We performed a comparison between ManageEngine EventLog Analyzer and Trellix ESM based on real PeerSpot user reviews.
Find out in this report how the two Security Information and Event Management (SIEM) solutions compare in terms of features, pricing, service and support, easy of deployment, and ROI."The ability of all these solutions to work together natively is essential. We have an Azure subscription, including Log Analytics. This feature automatically acts as one of the security baselines and detects recommendations because it also integrates with Defender. We can pull the sysadmin logs from Azure. It's all seamless and native."
"Having your logs put all in one place with machine learning working on those logs is a good feature. I don't need to start thinking, "Where are my logs?" My logs are in a centralized repository, like Log Analytics, which is why you can't use Sentinel without Log Analytics. Having all those logs in one place is an advantage."
"Sentinel enables us to ingest data from our entire ecosystem. In addition to integrating our Cisco ASA Firewall logs, we get our Palo Alto proxy logs and some on-premises data coming from our hardware devices... That is very important and is one way Sentinel is playing a wider role in our environment."
"Sentinel is a Microsoft product, so they provide very robust use cases and analytic groups, which are very beneficial for the security team. I also like the ability to integrate data sources into the software for on-premise and cloud-based solutions."
"There are a lot of things you can explore as a user. You can even go and actively hunt for threats. You can go on the offensive rather than on the defensive."
"It is easy to implement (turn on) - does need a skilled analyst to develop queries and playbooks."
"It is able to connect to an ever-growing number of platforms and systems within the Microsoft ecosystem, such as Azure Active Directory and Microsoft 365 or Office 365, as well as to external services and systems that can be brought in and managed. We can manage on-premises infrastructure. We can manage not just the things that are running in Azure in the public cloud, but through Azure Arc and the hybrid capabilities, we can monitor on-premises servers and endpoints. We can monitor VMware infrastructure, for instance, running as part of a hybrid environment."
"The solution offers a lot of data on events. It helps us create specific detection strategies."
"It's one of the easiest products. It's very simple to use."
"The user interface is very good."
"ManageEngine EventLog Analyzer is easy to gather reports to give to management. My supervisor has access to the solution and he enjoys the graphs."
"The most valuable features of ManageEngine EventLog Analyzer are the number of capabilities, file integration monitoring, web server log collection, and alert configuration."
"I have made use of technical support and am certainly very satisfied with them."
"The initial setup is straightforward"
"What I found most useful in ManageEngine EventLog Analyzer is its integration with other ManageEngine applications. It seamlessly integrates throughout the ManageEngine suite, and that's beneficial. I also like that the solution has chain management capabilities, it has a modular approach, and it's easy to reach the support team."
"It is stable."
"We are now able to completely monitor our environment so we can review what is there, which is a big win for us."
"The most valuable feature is the correlation rules."
"Trellix ESM is very user-friendly."
"The most valuable features of McAfee ESM are intrusion detection, malware protection, and the device controller."
"It is easy to use and deploy. It comes with user-friendly manuals."
"The ease of use is the most valuable feature. Over the years I have always been using this solution and have become comfortable with it."
"It is user-friendly. The notification part of McAfee ESM is very easy."
"The solution is 100% stable. We really have had a great time working with it. It hasn't let us down."
"They should integrate it with many other software-as-a-service providers and make connectors available so that you don't have to do any sort of log normalization."
"It would be good to have some connectors for third-party SIEM solutions. Many customers are struggling with the integration of Azure Sentinel with their on-premise SIEM. Microsoft is changing the log structure many times a year, which can corrupt a custom integration. It would be good to have some connectors developed by Microsoft or supply vendors, but they are not providing such functionality or tools."
"We've seen delays in getting the logs from third-party solutions and sometimes Microsoft products as well. It would be helpful if Microsoft created a list of the delays. That would make things more transparent for customers."
"The dashboards can be improved. Creating dashboards is very easy, but the visualizations are not as good as Microsoft Power BI. People who are using Microsoft Power BI do not like Sentinel's dashboards."
