Log Management Features

Read what people say are the most valuable features of the solutions they use.
Joshua Biggley says in a Splunk review
Engineer, Infrastructure Applications at a healthcare company with 1,001-5,000 employees
Splunk has a single purpose in life: ingest machine data and help analyze and visualize that data. The breadth of the data sources that Splunk can ingest data from is broad and deep and it does an exemplary job at handling structured data. It does a great job at handling unstructured data. Breaking data into key/value pairs so that it can be searched is relatively painless. View full review »
reviewer103734 says in an AlienVault review
IT Officer with 51-200 employees
The most valuable aspect of AlienVault is the visibility into the network. You have the capability to gather logs from multiple sources and easily see what is going on in the network. View full review »
Paul Gilowey says in a Splunk review
Foundation Technology Specialist at a insurance company with 1,001-5,000 employees
The ability to rapidly diagnose problems in production and non-production, across hundreds of log files, is the most valuable feature. View full review »
Damian Scott says in an IBM QRadar review
Sr SIEM Consultant at a tech services company with 51-200 employees
* Correlation Rule Engine, built-in use cases: QRadar has the highest number of built-in use cases among any SIEM on the market. There are many built-in rules that are enabled by default and easily tunable to meet the specific needs of each organization. The correlation engine automates what is a manual process for many SIEM platforms. * Network-Based Anomaly Detection (NBAD): Using NetFlow, JFlow, SFlow, or QFlow (all 7 layers), offenses are detected as a response when a rule is triggered. * QRadar Vulnerability Management: Built-in vulnerability scanner or leverage for other supported scanners to either schedule a scan and/or import the results from a scan. Importing the results enriches the assets profile database to quickly identify assets that have known vulnerabilities. * X-Force Threat Intelligence: Threat intelligence IP reputation feed which leverages a series of international data centers to collect tens of thousands of malware samples, to analyze web pages and URLs, and to run analysis to categorize potentially malicious IP addresses and URLs. * App Exchange: Many vendors have written apps to enhance QRadar. The apps are free and enhance your SIEM experience by adding rules and custom event properties. In some cases a new tab. You will need to have purchased the third party solution. For example, if you have Palo Alto or Blue Coat, there's a free app for better integration. View full review »
Colt Rodgers says in a Splunk review
Infrastructure Engineer at Zirous, Inc.
The ability to view all of these different logs, then drilling down into specific times or into specific data sources, has proved to be the greatest aspect in decreasing our troubleshooting overhead time. The added security has proven effective as well, but given that we have not yet created the perfect model, we still find ourselves striving to develop a more efficient and predictive security analysis and action plan within Splunk. View full review »
Mark Kline says in a Splunk review
Information Architect at a financial services firm with 5,001-10,000 employees
* Splunk delivers a holistic view of an application (the big picture). * Splunk provides immediate visibility into key business metrics and new business insights that deliver immediate value. * Significant reduction in mean-time-to-investigate (MTTI) and mean-time-to-resolve (MTTR) production incidents from days to hours. * Splunk visualization capabilities help pinpoint problem areas, spikes, and anomalies easier and faster. * Ability to monitor and resolve integration problems before they impact the business user area. * Splunk is being used as part of the development life cycle, resulting in better quality and more efficient applications. * Provides additional insights into a 360 degree view of the customer. View full review »
Timur Baitenov says in a Splunk review
Implementation Unit Manager at a tech services company
Splunk's schema-on-read technology is one of the most valuable characteristics of this solution. It allows us to store raw data and use it repeatedly for different domains. You don't need to prepare the data upfront. Splunk's Search Processing Language (SPL) is another beneficial feature. It is a very powerful tool that gives you the ability to do almost anything with your data. View full review »
reviewer905577 says in a Splunk review
Principal Consultant with 51-200 employees
* Drill down * Apps * REST API * Software development kits * Architecture * Replication capabilities View full review »
FarhanAli says in an IBM QRadar review
Security Analyst at a security firm with 11-50 employees
* Its default set of rules: It comes with many rules disabled. You can tune them and modify them according to your enterprise needs and avoid false positives. * The extension management: There are more than 120 extensions in QRadar, which are easy to install and configure. These can improve your analysis of events. * UBA 2.7: It can help you detect insider threats. View full review »
Clara Merriman says in a Splunk review
Business Intelligence Engineer at a hospitality company with 501-1,000 employees
Splunk is extremely flexible, which allows us to create custom visualizations along with other customizations. The flexibility of Splunk as well as the resources available for learning and support are the best in the business. View full review »
Prabhanshu Pandit says in an ELK Logstash review
Programmer at a tech services company
Documentation is very good, so implementation is fine. View full review »
