We performed a comparison between Graylog, Splunk Enterprise Security, and USM Anywhere based on real PeerSpot user reviews.
Find out what your peers are saying about Splunk, Datadog, Wazuh and others in Log Management."We're using the Community edition, but I know that it has really good dashboarding and alerts."
"Everything stands out as valuable, including the fact that I can quantify and qualify the logs, create pipelines and process the logs in any way I like, and create charts or data maps."
"The ability to write custom alerts is key to information security and compliance."
"One of the most valuable features is that you are able to do a very detailed search through the log messages in the overview."
"I like the correlation and the alerting."
"This had increased productivity for the dev and support teams, because we are directly notifying them."
"I am very proud of how very stable the solution is."
"UDP is a fast and lightweight protocol, perfect for sending large volumes of logs with minimal overhead."
"Easy to deploy and simple to use."
"The initial setup isn't overly complex."
"The solution is stable and reliable."
"We can present to our management in real time the security of the batch management for the PCs, security regarding the network equipment. We're currently working in the Azure Cloud project, so we can send any logs from the cloud to Splunk. We can monitor them and we can present to the managers and customers. It's a very good solution for reporting. We use Splunk for reporting and monitoring of any solution in the company."
"The correlation capabilities are the first value that our clients say they like with Splunk."
"The dashboards are the most valuable feature. We like the ability to drill in and see what queries are under the dashboard, build new visualizations, edit the querying, and see the reports."
"We saw the granularity that we could get from Splunk far exceeded what we already had. We had the ability to have our security team really focus on the platform and stay within the platform, but they could correlate with a variety of other stakeholders, and our stakeholders were growing."
"Splunk's interface is user-friendly, and it has apps and add-ons for most applications. We can easily normalize the data to make it readable and understand the logs. We easily get all the field extractions and enrichment done by using the apps and add-ons. This helps us understand the application logs because the raw data is useless unless we extract some useful information from it. These add-ons make it so much easier."
"Any unusual behaviour, we can monitor. We have alerts set up to be sent when we receive signs of any unusual behaviour."
"Using the communication within the security device, it is easier to create plugins."
"Easy to use, scalable, stable, and very intuitive platform that provides protection against security threats."
"We are able to get alerts perfectly with FIM and VA features."
"The most valuable feature in AT&T AlienVault USM is the reporting."
"It allows for a lot of out-of-the-box features: vuln scanning, HIDS/HIPS, and IDS."
"Every activity on the firewall is recorded, and notifications are sent with this solution."
"AlientVault has helped us in improving our visualization and incident response during cybersecurity situations."
"We ran into problems with Elasticsearch throwing a circuit-breaking exception due to field data size being too large. It turned out that the heap size directly impacted this size in a high-throughput environment, causing unexplained instability in Graylog. We were able to troubleshoot on the Elasticsearch size, but we should have been able to reference some minimum requirements for Graylog to know that our settings weren't sufficient."
"More customization is always useful."
"There should be some user groups and an auto sign-in feature."
"Graylog can improve the index rotation as it's quite a complex solution."
"Graylog could improve the process of creating rules. We have to create them manually by doing parses and applying them. Other SIEM solutions have basic rules and you can create and get more events of interest."
"Lacks sufficient documentation."
"Elasticsearch recommendations for tuning could be better. Graylog doesn't have direct support for running the system inside of Kubernetes, so it can be challenging to fill in the gaps and set up containers in a way that is both performant and stable."
"It would be great if Graylog could provide a better Python package in order to make it easier to use for the Python community."
"Splunk could improve its default machine-learning models. Also, Splunk Enterprise's native threat intelligence isn't that good. I prefer a custom threat intelligence model."
"This is a costly solution."
"The implementation and the scanning of the logs can be difficult."
"It needs more thoroughly tested releases. Every new big version (6, 7, etc.) has had so many bugs that it makes me wary of customers upgrading right away."
"From the commercial point of view, they have to bring down their costs."
"The configuration had a bit of a learning curve."
"I haven't found a way for me to create my own plugins and integrate them into Splunk, but this isn't necessarily a limitation; it could simply be a lack of knowledge on my part."
"The price has room for improvement."
"Different functions to customize reports should be added."
"There are many reports included but would be nice to have better access to the data."
"AT&T AlienVault USM can improve searchable data. It should be available for more than 90 days. If you need more than 90 days of data, you have to put a request and they give you raw data, which is not easy to search. A good addition would be to allow users to search data older than 90 days."
"The solution already has quite good tools, however, they need better integration tools for linking with Office 365, Google Suite, and so on."
"Its reporting tools need improvements. It would be good if they can provide integration with other ticketing systems. Currently, we only have integration with Slack and Jira. It is also a bit slow, and its replication engine can be improved."
"I've been using it just for my own personal upskilling in terms of how the product works. At the moment, it is pretty straightforward and simple, and it is working how it is supposed to. The feedback would come once it is deployed to customer sites. They'll be using it on a more frequent basis, and that's when the feedback would come in terms of the areas in which they're facing issues or are looking for simplicity."
"One area that has room for improvement is storage. AllienVault is a good place to put logs, but sometimes it's a tough place to go get logs... The logger can only hold so much data. If they improved that, that would help."
"The solution is a bit complicated. It could be simplified quite a bit."