We performed a comparison between ArcSight Logger, Graylog, and IBM Security QRadar based on real PeerSpot user reviews.
Find out what your peers are saying about Splunk, Datadog, Wazuh and others in Log Management."Our return on investment for implementing ArcSight Logger over the past 12 months has been positive."
"The log digestion features from threat intelligence platforms like Recorded Future or Talos are valuable."
"ArcSight's robustness is its most valuable feature."
"It is one of the best products available in the market."
"The ESM use cases are the most valuable. It enables us to use the big data collection inside our company. We are able to create use cases for whatever it suits and I find that the most interesting part of any SIEM solution."
"It's a robust, mature product and you can do some really complex operations and analytics."
"It provides in-depth information on business activities once we log into the system."
"The technical support team is good...It is a scalable solution."
"I am very proud of how very stable the solution is."
"Open source and user friendly."
"One of the most valuable features is that you are able to do a very detailed search through the log messages in the overview."
"Everything stands out as valuable, including the fact that I can quantify and qualify the logs, create pipelines and process the logs in any way I like, and create charts or data maps."
"It is used as a log manager/SIEM. It provides visibility into the infrastructure and security related events."
"We're using the Community edition, but I know that it has really good dashboarding and alerts."
"Allowing us to set up alerts and integrate with platforms we already use, such as Slack and OpsGenie to alert users of these errors proactively, is also a very useful feature."
"We have scaled from a single machine installation (a VM with a Graylog + ES + MongoDB) to (2 Graylog + 2 ES + 3 MongoDB). This was done smoothly with a minimal impact on logging."
"The product provides a complete platform for ingesting the log, doing the correlations and handling the runtime."
"A nice benefit is when we go to the process of selecting our youth cases, they go by building blocks. QRadar links it to building blocks."
"It is suitable for large companies with critical infrastructure. For our clients, robustness, availability at a high level, and the level of references and experiences connected to the solution are important."
"IBM has everything you need in a cybersecurity solution. If you want to build a cybersecurity operation center version then I think QRadar is a perfect solution."
"QRadar has somewhat of a new structure recently from last gen. They have moved from the standard UI based infrastructure."
"We get events and make the correlation, or rules. In IBM, we can implement our customer's rules. We can have very clear status threats and severity of antigens."
"The solution is reliable."
"It is a bit easier to use than other products, such as Splunk or ELK Elasticsearch."
"Using the ArcSight Logger dashboard is not particularly intuitive or efficient, so it is important to be trained in its use."
"I would rate the technical support only 5 out of 10. The technical support is not satisfactory."
"The speed of Logger indexing and searching for certain bugs for some queries that we provide could be improved. It can handle a huge number of logs but it can be improved."
"We have had problems with archiving."
"The platform is quite expensive. They should reduce its cost."
"It is really difficult to work in ArcSight Logger, as it is very slow."
"The solution could be improved in maintenance settings."
"I think the ArcSight team should try to simplify legacy products for the customers, because that product is not easy to use or to work with. It needs more more competency or appeal to use. We hope Micro Focus is trying to resolve this."
"Dashboards, stream alerts and parsing could be improved."
"I would like to see a date and time in the Graylog Grok patterns so that I can save time when searching for a log. I like how the streams and the search query work, but adding a date and time will allow me to pull out a log in a milli-second."
"I would like to see a default dashboard widget that shows the topology of the clusters defined for the graylog install."
"The infrastructure cost is the main issue. I like the rest. If the infrastructure costs could be lower, it would be fantastic."
"Over six months, I had two similar issues where searches were performed on field "messages". It exhausted all the memory of the ES node causing an ES crash and a Graylog halt."
"We ran into problems with Elasticsearch throwing a circuit-breaking exception due to field data size being too large. It turned out that the heap size directly impacted this size in a high-throughput environment, causing unexplained instability in Graylog. We were able to troubleshoot on the Elasticsearch size, but we should have been able to reference some minimum requirements for Graylog to know that our settings weren't sufficient."
"There should be some user groups and an auto sign-in feature."
"Since container orchestration systems are popular and Graylog fits the niche well, perhaps they could officially support running in docker containers on Kubernetes as a StatefulSet as a use case. That way, the declarative nature of Kubernetes config files would document their best case deployment scenario-"
"There could be improvements made to the UI, the user interface. Though the newer version, 7.3.2, might already have this improvement in place."
"From a functionality point of view there are issues sometimes."
"Ideally we would like a mobile version so that any alert that comes in will notify us in a mobile app, or by using SMS integration."
"They have to build more quantitative monitoring, profiling, and make it more predictive."
"I don't give it a 10 because it is something we have to request. I would love it if UBA was included out of the box like Microsoft."
"I need a solution which will send alerts in the event of any behavior."
"This solution is on-premise and many customers are moving to the cloud base solution."
"The solution should enhance its capabilities of UEBA and AI/ML tech modeling."