We performed a comparison between ArcSight Logger, IBM Security QRadar, and ManageEngine EventLog Analyzer based on real PeerSpot user reviews.
Find out what your peers are saying about Splunk, Datadog, Wazuh and others in Log Management."The solution provides information about the risk factors."
"It's a brilliant log collection tool, and it can handle hundreds of thousands of servers in a single shot to ingest the data."
"It's a robust, mature product and you can do some really complex operations and analytics."
"The log digestion features from threat intelligence platforms like Recorded Future or Talos are valuable."
"ArcSight's robustness is its most valuable feature."
"The ability to customize the solution in great detail is its most valuable features. We can customize the use cases and also have the ability to do scripting. We can personalize our dashboard as well. The scalability the solution offers is quite impressive."
"We check a lot of logs in ArcSight Logger because we're running a massive database platform."
"ArcSight provides the basic information that we want."
"Integrations are quite a useful and key feature of this solution. It has integration with the CVSS score, which is a central point for all the data and scores about the threats. There is an IBM Bluemix dashboard that is integrated with the CVSS score."
"The solution can scale."
"In terms of the most valuable features, the log collections and log processing mechanisms are good. They have good dashboards."
"It is very stable. We have not faced interruptions in the past four and a half years."
"The most valuable feature is the searching capability and real-time operational use."
"The scalability is very good. It's not a problem."
"The most valuable features are all the implementations, the plug-ins, and the User Behavior Analytics (UBA)."
"This is a good tool to have because it gives you the ability to track what is currently happening in your environment."
"The initial setup is straightforward"
"The tool's reports show activities."
"What I found most useful in ManageEngine EventLog Analyzer is its integration with other ManageEngine applications. It seamlessly integrates throughout the ManageEngine suite, and that's beneficial. I also like that the solution has chain management capabilities, it has a modular approach, and it's easy to reach the support team."
"It is stable."
"The log management has helped to improve my organization."
"The most valuable features of ManageEngine EventLog Analyzer are the number of capabilities, file integration monitoring, web server log collection, and alert configuration."
"The user interface is very good."
"ManageEngine EventLog Analyzer is easy to gather reports to give to management. My supervisor has access to the solution and he enjoys the graphs."
"It's not a new product and is a bit complex. So, it requires a person dedicated to working on it and to know about it in and out. It is a huge product, and the search operation is a bit complicated for a new user or someone who has not used it for long. So for that person, it becomes a bit difficult."
"The speed of Logger indexing and searching for certain bugs for some queries that we provide could be improved. It can handle a huge number of logs but it can be improved."
"We find that the search and access functionality is quite slow."
"I think the ArcSight team should try to simplify legacy products for the customers, because that product is not easy to use or to work with. It needs more more competency or appeal to use. We hope Micro Focus is trying to resolve this."
"You have limited reporting capabilities and I wouldn't choose ArcSight Logger for this purpose."
"I would rate the technical support only 5 out of 10. The technical support is not satisfactory."
"The solution should make it possible to integrate network analysis features."
"The solution must provide readymade connectors for different applications."
"IBM Security QRadar’s GUI could be improved."
"I'm not sure about the stability just yet. We've observed a few issues and we raised a supporting ticket for it."
"QRadar's performance has room for improvement because it cannot handle the volume. I need massive amounts of logs from various devices in our existing network architecture. IBM needs to improve QRadar's capacity to handle more logs."
"I have noticed the interface has room for improvement."
"Certain updates—especially when using Azure—don't apply directly. Our engineering team must invest additional effort to implement these updates. However, the tool's cloud-based version poses no issues. However, upgrading the product can sometimes be challenging for on-premises instances."
"In terms of additional features, a mobile app would be nice. Also, the reporting is definitely okay, but you have to make sure that everybody with different roles can understand it. There is room for improvement in the reporting."
"I would like for Yara to be supported by all components."
"The weak signal detection with QRadar needs improvement. You can detect what you know, but what is unknown to the rule engine can't be detected."
"It may not be as easy to use as Splunk."
"What I'd like to see as an improvement to ManageEngine EventLog Analyzer is for it to be more AI-driven. Having more automation would also make the solution better."
"Support could improve to make the solution better."
"I would like to see more detailed reports."
"The solution is stable. However, there are limits. For example, we can do 2,500 Syslog events per second, but if we want to do more we have to install the distributor structure, and then we can expand how many events we can do. They could improve the stability."
"The solution should improve on its log capturing capabilities."
"The scalability is limited."
"The customization of reports could be a lot easier. It is not difficult but it could be made easier."
More ManageEngine EventLog Analyzer Pricing and Cost Advice →