We performed a comparison between IBM Security QRadar, LogRhythm SIEM, and VMware Aria Operations for Logs based on real PeerSpot user reviews.
Find out what your peers are saying about Splunk, Datadog, Wazuh and others in Log Management."Provided that the report is prebuilt and I can find what I am looking for, the reporting is the most valuable feature in this solution."
"The support is very good. We get support whenever we need it. Sometimes they respond immediately and sometimes it will be within 24 hours. We can ask them to please do it right away and they can get a request done within an hour or two."
"What I like the most about it is that you can very easily install and configure it. As compared to other SIEM solutions, for which you need to know and do a lot more to prepare your SIEM environment, QRadar is much simpler to install and configure. There are various options in the Admin console. In the Admin tab, you can design dashboards and view various graphs. It has a lot of attractive features, and you don't need to configure everything on your own."
"It has a logical, user-friendly GUI."
"The solution can scale."
"We are using the platform version, which I like."
"The scalability is very good. It's not a problem."
"This console gives you the entire view, which makes life easier and allows you to take precautionary measures."
"The user interface is good."
"I have found the Advanced Intelligence Engine has provided the most value to us because we can customize alarms based on our requirements and have created hundreds of alarms that notify different people for different scenarios."
"The correlation engine is extremely valuable because it uses machine learning to process information from the central manager and identifies issues in the network."
"The feature that makes it usable is the web interface."
"We use this solution to examine disparate log sources and provide a cohesive method to search for anomalous behavior."
"Their customer support is friendly and willing to help."
"NextGen SIEM's best feature is how it presents logs."
"The most valuable feature is that we can alternate incident automations."
"The trace log is the solution's most valuable feature. It's very helpful in troubleshooting problems."
"I like the interface."
"What I like is that you can have different storage locations for different applications."
"The most valuable feature is server virtualization. It's been very useful."
"It is very scalable and can handle a large workload."
"It is a highly stable solution...It is a highly scalable solution."
"The system's management and its alerts are the most valuable aspects of the solution."
"We are using it because we have a VMware product. It has its own built in dashboards for VMware products, and that's a good thing."
"The modularity could be improved."
"The usability of interfaces could be improved."
"There is a shortage of skilled individuals with knowledge about the solution. There is training required."
"It needs more resilience and functionality."
"The dashboards are all legacy and old."
"The playbook guide which specifies the rules for security use cases needs to be provided to support in case the organization needs help."
"The AI engine could be smarter."
"The API integration for AD is a problem when it comes to vulnerability management. If you want to incorporate multiple factor authentication it becomes a problem with the AD. It doesn't integrate well. That needs to be improved."
"I would like to see support added for Exchange 2016, and CheckPoint OPSec Lea."
"We would like to see more things out of the console into the web UI. I guess this is what they are doing in 7.4."
"The user interface needs improvement. The more the user can slide around and know what's going on, the better it will be."
"I would really love to be able to take some of the data and not have to export it to a CSV file, so I can pull it into Excel to turn it into some other kind of graph."
"The software needs to work on its pricing."
"It is a product that is very hard to use."
"Scalability misses the mark sometimes, especially when you have an integrated disaster recovery built into the solution."
"LogRhythm NextGen SIEM could improve by adding more applications for the banking sector. There are not any custom applications at this time."
"Documentation is lacking, including some guide as to how to use the expressions. It is not clear how to look for a log, for example. Some examples in the documentation might be helpful. I think that VMware had good documentation, but it's no longer hosted. The documentation is not as easy to understand as it was before."
"What I'd like to improve in vRealize Log Insight is the licensing model. VMware provides vRealize Log Insight along with the VMware Cloud Foundation, but customers who would like to go for the native VMware would have to procure vRealize Log Insight separately. Today, vRealize Log Insight is offered on two different licenses, one is based on the number of VMs, and the other is based on the number of physical codes on the machine. If VMware can provide a bundle offer for customers who procure more than ten licenses, where you can have an option to run, for example, three hundred machines on vRealize Log Insight with no extra cost, this would encourage more people to adopt the solution. What I'd like to see in the next release of vRealize Log Insight is for a cloud option to be available, which would be a pay-as-you-go licensing model that would allow me to pick and choose what I'll monitor. For example, I have one thousand and three hundred critical servers, and the seven hundred servers for basic development, I don't want to monitor on vRealize Log Insight today, so I should be able to pick what I need to monitor on the solution and only pay for that specific instance. If VMware can apply these changes, it would help VMware customers to procure more or adopt more of vRealize Log Insight even in smaller projects."
"In the VMware environment, one area for improvement is the handling of VM failovers due to host failures, such as unexpected shutdowns from hardware issues. Currently, High Availability (HA) doesn't seem to recognize whether the VMs are online during failover, treating them as offline or unavailable."
"The pricing of the solution could be improved."
"In vRealize login files, we have limitations regarding log partitions."
"The solution is a very good tool, but it has a lot of limitations. One of the main issues is around how you define your retention policy, for instance, in Log Insight. It doesn't have it. You can't define a log retention policy. You also can't define the destination or location for your logs. All of the logs are in one index or one bucket."
"I don't use the solution on a day to day basis, so I'm not sure what specifically can be improved."
"I think that it should be able to integrate with other third-party backup and recovery solutions, more that it does now."
More VMware Aria Operations for Logs Pricing and Cost Advice →