limitation is with the ArcSight Data Storage Manager (ADSM). ArcSight's total capacity is currently capped at 12 TB. This becomes an issue if a customer needs a longer real-time data retention period, such as exceeding 90 days or reaching a year or even ten months. Increasing the disk space beyond 12 TB is not currently possible."
"In other products, I have found that they use some kind of GUI that is drag and drop. While in ArcSight they use still scripting. They should keep scripting because some people prefer scripting but they should have the option for those who prefer using drag and drop."
"The biggest requirement is that there is no cloud solution for this product yet. They need to create a cloud version. It's the biggest thing they can do to make the solution better."
"The visualization is not very good compared to Splunk."
"They also could improve the product by integrating user and identity behavior analytics."
"I am having issues with report generation with older versions. I don't know if this is because of compatibility issues, but report generation has been a little bit difficult in older versions. It is not similar to the newer and current versions. We are looking at moving to the cloud. It would be good if ArcSight ESM can move to the cloud. They already seem to be working on this. It would also be very helpful and great if we can integrate external threat intelligence, machine learning, and AI into this solution. It has good dashboards, but they can always be better. Its stability can also be improved."
"We used the support from SolarWinds Security Event Manager and they are knowledgeable but challenging to get in contact with them."
"The solution's technical support is okay, but we don't have an SLA, and sometimes the response times are very slow."
"It can be difficult for users who are inexperienced with the solution."
"The product should improve the ease with which you can create event alerts. They are not as hard now but you need to have an easier way."
"We'd like more customization capabilities."
"I would like to have a more customizable dashboard."
"There is no correlation made between log entries, so no threat information is presented."
"SolarWinds should improve its correlation capabilities. The correlation does not automatically detect and reduce the events fast enough. You have to manually do a correlation report, which means the tool is not scalable in many ways."
More ArcSight Enterprise Security Manager (ESM) Pricing and Cost Advice →
More SolarWinds Security Event Manager Pricing and Cost Advice →
ArcSight Enterprise Security Manager (ESM) is ranked 12th in Security Information and Event Management (SIEM) with 93 reviews while SolarWinds Security Event Manager is ranked 21st in Security Information and Event Management (SIEM) with 24 reviews. ArcSight Enterprise Security Manager (ESM) is rated 7.8, while SolarWinds Security Event Manager is rated 7.8. The top reviewer of ArcSight Enterprise Security Manager (ESM) writes "Allows for monitoring logs according to industry standards within ESM but has a total capacity capped at 12 TB, limiting real-time data retention periods". On the other hand, the top reviewer of SolarWinds Security Event Manager writes "A comprehensive network security with robust technical capabilities, effective threat response, and centralized management". ArcSight Enterprise Security Manager (ESM) is most compared with Splunk Enterprise Security, ArcSight Intelligence, Trellix ESM, IBM Security QRadar and LogRhythm SIEM, whereas SolarWinds Security Event Manager is most compared with ManageEngine Log360, Splunk Enterprise Security, IBM Security QRadar, Wazuh and Microsoft Defender XDR. See our ArcSight Enterprise Security Manager (ESM) vs. SolarWinds Security Event Manager report.
See our list of best Security Information and Event Management (SIEM) vendors.
We monitor all Security Information and Event Management (SIEM) reviews to prevent fraudulent reviews and keep review quality high. We do not post reviews by company employees or direct competitors. We validate each review for authenticity via cross-reference with LinkedIn, and personal follow-up with the reviewer when necessary.