We performed a comparison between ArcSight Intelligence and Microsoft Purview Insider Risk Management based on real PeerSpot user reviews.
Find out what your peers are saying about Microsoft, Splunk, Wazuh and others in Security Information and Event Management (SIEM)."The main benefit is the ease of integration."
"The connectivity and analytics are great."
"It is always correlating to IOCs for normal attacks, using Azure-related resources. For example, if any illegitimate IP starts unusual activity on our Azure firewall, then it automatically generates an alarm for us."
"The initial setup is very simple and straightforward."
"The dashboard that allows me to view all the incidents is the most valuable feature."
"Free ingestion for Azure logs (with E5 licence)"
"The UI-based analytics are excellent."
"The automation feature is valuable."
"The product has a valuable interface."
"The ability to tailor an environment to suit our specific use cases is a major advantage of ArcSight compared to other logging servers such as Splunk."
"We found the correlation engine to be very good. It takes logs from different types of devices and does the correlation in a good way."
"The most valuable feature of ArcSight Intelligence is a single console where the entire dashboard gives all the connected details in a single place."
"The platform helps us improve threat detection capabilities."
"The best thing about Purview is that it's easy to integrate with our day-to-day environment. We have Active Directory, and Word and Excel. Using a third-party vendor and trying to integrate with our existing environment would be much more challenging."
"The product can be improved by reducing the cost to use AI machine learning."
"The playbook is a bit difficult and could be improved."
"If their UI was a bit more streamlined and easy to find when I need it, then that would be a great improvement."
"Azure Sentinel will be directly competing with tools such as Splunk or Qradar. These are very established kinds of a product that have been around for the last seven, eight years or more."
"One key area that can be improved is by building a strong integration with our XDR platform."
"There is some relatively advanced knowledge that you have to have to properly leverage Sentinel's full capabilities. I'm thinking about things like the creation of workbooks, how you do threat-hunting, and the kinds of notifications you're getting... It takes time for people to ramp up on that and develop a familiarity or expertise with it."
"Sentinel could improve its ticketing and management. A few customers I have worked with liked to take the data created in Sentinel. You can make some basic efforts around that, but the customers wanted to push it to a third-party system so they could set up a proper ticketing management system, like ServiceNow, Jira, etc."
"The KQL query does not function effectively with Windows 11 machines, and in the majority of machine-based investigations, KQL queries are essential for organizing the data during investigations."
"We haven't found the product fully scalable."
"The frequency of the updates that we are getting can be improved because the number and types of incidents that are happening at the global level are far more than what we are receiving. The frequency of updates feeds related to our rules should be increased. There should be more frequent information about the new rules that are coming and the global threats that are happening. There should be better options for dashboard creation. At present, the dashboards are good, but there is scope to make them better."
"ArcSight Intelligence's pricing needs improvement."
"The dashboard is not user-friendly and is in black and white."
"ArcSight Intelligence is a bit slower, and its speed should be improved."
"For certain things, you need to install an agent. I understand it's for integrity, but if there could be a clientless solution for certain aspects, it would make life easier."
ArcSight Intelligence is ranked 31st in Security Information and Event Management (SIEM) with 5 reviews while Microsoft Purview Insider Risk Management is ranked 3rd in Insider Risk Management with 1 review. ArcSight Intelligence is rated 8.0, while Microsoft Purview Insider Risk Management is rated 8.0. The top reviewer of ArcSight Intelligence writes "A user-friendly solution that can be used to integrate the logs properly with different connectors". On the other hand, the top reviewer of Microsoft Purview Insider Risk Management writes "Eliminates manual work in searching for document leaks and makes it easy to present reports to auditors". ArcSight Intelligence is most compared with ArcSight Enterprise Security Manager (ESM), Exabeam Fusion SIEM and Splunk User Behavior Analytics, whereas Microsoft Purview Insider Risk Management is most compared with Splunk User Behavior Analytics, Dtex Systems, Microsoft Defender for Identity, LogRhythm UEBA and Netskope Advanced Analytics.
We monitor all Security Information and Event Management (SIEM) reviews to prevent fraudulent reviews and keep review quality high. We do not post reviews by company employees or direct competitors. We validate each review for authenticity via cross-reference with LinkedIn, and personal follow-up with the reviewer when necessary.