Security Information and Event Management (SIEM) Features

Read what people say are the most valuable features of the solutions they use.
Colt Rodgers says in a Splunk review
Infrastructure Engineer at Zirous, Inc.
The ability to view all of these different logs, then drilling down into specific times or into specific data sources, has proved to be the greatest aspect in decreasing our troubleshooting overhead time. The added security has proven effective as well, but given that we have not yet created the perfect model, we still find ourselves striving to develop a more efficient and predictive security analysis and action plan within Splunk. View full review »
Damian Scott says in an IBM QRadar review
Sr SIEM Consultant at a tech services company with 51-200 employees
* Correlation Rule Engine, built-in use cases: QRadar has the highest number of built-in use cases among any SIEM on the market. There are many built-in rules that are enabled by default and easily tunable to meet the specific needs of each organization. The correlation engine automates what is a manual process for many SIEM platforms. * Network-Based Anomaly Detection (NBAD): Using NetFlow, JFlow, SFlow, or QFlow (all 7 layers), offenses are detected as a response when a rule is triggered. * QRadar Vulnerability Management: Built-in vulnerability scanner or leverage for other supported scanners to either schedule a scan and/or import the results from a scan. Importing the results enriches the assets profile database to quickly identify assets that have known vulnerabilities. * X-Force Threat Intelligence: Threat intelligence IP reputation feed which leverages a series of international data centers to collect tens of thousands of malware samples, to analyze web pages and URLs, and to run analysis to categorize potentially malicious IP addresses and URLs. * App Exchange: Many vendors have written apps to enhance QRadar. The apps are free and enhance your SIEM experience by adding rules and custom event properties. In some cases a new tab. You will need to have purchased the third party solution. For example, if you have Palo Alto or Blue Coat, there's a free app for better integration. View full review »
Geremy Farmer says in an EventTracker review
Information Technology Coordinator at Magnolia Bank, Incorporated
The network alert is the most valuable feature. That way, we in the IT department are aware of user lockout and invalid password attempts way before a user ever even calls in. We can resolve the issue a whole lot quicker than waiting for the user to call us and figure out that they're locked out of the network or need some assistance with their password or the like. The system's UI is pretty good, intuitive, and user-friendly. EventTracker SIEMphonic has been a good add-on piece because doing all the logs can be time-consuming. Having a nice, weekly summary report, and the supplemental logs with them, in the event that you need to dive in any further, is helpful. Having somebody else reviewing those logs as well, on their team, is very helpful and beneficial to us. View full review »
Bryan Caporlette says in an EventTracker review
Chief Technology Officer at G&G Outfitters Inc
The SIEMs and managed service are its most valuable features. We get a weekly report from them which provides a culmination of them combing through millions of events which are triggered across our network every day and minute. Their information security experts basically boil that down to a report which I get emailed once a week. It identifies potential threats and the remediation that I should take to be able to quell those threats. I don't have a CISO and don't have the budget to bring a CISO in. Therefore, it basically allows me to outsource the information security officer to EventTracker and have them perform that role for the company. With the dashboards, I can very quickly see if there are any pending threats or anything that I should take action against. It has a very easy to use interface. Instead of having to go run reports and digging through millions of entries of data, I can have a couple of key metrics brought right up to me through the dashboard and be able to review that information, then either send it on to my networking team to address something or have comfort that we're in a good footing security-wise. The solution's UI is very good now. It went through a transition phase from four years ago to today. With each iteration, we started on version 6 or 7, then we went to 8, and now we're on 9. Each one has been a large improvement for user usability and the user interface. It is more modern and easier to use. We usually view it on Internet Explorer or Chrome. I use my laptop to view it and find it a comfortable view. I rely on them to tell me what features should be rolled out and come out. They are always introducing me to new threats and other thing that we need to be looking out for. They say, "By the way, we're looking for these now on the weekly report for you." They are the ones that I just outsourced this to. View full review »
SVP Insider Threat at a financial services firm with 10,001+ employees
The machine-learning algorithms are the most valuable feature because they're able to identify the "needle in the haystack." Also, the solution's behavior analytics in terms of detecting cyber and insider threats is fairly good. View full review »
QRadar677 says in an IBM QRadar review
B.T. G├╝venlik Y├Âneticisi at a recruiting/HR firm with 10,001+ employees
