Security Information and Event Management (SIEM) Features

Read what people say are the most valuable features of the solutions they use.
Joshua Biggley says in a Splunk review
Engineer, Infrastructure Applications at a healthcare company with 1,001-5,000 employees
Splunk has a single purpose in life: ingest machine data and help analyze and visualize that data. The breadth of the data sources that Splunk can ingest data from is broad and deep and it does an exemplary job at handling structured data. It does a great job at handling unstructured data. Breaking data into key/value pairs so that it can be searched is relatively painless. View full review »
reviewer103734 says in an AT&T AlienVault USM review
IT Officer with 51-200 employees
The most valuable aspect of AlienVault is the visibility into the network. You have the capability to gather logs from multiple sources and easily see what is going on in the network. View full review »
Paul Gilowey says in a Splunk review
Foundation Technology Specialist at a insurance company with 1,001-5,000 employees
The ability to rapidly diagnose problems in production and non-production, across hundreds of log files, is the most valuable feature. View full review »
Damian Scott says in an IBM QRadar review
Sr SIEM Consultant at a tech services company with 51-200 employees
* Correlation Rule Engine, built-in use cases: QRadar has the highest number of built-in use cases among any SIEM on the market. There are many built-in rules that are enabled by default and easily tunable to meet the specific needs of each organization. The correlation engine automates what is a manual process for many SIEM platforms. * Network-Based Anomaly Detection (NBAD): Using NetFlow, JFlow, SFlow, or QFlow (all 7 layers), offenses are detected as a response when a rule is triggered. * QRadar Vulnerability Management: Built-in vulnerability scanner or leverage for other supported scanners to either schedule a scan and/or import the results from a scan. Importing the results enriches the assets profile database to quickly identify assets that have known vulnerabilities. * X-Force Threat Intelligence: Threat intelligence IP reputation feed which leverages a series of international data centers to collect tens of thousands of malware samples, to analyze web pages and URLs, and to run analysis to categorize potentially malicious IP addresses and URLs. * App Exchange: Many vendors have written apps to enhance QRadar. The apps are free and enhance your SIEM experience by adding rules and custom event properties. In some cases a new tab. You will need to have purchased the third party solution. For example, if you have Palo Alto or Blue Coat, there's a free app for better integration. View full review »
Colt Rodgers says in a Splunk review
Infrastructure Engineer at Zirous, Inc.
The ability to view all of these different logs, then drilling down into specific times or into specific data sources, has proved to be the greatest aspect in decreasing our troubleshooting overhead time. The added security has proven effective as well, but given that we have not yet created the perfect model, we still find ourselves striving to develop a more efficient and predictive security analysis and action plan within Splunk. View full review »
Karthik Velli says in an ArcSight review
Delivery Consultant - Security Solutions with 1,001-5,000 employees
Customization. ArcSight gives you a platform to on-board out-of-the-box devices with a more accurate way of collecting desired logs/events. Competitors offer the something similar but ArcSight does gives you more detail. View full review »
Mark Kline says in a Splunk review
Information Architect at a financial services firm with 5,001-10,000 employees
* Splunk delivers a holistic view of an application (the big picture). * Splunk provides immediate visibility into key business metrics and new business insights that deliver immediate value. * Significant reduction in mean-time-to-investigate (MTTI) and mean-time-to-resolve (MTTR) production incidents from days to hours. * Splunk visualization capabilities help pinpoint problem areas, spikes, and anomalies easier and faster. * Ability to monitor and resolve integration problems before they impact the business user area. * Splunk is being used as part of the development life cycle, resulting in better quality and more efficient applications. * Provides additional insights into a 360 degree view of the customer. View full review »
Timur Baitenov says in a Splunk review
Implementation Unit Manager at a tech services company
Splunk's schema-on-read technology is one of the most valuable characteristics of this solution. It allows us to store raw data and use it repeatedly for different domains. You don't need to prepare the data upfront. Splunk's Search Processing Language (SPL) is another beneficial feature. It is a very powerful tool that gives you the ability to do almost anything with your data. View full review »
Geremy Farmer says in an EventTracker review
Information Technology Coordinator at Magnolia Bank, Incorporated
The network alert is the most valuable feature. That way, we in the IT department are aware of user lockout and invalid password attempts way before a user ever even calls in. We can resolve the issue a whole lot quicker than waiting for the user to call us and figure out that they're locked out of the network or need some assistance with their password or the like. The system's UI is pretty good, intuitive, and user-friendly. EventTracker SIEMphonic has been a good add-on piece because doing all the logs can be time-consuming. Having a nice, weekly summary report, and the supplemental logs with them, in the event that you need to dive in any further, is helpful. Having somebody else reviewing those logs as well, on their team, is very helpful and beneficial to us. View full review »
Sean Sheil says in an EventTracker review
Information Technology - Business Process Analyst at a financial services firm with 51-200 employees
The most important feature is keeping track of when accounts are created and deleted, when permission groups are changed, and memberships are changed in groups; and overall, how many errors are occurring on the various systems that we're monitoring. The ability to import log data into the solution is very good. It consolidates that information and stores it in a compact manner. It doesn't use a huge amount of disk space to store the history of the logs but still gives us the ability to pull various reports as we need them. View full review »
Bryan Caporlette says in an EventTracker review
Chief Technology Officer at G&G Outfitters Inc
