The initial setup isn't overly complex.
There are quite a lot of things that we find useful. Splunk agents are useful and good. Its UI is quite impressive.
I have found the most important features to be the flexibility, tech framework, and disk manager.
The solution is flexible and easy to use.
The visibility that it provides is valuable. It is helping in being proactive around incident management. It is helping us to be able to get more visibility into our customers' applications so that we can assist them at the application layer. We also provide them the infrastructure from an AWS standpoint. We are able to make sure that our customers are aware of certain critical things around the analytical piece of either the network or the application. We're able to call customers before they even know about the issue. From there, we can start putting together some change management processes and help them a bit.
The cost is reasonable. It's not overly pricey.
We've found the initial setup to be quite straightforward.
The user interface is good and it is quite easy to use.
The scalability is good. It is also good in the cluster nodes. You can make multiple FortiAnalyzer clusters groups, and you can distribute the logs between these FortiAnalyzer nodes. In other words, you can expand the scale.
The user experience [is] well thought out and the workflows are logical. The dashboards are intuitive and highly customizable.
The thing that Devo does better than other solutions is to give me the ability to write queries that look at multiple data sources and run fast. Most SIEMs don't do that. And I can do that by creating entity-based queries. Let's say I have a table which has Okta, a table which has G Suite, a table which has endpoint telemetry, and I have a table which has DNS telemetry. I can write a query that says, 'Join all these things together on IP, and where the IP matches in all these tables, return to me that subset of data, within these time windows.' I can break it down that way.
There are a host of things that are most valuable. Obviously monitoring our environment and reporting out different events is important. They perform a suite of services. They monitor all of our servers, all of our key infrastructure, like our DNS, our switches, all that stuff. They aggregate and correlate that quarterly. They'll tell us if we're getting a lot of login failures and something is going on or if something's weird.
It is very scalable and can handle a large workload.
The setup and installation are very easy.
Advice From The CommunityRead answers to top Log Management questions. 475,291 professionals have gotten help from our community of experts.
See more Log Management questions »
Rony_SklarCommunity Manager at IT Central Station
How do log management and SIEM differ? Is it necessary to have separate tools for each function or can these functions be rolled into one solution? Which products are best for SIEM, and which are better for log management? Do you have recommendations of products that effectively combine both log management and SIEM?
Ariel LindenfeldDirector of Community Management at IT Central Station
Question: When evaluating Log Management, what aspect do you think is the most important to look for?
Let the community know what you think. Share your opinions now!