The most valuable feature is user-behavior analytics, where it will create logs based on the users' behavior and report suspicious events or other anomalies. I am working with the data analytics so it is a very good one for what I am doing. View full review »
Director of Intellectual Property Protection at a pharma/biotech company with 1,001-5,000 employees
There are a number of things that are very useful. What I like most is that the threat models and risk scoring are very accurate and very helpful to the analysts on my team. They help highlight the most important things for them to look at. The second feature is that within the SNYPR product there is a functionality called Spotter. We use that for link analysis diagrams and to run the stats command. That's extremely useful because it replaces a tedious, manual process we used to go through, using Microsoft Excel and a couple of other methods, to bring data together. The third feature is the ability to create watch lists that highlight specific predefined events in a separate window - or widget, as they call it. If I want to highlight something of interest without changing the risk score, or affecting any of the threat or risk models that we have in place, I can create a watch list. It moves those events to an area where an analyst will see them, first thing, without changing any scores or any other manipulation of data. I can highlight events that way. View full review »
Ramasamy Balakrishnan says in a DNIF review
CEO at Irisk Assurance Consultancy Services Pvt Ltd
The solution is based on a big-data platform and the response time on queries is super-fast. That's why we like this solution. It is 30 times faster than traditional SIEMs. It provides responses to queries within a minute. That's the most impressive feature we have found in this product. Also, the UBA, the User Behavior Analytics, is a built-in threat-hunting feature. It detects and reports on any kind of malware or ransomware that enters the network. That's an amazing feature of this product. View full review »
Sean Sheil says in an EventTracker review
Information Technology - Business Process Analyst at a financial services firm with 51-200 employees
The most important feature is keeping track of when accounts are created and deleted, when permission groups are changed, and memberships are changed in groups; and overall, how many errors are occurring on the various systems that we're monitoring. The ability to import log data into the solution is very good. It consolidates that information and stores it in a compact manner. It doesn't use a huge amount of disk space to store the history of the logs but still gives us the ability to pull various reports as we need them. View full review »
reviewer905577 says in a Splunk review
Principal Consultant with 51-200 employees
* Drill down * Apps * REST API * Software development kits * Architecture * Replication capabilities View full review »
FarhanAli says in an IBM QRadar review
Security Analyst at a security firm with 11-50 employees
* Its default set of rules: It comes with many rules disabled. You can tune them and modify them according to your enterprise needs and avoid false positives. * The extension management: There are more than 120 extensions in QRadar, which are easy to install and configure. These can improve your analysis of events. * UBA 2.7: It can help you detect insider threats. View full review »
Clara Merriman says in a Splunk review
Business Intelligence Engineer at a hospitality company with 501-1,000 employees
Splunk is extremely flexible, which allows us to create custom visualizations along with other customizations. The flexibility of Splunk as well as the resources available for learning and support are the best in the business. View full review »
IT Security Lead at a tech services company with 10,001+ employees
VirusScan Enterprise provides protection against real-time malware attacks. We use it for logging the network traffic, when required. It blocks the things which are not to be allowed. It has an adaptive mode where it learns for itself. View full review »
Jeffrey Robinette says in a SolarWinds LEM review
System Engineer at a government with 51-200 employees
The out of the box reports and dashboard. It was easy to trim down these windows to something we could quickly use. View full review »
Karlo Luiten Crisc Cissp says in an ArcSight review
Security Consultant at a tech services company with 5,001-10,000 employees
* Large scale installations work well. * The new user interface is nice. * The real-time analysis adds value. * The default packages on the new HPE Marketplace are useful and give nice default dashboards and reports for most of the well-known products. View full review »
Vulnera08667 says in an IBM QRadar review
Vulnerability Manager at a tech services company with 51-200 employees
The threat protection network is the most valuable feature because when you get an offense, you can actually trace it back to where it originated from, how it originated, and why. View full review »
Solutions Consultant at a comms service provider with 51-200 employees
Both the collecting logs and duo correlation are valuable features for us. Fortinet also offers very good pricing. Their pricing is incredible. View full review »
SolutionsEngnr67 says in a SolarWinds LEM review
Solutions Engineer at a tech services company with 11-50 employees
The most valuable feature of this solution is the visibility into both attempted and failed logins. View full review »
Assistan6279 says in an EventTracker review
Assistant LAN Administrator at a non-profit with 10,001+ employees
