We performed a comparison between ArcSight Logger, LogRhythm SIEM, and Splunk Enterprise Security based on real PeerSpot user reviews.
Find out what your peers are saying about Splunk, Wazuh, Datadog and others in Log Management."We haven't had any crashes or bugs. It is stable."
"Our return on investment for implementing ArcSight Logger over the past 12 months has been positive."
"ArcSight's robustness is its most valuable feature."
"It's a robust, mature product and you can do some really complex operations and analytics."
"Some of the most valuable features I really appreciate are the performance, how quick the solution is, and how easy it is to create a query."
"The ability to customize the solution in great detail is its most valuable features. We can customize the use cases and also have the ability to do scripting. We can personalize our dashboard as well. The scalability the solution offers is quite impressive."
"In our country we are a little bit private in terms of solutions, so we are just starting to use the basic data capture. Now some users can start to use additional features that come with Micro Focus ArcSight like user behavior analytics for investigating."
"The most valuable feature is the level of detail that you can see about certain events, even when they do not come up in the console."
"The user interface is pretty good compared to other SIEM tools."
"AXON has the ability to add and compare use cases."
"The daily alerts allow me to quickly find security and operations issues which need to be addressed."
"We have to be able to show the evidence, and LogRhythm does a great job of putting it forward and making it easy to create reports with nice looking dashboards, which show off what we are doing as a security program."
"I would say the most valuable feature of LogRhythm is that it has built-in UEBA functionality, among other basic Windows packages."
"The dashboards in the LogRhythm SIEM really help us as a starting point. It gives us a starting point we can go to every day. We walk through several dashboards to see anomalous activity for further investigation."
"Our clients enjoy having one dashboard to monitor their environments in real time."
"We have NetFlow information going into it, so we can examine a lot of traffic patterns and anomalies, especially if something stands out and is not the baseline. This helps a lot."
"The most valuable feature is the DSS, also known as SPL, because it allows users to script advanced queries with limited knowledge."
"The logs on the solution are excellent."
"The reporting aspect is good and it does what I need it to do."
"The correlation capabilities are the first value that our clients say they like with Splunk."
"Alerts when a server is malfunctioning, monitors external attacks, and takes action to stop spreading viruses."
"Our clients are easily able to modify and evolve their implementations."
"Splunk is a user-friendly solution."
"On the cloud, we are pushing through less than half a petabyte of data. So far, it has been fairly stable because it runs on all the underlying AWS infrastructures."
"I would rate the technical support only 5 out of 10. The technical support is not satisfactory."
"It would be better if the product is cheaper."
"The console in older versions is not user-friendly."
"The speed of Logger indexing and searching for certain bugs for some queries that we provide could be improved. It can handle a huge number of logs but it can be improved."
"It is really difficult to work in ArcSight Logger, as it is very slow."
"The solution could be improved in maintenance settings."
"We have had problems with archiving."
"You have limited reporting capabilities and I wouldn't choose ArcSight Logger for this purpose."
"It will definitely help if the parsing side would be much easier, meaning it would be better if we could easily make adjustments on the parser, both on standard and non-standard log sources."
"I would like to see more integration with more products that are out there within the same security field."
"The console installation is an area with a shortcoming in the solution that needs improvement. If LogRhythm SIEM can offer a web console, it would be great."
"I would like to see case management become more independent from LogRhythm itself."
"Right now there is the concern about being able to gather all of the data into the system."
"NextGen SIEM's integration with other software is good but could be improved."
"We've had issues with scaling and local support."
"I would really like to see some type of group or global management for RIM policies,"
"Writing queries is a bit complicated sometimes."
"Splunk does not provide any default threat intelligence like Microsoft Sentinel, but you can integrate any third-party threat intelligence with Splunk. By default, no threat intelligence suite is there, whereas, with IBM QRadar or Microsoft Sentinel, the default feature of threat intelligence is there. It is free. If Splunk can provide a default threat intelligence suite, it would be better."
"The tool itself is very difficult to configure. It's great for its number of inputs, for the different types of systems devices, and things that it could collect information from. To actually make good use of it, you need a fairly dedicated team of people that have some reasonably good programming or modeling skills to be able to do the things that you need to do with it. Whereas a lot of the other tools are better packaged for that, and so require a lot less training and a lot less dedication."
"The product could be cheaper."
"The setup time is quite long."
"The complexity could be worked on so that it's even easier and faster."
"I feel the solution to be too slow."
"Splunk is query-based, which is not the case with most cybersecurity tools. It is based on search queries and can be difficult to use. It would be good if they can make it easier to understand how to create search queries. They can improve the knowledge base for better understanding. To create your dashboard, you need to have a search query. We have multiple firewalls in our company, and we need a dashboard for them. It would be helpful if a default firewall dashboard is included in Splunk to make monitoring easier. If a dashboard is available for a security device, the operation part will be more efficient. We won't have to follow a manual process for this."