We performed a comparison between ArcSight Logger, Splunk Enterprise Security, and USM Anywhere based on real PeerSpot user reviews.
Find out what your peers are saying about Splunk, Datadog, Wazuh and others in Log Management."It's a brilliant log collection tool, and it can handle hundreds of thousands of servers in a single shot to ingest the data."
"In our country we are a little bit private in terms of solutions, so we are just starting to use the basic data capture. Now some users can start to use additional features that come with Micro Focus ArcSight like user behavior analytics for investigating."
"It is one of the best products available in the market."
"The most valuable feature is the level of detail that you can see about certain events, even when they do not come up in the console."
"Some of the most valuable features I really appreciate are the performance, how quick the solution is, and how easy it is to create a query."
"The ESM use cases are the most valuable. It enables us to use the big data collection inside our company. We are able to create use cases for whatever it suits and I find that the most interesting part of any SIEM solution."
"The technical support team is good...It is a scalable solution."
"ArcSight provides the basic information that we want."
"The most valuable features in Splunk are the search function and the ability to run selected session reports. The session reports are important because I can use them to see what is going on in our environment weekly. Additionally, we can use the graph to see how often that particular event is happening."
"The fact that Splunk is a platform and not just a SIEM solution is a key benefit."
"It has helped us look at modern technology, as well as penetrate our legacy systems, to see where the bottlenecks are."
"The technical support has been very good. They are very responsive and have been helpful."
"Its dashboard is valuable. If you have a good knowledge of how to create a dashboard, you can create any dashboard related to cybersecurity. If fine-tuned, the alarms that are triggered for instant review are also very valuable and useful."
"You can use it to gather syslog messages from anything."
"The most valuable features of the solution are it is straightforward to use and the documentation is good for finding out how to get the data you are looking for."
"Splunk's strongest suit is its user interface. We can integrate multiple solutions and adjust settings in the Splunk interface."
"This solution can identify many threats inside the organization (compromised endpoints, configuration issues), as well as "outside" threats (botnets, network scanners, web-attacks, etc)."
"The main menu: You can see everything there, what is happening on the servers, and in the logs, you can view more details of each event."
"Its powerful correlation engine helps reduce time in manually correlating events."
"The setup is very easy and straightforward."
"We're using it more for reporting, that's all. We're using it to help our customers to pass any kind of audits that they receive."
"The most valuable feature of the solution is the ease of deployment that it provides to users. The integrations that the product has with third-party applications are useful."
"AlienVault's reporting is good. I like that vulnerability assessment is part of the solution, and the UI is intuitive. Also, the overhead is low, which is to say we don't need a dedicated SOC team to manage and analyze things constantly. We're a small company that doesn't have those resources."
"The other big selling feature for us was its integration capabilities with all the other security-based products."
"We have had problems with archiving."
"The product's connectors should work better and the user manuals need an update."
"The initial setup was a little bit complex."
"The speed of Logger indexing and searching for certain bugs for some queries that we provide could be improved. It can handle a huge number of logs but it can be improved."
"It is really difficult to work in ArcSight Logger, as it is very slow."
"It's not a new product and is a bit complex. So, it requires a person dedicated to working on it and to know about it in and out. It is a huge product, and the search operation is a bit complicated for a new user or someone who has not used it for long. So for that person, it becomes a bit difficult."
"I had some latency issues for two months. I had to increase our storage capacity significantly to reduce the latency."
"The solution should make it possible to integrate network analysis features."
"We are waiting for Dashboard Studio to mature a little bit more. There are some things that we are using with Classic Dashboards which have not yet made it to Dashboard Studio. We are waiting for that."
"AngularJS/ReactJS inclusion could be made easier in GUI."
"The only improvement I am expecting is the cost of the licensing. Clients are going to other solutions just because of the cost."
"Splunk could improve its default machine-learning models. Also, Splunk Enterprise's native threat intelligence isn't that good. I prefer a custom threat intelligence model."
"We find that the maintenance process could be a lot better."
"An improved user interface along with multi-tenancy support would be beneficial."
"The presence of multiple layers creates a significant challenge for monitoring across cloud environments."
"This solution could be improved by better pricing in general and by easier installation."
"I've been told that AlienVault doesn't have a full version of NES running in there, but I'm not sure if that's accurate or if my engineer made it that way. I'm not sure he was completely honest either because we had NES in the environment before. Those tools could be improved because AlienVault is a SIEM, and it added all these other features."
"One area that has room for improvement is storage. AllienVault is a good place to put logs, but sometimes it's a tough place to go get logs... The logger can only hold so much data. If they improved that, that would help."
"The only room for improvement I can mention is the initial installation procedures. I found that the online installation instructions for the product were missing important details, they lacked necessary steps."
"Maybe logs are the problem, as the database query is too slow. If you want to search something, you need time to find it."
"The dashboard could be improved as well as the level of customization."
"In the future, I would like to see all these features of the solution working properly."
"USM Anywhere relies a lot on the community putting the data in. Often, you'll right-click on the attack, but nothing will be found. That's a weakness of it."
"There are many reports included but would be nice to have better access to the data."