The SIEMs and managed service are its most valuable features. We get a weekly report from them which provides a culmination of them combing through millions of events which are triggered across our network every day and minute. Their information security experts basically boil that down to a report which I get emailed once a week. It identifies potential threats and the remediation that I should take to be able to quell those threats. I don't have a CISO and don't have the budget to bring a CISO in. Therefore, it basically allows me to outsource the information security officer to EventTracker and have them perform that role for the company. With the dashboards, I can very quickly see if there are any pending threats or anything that I should take action against. It has a very easy to use interface. Instead of having to go run reports and digging through millions of entries of data, I can have a couple of key metrics brought right up to me through the dashboard and be able to review that information, then either send it on to my networking team to address something or have comfort that we're in a good footing security-wise. The solution's UI is very good now. It went through a transition phase from four years ago to today. With each iteration, we started on version 6 or 7, then we went to 8, and now we're on 9. Each one has been a large improvement for user usability and the user interface. It is more modern and easier to use. We usually view it on Internet Explorer or Chrome. I use my laptop to view it and find it a comfortable view. I rely on them to tell me what features should be rolled out and come out. They are always introducing me to new threats and other thing that we need to be looking out for. They say, "By the way, we're looking for these now on the weekly report for you." They are the ones that I just outsourced this to. View full review »
reviewer905577 says in a Splunk review
Principal Consultant with 51-200 employees
* Drill down * Apps * REST API * Software development kits * Architecture * Replication capabilities View full review »
FarhanAli says in an IBM QRadar review
Security Analyst at a security firm with 11-50 employees
* Its default set of rules: It comes with many rules disabled. You can tune them and modify them according to your enterprise needs and avoid false positives. * The extension management: There are more than 120 extensions in QRadar, which are easy to install and configure. These can improve your analysis of events. * UBA 2.7: It can help you detect insider threats. View full review »
Clara Merriman says in a Splunk review
Business Intelligence Engineer at a hospitality company with 501-1,000 employees
Splunk is extremely flexible, which allows us to create custom visualizations along with other customizations. The flexibility of Splunk as well as the resources available for learning and support are the best in the business. View full review »
IT Security Lead at a tech services company with 10,001+ employees
VirusScan Enterprise provides protection against real-time malware attacks. We use it for logging the network traffic, when required. It blocks the things which are not to be allowed. It has an adaptive mode where it learns for itself. View full review »
Jeffrey Robinette says in a SolarWinds LEM review
System Engineer at a government with 51-200 employees
The out of the box reports and dashboard. It was easy to trim down these windows to something we could quickly use. View full review »
Threat Intelligence Engineer (Security Engineering Team) at a government with 10,001+ employees
It's SIEM. Obviously, normalization of data is the biggest factor. View full review »
Michael Maguire says in a NNT Log Tracker Enterprise review
IT Infrastructure Manager at a non-profit with 201-500 employees
This is a very easy-to-use interface with a quick ramp-up time. The amount of information could be overwhelming, so please consider adding their FAST service, which filters out known good updates from trusted vendors, such as Microsoft updates. View full review »
Vulnera08667 says in an IBM QRadar review
Vulnerability Manager at a tech services company with 51-200 employees
The threat protection network is the most valuable feature, because when you get an offense, you can actually trace it back to where it originated from, how it originated, and why. View full review »
John Hluboky says in a Splunk review
SVP, Technical Operations at a tech vendor with 201-500 employees
Splunk has great interoperability with other applications through their SplunkBase app store. The apps can quickly provide visibility and streamline complex data mining tasks. View full review »
Robert Bailey says in a Splunk review
Owner with 1-10 employees
Splunk's capability to receive any types of logs and index them is a very good feature. To get visibility from your network devices, servers, and security devices is a great feature. View full review »
reviewer690780 says in an AT&T AlienVault USM review
Network Administrator at a legal firm with 51-200 employees
The vulnerability scans and network scans and alarms. View full review »
david hourani says in a Splunk review
Lead Splunk Architect at a financial services firm with 10,001+ employees
Splunk can be seen as a huge box that allows the storage of all sorts of logs. This allows the centralization of data and makes possible new sorts of correlations that were previously impossible using traditional SIEMs such as ArcSight or QRadar. Splunk allow schema on the fly and therefore simplifies all the data onboarding process. All that leads to flexibility when it comes to defining the metadata since it is not necessary to have all the fields defined and extracted to be able to use Splunk. Another great feature is the field extractor that allows persons with little or no experience with Regex to define fields and extract valuable information from the data. Finally, the ability to connect with various sorts of databases, NoSQL solutions, makes it a very powerful tool, not only as a SIEM but also as a datalake for machine learning and data analysis. View full review »
Troy Landers says in a Splunk review
Specialist Master, Cyber Risk at a tech vendor with 10,001+ employees
Splunk Enterprise Security is most valuable, my clients use it as a SIEM solution. Splunk gives them the ability to bring multiple, disparate types of data together, then correlate and report on them. View full review »
reviewer339099 says in an AT&T AlienVault USM review
IS Manager at a financial services firm with 501-1,000 employees
We use several features extensively. Logging, vulnerability scanning, file integrity monitoring, and threat information. View full review »

Sign Up with Email