"Improvement-wise, I would like to see more integration with third-party solutions or old-school antivirus products that have some kind of logging capability. I wouldn't mind having that exposed within Sentinel. We do have situations where certain companies have bought licensing or have made an investment in a product, and that product will be there for the next two or three years. To be able to view information from those legacy products would be great. We can then better leverage the Sentinel solution and its capabilities."
"Microsoft should improve Sentinel, considering that from the legacy systems, it cannot collect logs."
"Add more out-of-the-box connectors with other SaaS platforms/applications."
"For certain vendors, some of the data that Microsoft Sentinel captures is redacted due to privacy reasons."
"It may not be as easy to use as Splunk."
"Support could improve to make the solution better."
"The first tier of customer service and support is not great."
"There isn't good security integration when it comes to cybersecurity. The correlation of logs isn't so simple."
"The customization of reports could be a lot easier. It is not difficult but it could be made easier."
"The solution should improve on its log capturing capabilities."
"What I'd like to see as an improvement to ManageEngine EventLog Analyzer is for it to be more AI-driven. Having more automation would also make the solution better."
"The scalability is limited."
"It seems McAfee does test its product before releasing. When we - not only us, other companies also - deploy McAfee, we face multiple issues from the customer side, after which, McAfee reacts and fixes the bugs."
"There are always multiple bugs in the product. For example, the console page was hanging multiple times. Afterwards, they released multiple upgrades for the same, multiple patches from McAfee."
"I would like to see good analytics in future releases."
"We would welcome integrations with some of the new McAfee acquisitions, e.g., behavioural analytics."
"It is not a very advanced solution, and it is for very generic use cases. It cannot cope with the advanced requirements that we're going to have. For example, for multiple authentication failures, it is still based on Windows events for detecting multiple login failures, whereas other companies are going beyond and working on implementing two-factor authentication. It is time to correlate the two-factor authentication results with authentification failures, which is not happening with McAfee ESM. The performance of the tool should be improved because it is very slow. The data display on the console is very slow in McAfee ESM. Its data storage is still old-fashioned, and it should be improved and upgraded to the latest versions. They have to come up with some new ideas to match what other leaders in the same domain are doing. For example, in Splunk, when you search for information for the last 60 days or five months, it quickly shows the information, but that is not the case with McAfee. The results should be quicker and faster on the console. They should integrate some additional features such as User Behavior Analytics (UBA) and automation. The threat intelligence part should also be improved on McAfee."
"We cannot add new data sources to the most recent version."
"The product’s alert response feature needs improvement. It could be more flexible and secure."
"Update to user interface from version 9 is cosmetic in some aspects, and after a few clicks you are back on the old interface."
More ManageEngine EventLog Analyzer Pricing and Cost Advice →
ManageEngine EventLog Analyzer is ranked 23rd in Security Information and Event Management (SIEM) with 10 reviews while Trellix ESM is ranked 18th in Security Information and Event Management (SIEM) with 34 reviews. ManageEngine EventLog Analyzer is rated 7.8, while Trellix ESM is rated 7.4. The top reviewer of ManageEngine EventLog Analyzer writes "Modular software that seamlessly integrates with other applications and provides good technical support". On the other hand, the top reviewer of Trellix ESM writes "Provides visibility of all the traffic within the company infrastructure". ManageEngine EventLog Analyzer is most compared with ManageEngine Log360, Fortinet FortiAnalyzer, Wazuh, SolarWinds Kiwi Syslog Server and SolarWinds Log Analyzer, whereas Trellix ESM is most compared with ArcSight Enterprise Security Manager (ESM), IBM Security QRadar, Splunk Enterprise Security, LogRhythm SIEM and Cybereason Endpoint Detection & Response. See our ManageEngine EventLog Analyzer vs. Trellix ESM report.
See our list of best Security Information and Event Management (SIEM) vendors.
We monitor all Security Information and Event Management (SIEM) reviews to prevent fraudulent reviews and keep review quality high. We do not post reviews by company employees or direct competitors. We validate each review for authenticity via cross-reference with LinkedIn, and personal follow-up with the reviewer when necessary.