Shubhojit Shil says in a SevOne review
Monitoring Administrator at a tech services company with 10,001+ employees
It is inexpensive compared to other monitoring tools and it provides agentless monitoring, where we don't need any kind of installation of servers. SevOne has a feature which is a policy browser. We just assign the policy and it will automatically apply it to all the servers, and it will create the thresholds as well for each and every server. The automation feature is good because if your CMDB is OK and it is already in sync, then the automation part is good to go. Auto-closure of the ticketed issue is resolved and ticket will auto-close, which is very helpful. View full review »
Marita Öman says in a SevOne review
Manager at a tech services company
Scalability. I have never had to worry about how to handle really big environments. View full review »
Michael Maguire says in a NNT Log Tracker Enterprise review
IT Infrastructure Manager at a non-profit with 201-500 employees
This is a very easy-to-use interface with a quick ramp-up time. The amount of information could be overwhelming, so please consider adding their FAST service, which filters out known good updates from trusted vendors, such as Microsoft updates. View full review »
Willem Albertus Potgieter says in an IBM QRadar review
Vulnerability Manager at a tech services company with 51-200 employees
The threat protection network is the most valuable feature, because when you get an offense, you can actually trace it back to where it originated from, how it originated, and why. View full review »
John Hluboky says in a Splunk review
SVP, Technical Operations at a tech vendor with 201-500 employees
Splunk has great interoperability with other applications through their SplunkBase app store. The apps can quickly provide visibility and streamline complex data mining tasks. View full review »
Robert Bailey says in a Splunk review
Owner with 1-10 employees
Splunk's capability to receive any types of logs and index them is a very good feature. To get visibility from your network devices, servers, and security devices is a great feature. View full review »
reviewer690780 says in an AlienVault review
Network Administrator at a legal firm with 51-200 employees
The vulnerability scans and network scans and alarms. View full review »
david hourani says in a Splunk review
Lead Splunk Architect at a financial services firm with 10,001+ employees
Splunk can be seen as a huge box that allows the storage of all sorts of logs. This allows the centralization of data and makes possible new sorts of correlations that were previously impossible using traditional SIEMs such as ArcSight or QRadar. Splunk allow schema on the fly and therefore simplifies all the data onboarding process. All that leads to flexibility when it comes to defining the metadata since it is not necessary to have all the fields defined and extracted to be able to use Splunk. Another great feature is the field extractor that allows persons with little or no experience with Regex to define fields and extract valuable information from the data. Finally, the ability to connect with various sorts of databases, NoSQL solutions, makes it a very powerful tool, not only as a SIEM but also as a datalake for machine learning and data analysis. View full review »
Troy Landers says in a Splunk review
Specialist Master, Cyber Risk at a tech vendor with 10,001+ employees
Splunk Enterprise Security is most valuable, my clients use it as a SIEM solution. Splunk gives them the ability to bring multiple, disparate types of data together, then correlate and report on them. View full review »
reviewer339099 says in an AlienVault review
IS Manager at a financial services firm with 501-1,000 employees
We use several features extensively. Logging, vulnerability scanning, file integrity monitoring, and threat information. View full review »
RubenHernandez says in an AlienVault review
IT Security Analyst at a tech services company with 10,001+ employees
OTX is a great module that lets staff maintain and monitor updates regarding events in the infrastructure and takes decision to improve the security perimeter. View full review »
Kent Farries says in a Splunk review
Security Architect at a energy/utilities company with 1,001-5,000 employees
There are too many features to list, but here are a few: * Schema on the fly * Ease of on-boarding data * Machine learning * Apps or Splunk base. * Great list of apps to use and also build upon once you learn more about how Splunk works. * We build many of our own apps by leveraging the logic in the others. * Ease of correlation, creating correlation searches are easy and you can combine multiple sources with little effort * Data Models Acceleration for super fast searches across tens of millions of events * Common Information Model * Security Essentials App * Enterprise Security * Splunk SPL (Search Processing Language) is easy to learn and has IDE like capabilities * Log storage or compression is great and retention is not an issue * Dashboards are simple to create and the input options like Time Range, Text * Drop-downs are simple to create. * Integration with cloud solutions is great and keeps getting better. * Can get info from rest API’s easily and there are apps for services like ServiceNow, Azure, Office365, etc. View full review »
Dan Dumas says in an AlienVault review
Information Technology Security Administrator at a healthcare company with 1,001-5,000 employees
Policies have been very valuable. We use them as alerts on many compliance requirements and concerns. View full review »
Kevin Marsh says in an AlienVault review
IT Security Engineer II at a retailer with 5,001-10,000 employees
The dashboard. View full review »

Sign Up with Email