The most valuable feature is that we get the events: the alerts about disk space and the security reports that we get once a day, including user lockouts and the like. The reports are fine the way they are. The dashboard is also fine. We haven't configured the dashboard widgets; we just basically go with the default that was there. The dashboard helps by organizing things for us. Overall, the UI is very helpful. It's user-friendly and relatively intuitive. View full review »
Richard Teegarden says in an EventTracker review
Network Manager at a energy/utilities company with 51-200 employees
The solution is on-prem and we also utilize them for fairly full, managed services. They do tend to babysit it quite a bit. We get daily reports that they piece together for us which walk through everything that they're finding and seeing. And we sit together in a monthly service call to walk through what they found over the course of the month, just to compare notes. We backtrack and check to make sure that nothing stood out and that we didn't miss anything or to hear if they've got any concerns or questions. They're putting in the time on a daily basis for us on that. Another valuable feature is that we've tied it into pretty much everything that we have. We've got it tied into our Office 365 and it's helping us monitor even the spam garbage there, the consistencies or the abnormalities on the spam. We've got it tied into our firewalls and into just about every appliance we have as a front-line or an in-between, including VPN and the authentication that is coming through there. It's also tied into anything that's cloud-based. We might tie into IIS logs, our antivirus logs. It's huge that it gives us that single dashboard overview of events happening, all at one time. It's been, tremendous for us. I really appreciate the fact that the dashboard breaks everything down into a pretty easy view for me. I can pass it along, not only my boss, but to senior management, if needed. I can show them what activity is being monitored, what types of incidents there are and the type of risk, if there is one. It shows what changes are happening to privileged user accounts, access and identity, what's cropping up. It shows application activity and whether we've got system resources that aren't online and being found anymore. It's a pretty simple, easy, quick hit and there are the supporting logs behind it. If I need to drill down further, I can do that quickly. It's very effective. I just want to know what's going on on the end-points. If anything gets flagged, if anything's out of order, chances are pretty good we're going to get it flagged on a couple of systems, whether it's a desktop for a firewall or an outbound request. It might get flagged on our AV, but at least I'm seeing it across all of those systems at a given time. So I really appreciate having that single location to look for any event that might be something which warrants a little bit more work. I don't play around too much with the dashboard widgets, the stuff that's built-in. I get a daily report and, based on that, if I need to, I'll dig into it. So I don't customize things too much. I go back through things on a monthly basis as well. The dashboard is an easy enough layout and I've gotten used to using it or digging down deeper so I don't really change much in there. In terms of log importing, I've never really had any problems with it. Everything that's a syslog is a pretty easy tie-in and pull-through. Anything else that's agent-based, like a desktop, we've had very few problems with. Microsoft's Direct Access, their direct-access, always-on VPN product was a little bit of a tough one that we had to work through to get those to pull across. But overall, the agents seem to be pretty stable, pretty efficient. They're pulling through everything that we need at this point. Anytime we've pulled in, whether it's an antivirus product - we've gone through a couple of them - various appliances, even Office 365, it has been very well-versed on all the major brands out there. If we want to pull those in or pull in the syslogs or pull in those events, we've never had an issue. View full review »
Tamer Serag Ahmed says in an AlienVault OSSIM review
Cyber Security Consultant at Besafe-tech
The most valuable features of this solution are the data correlation and vulnerability assessment. View full review »
Andrew Njagi says in a SolarWinds LEM review
Communications and Networks Engineer at a transportation company with 1,001-5,000 employees
The NTA & NPM are the most valuable features of the solution. The solution is very user-friendly. View full review »
BonganiMkwananzi says in an AlienVault OSSIM review
Owner & Cyber Security Consultant at Sekurisor
The open vault component and the checking of vulnerabilities are the most valuable features. The page management helps with this. If you know how your device is vulnerable, at least you can do something about it. View full review »
Kuzey Aksu says in an AlienVault OSSIM review
Information Security Manager at a financial services firm with 201-500 employees
AlienVault's features are all quite valuable. Using the CM to get post pay logs and lateral pay logs to a connection is also helpful. View full review »
Giorgi-Mikaia says in a LogPoint review
Security Architect at a tech services company with 51-200 employees
The flexibility of the search feature and the solution's analytics features are the most valuable parts of the solution. It's also very user-friendly. View full review »
Sign Up with Email