We performed a comparison between ArcSight Enterprise Security Manager (ESM) and Sentinel based on real PeerSpot user reviews.
Find out in this report how the two Security Information and Event Management (SIEM) solutions compare in terms of features, pricing, service and support, easy of deployment, and ROI."The most valuable feature is the UEBA. It's very easy for a security operations analyst. It has a one-touch analysis where you can search for a particular entity, and you can get a complete overview of that entity or user."
"Sentinel has features that have helped improve our security poster. It helped us in going ahead and identifying the gaps via analysis and focusing on the key elements."
"If you know how to do KQL (kusto query language) queries, which are how you query the log data inside Sentinel, the information is pretty rich. You can get down to a good level of detail regarding event information or notifications."
"One of the most valuable features is that it creates a kind of a single pane of glass for organizations that already use Microsoft software. So, when they have things like Microsoft 365, it is very easy for them to kind of plug in or enroll those endpoints into the Azure Sentinel service."
"It has basic out-of-the-box integrations with multiple log sources."
"The dashboard that allows me to view all the incidents is the most valuable feature."
"The automation rules and playbooks are the most useful that I've seen. A number of other places segregate the automation and playbook as separate tools, whereas Microsoft is a SIEM and SOAR tool in one."
"The features that stand out are the detection engine and its integration with multiple data sources."
"It makes maintenance very easy."
"I am satisfied with the solution's stability."
"Once the rules are defined, it becomes easy to detect changes and generate automated logs."
"ArcSight ESM allows us to find if someone is doing an administrative operation at inappropriate times of day or trying to do something they're not allowed to."
"The stability of ArcSight Enterprise Security Manager is good."
"We have been satisfied with the support."
"It is a vital tool for live monitoring and helps us to understand the traffic alerts of any major issue on the network, thereby reducing hacking attempts."
"It is a very useful tool for intelligence building because it has many use cases and many rule sets."
"The solution lets us get all the logs properly and regularly monitor customer infrastructure."
"One of the most valuable features is the business intelligence engine. It's very important because it keeps track of everything that's happening and alerts us if something is different than expected. The first time I used it, I was shocked at how well it performed. Another valuable feature that I think makes this product worth the price you pay for it is that it connects to basically every system that provides some form of logging, and it's very easy to set up what triggers this."
"Sentinel gave us logs to tell us what's going right and wrong in your environment so we could secure the network."
"The most valuable feature is the flexible log for identifying security threats inside an application. Sentinel is very good at this."
"The tool is simple to use."
"The native integration with out-of-the box format is hassle free and allows data to be used advantageously."
"The most valuable feature of Sentinel is the dashboard."
"The most valuable feature of this solution is that it provides a central locking system for many event sources."
"The troubleshooting has room for improvement."
"Sometimes, we are observing large ingestion delays. We expect logs within 5 minutes, but it takes about 10 to 15 minutes."
"Sentinel's reporting is complex and can be more user-friendly."
"Only one thing is missing: NDR is not available out-of-the-box. The competitive cloud-native SIEM providers have the NDR component. Currently, Sentinel needs NDR to be powered from either Corelight or some other NDR provider."
"The interface could be more user-friendly. It''s a small improvement that they could make if they wanted to."
"Multi-tenancy, in my opinion, needs to be improved. I believe it can do better as a managed service provider."
"We're satisfied with the comprehensiveness of the security protection. That said, we do have issues sometimes where there have been global outages and we need to raise a ticket with Microsoft."
"I would like Sentinel to have more out-of-the-box analytics rules. There are already more than 400 rules, but they could add more industry-specific ones. For example, you could have sets of out-of-the-box rules for banking, financial sector, insurance, automotive, etc., so it's easier for people to use it out of the box. Structuring the rules according to industry might help us."
"In other products, I have found that they use some kind of GUI that is drag and drop. While in ArcSight they use still scripting. They should keep scripting because some people prefer scripting but they should have the option for those who prefer using drag and drop."
"I am having issues with report generation with older versions. I don't know if this is because of compatibility issues, but report generation has been a little bit difficult in older versions. It is not similar to the newer and current versions. We are looking at moving to the cloud. It would be good if ArcSight ESM can move to the cloud. They already seem to be working on this. It would also be very helpful and great if we can integrate external threat intelligence, machine learning, and AI into this solution. It has good dashboards, but they can always be better. Its stability can also be improved."
"When I asked our networking juniors for a comparison between LogRhythm and ArcSight, they said that both platforms are almost the same. It is just that LogRhythm is more modern with a digital platform, which probably gives it some advantage over ArcSight. ArcSight is a very old and mature product that is running on an old platform. It is an old legacy platform. In terms of new features, it just requires platform upgrades so that it becomes lighter and easily adaptable, specifically in the cloud. It would be a good thing if they can also make reporting easier."
"The product should include a lot more predefined scenarios so the adopted company will have knowledge and a broader skill set in security and network."
"The biggest requirement is that there is no cloud solution for this product yet. They need to create a cloud version. It's the biggest thing they can do to make the solution better."
"The tool should improve its UI. It also should make data more searchable."
"Micro Focus does not have a physical presence here in Pakistan, although IBM does."
"The initial setup could be more straightforward."
"You need a lot of Unix scripting knowledge in order to manage the tool, which is one of the main issues that we faced."
"Creating a drag-and-drop dashboard or workbook in Sentinel is a little more complex compared to other tools like LogRhythm and IBM QRadar."
"There is no integration in the web-side of the tool."
"I rate Sentinel a six out of ten for scalability."
"It is an ancient product."
"Log source integration with Sentinel needs to be improved."
"This product's connection to certain types of cloud systems could be improved. We can do Microsoft, Google, and Amazon, but there are a lot of other things happening in the cloud that we do not connect well enough to. This product could be improved with better connection to cloud-based solutions."
"I would like to see a better reporting work structure on the dashboard."
More ArcSight Enterprise Security Manager (ESM) Pricing and Cost Advice →
ArcSight Enterprise Security Manager (ESM) is ranked 11th in Security Information and Event Management (SIEM) with 93 reviews while Sentinel is ranked 18th in Security Information and Event Management (SIEM) with 16 reviews. ArcSight Enterprise Security Manager (ESM) is rated 7.8, while Sentinel is rated 7.6. The top reviewer of ArcSight Enterprise Security Manager (ESM) writes "Allows for monitoring logs according to industry standards within ESM but has a total capacity capped at 12 TB, limiting real-time data retention periods". On the other hand, the top reviewer of Sentinel writes "An automated solution that helped me detect threats in less than half the time it used to take". ArcSight Enterprise Security Manager (ESM) is most compared with Splunk Enterprise Security, ArcSight Intelligence, Trellix ESM, IBM Security QRadar and Elastic Security, whereas Sentinel is most compared with IBM Security QRadar, Splunk Enterprise Security, Wazuh and Google Chronicle Suite. See our ArcSight Enterprise Security Manager (ESM) vs. Sentinel report.
See our list of best Security Information and Event Management (SIEM) vendors.
We monitor all Security Information and Event Management (SIEM) reviews to prevent fraudulent reviews and keep review quality high. We do not post reviews by company employees or direct competitors. We validate each review for authenticity via cross-reference with LinkedIn, and personal follow-up with the reviewer when necessary.