We performed a comparison between ArcSight Intelligence and Cisco CMX Analytics [EOL] based on real PeerSpot user reviews.
Find out what your peers are saying about Microsoft, Splunk, Wazuh and others in Security Information and Event Management (SIEM)."If you know how to do KQL (kusto query language) queries, which are how you query the log data inside Sentinel, the information is pretty rich. You can get down to a good level of detail regarding event information or notifications."
"Mainly, this is a cloud-native product. So, there are zero concerns about managing the whole infrastructure on-premises."
"The UI of Sentinel is very good and easy to use, even for beginners."
"I've worked on most of the top SIEM solutions, and Sentinel has an edge in most areas. For example, it has built-in SOAR capabilities, allowing you to run playbooks automatically. Other vendors typically offer SOAR as a separate licensed solution or module, but you get it free with Sentinel. In-depth incident integration is available out of the box."
"The ability of all these solutions to work together natively is essential. We have an Azure subscription, including Log Analytics. This feature automatically acts as one of the security baselines and detects recommendations because it also integrates with Defender. We can pull the sysadmin logs from Azure. It's all seamless and native."
"The automation feature is valuable."
"Free ingestion for Azure logs (with E5 licence)"
"The log analysis is excellent; it can predict what can or will happen regarding use patterns and vulnerabilities."
"We found the correlation engine to be very good. It takes logs from different types of devices and does the correlation in a good way."
"The platform helps us improve threat detection capabilities."
"The product has a valuable interface."
"The most valuable feature of ArcSight Intelligence is a single console where the entire dashboard gives all the connected details in a single place."
"The ability to tailor an environment to suit our specific use cases is a major advantage of ArcSight compared to other logging servers such as Splunk."
"The scalability is one of the best."
"The only thing is sometimes you can have a false positive."
"I can't think of anything other than just getting the name out there. I think a lot of customers don't fully understand the full capabilities of Azure Sentinel yet. It is kind of like when they're first starting to use Azure, it might not be something they first think about. So, they should just kind of get to the point where it is more widely used."
"If I can use Sentinel offline at home and use it on a local network, it would be great. I'm not sure if I can use Sentinel offline versus the tools I have."
"The learning curve could be improved. I am still learning it. We were able to implement the basic features to get them up and running, but there are still so many things that I don't know about all its features. They have a lot of features that we have not been able to use or apply. If they could work on reducing the solution's learning curve, that would be good. While there is a training course held by Microsoft to learn more about this solution, there is a cost associated with it."
"We'd like also a better ticketing system, which is older."
"Documentation is the main thing that could be improved. In terms of product usage, the documentation is pretty good, but I'd like a lot more documentation on Kusto Query Language."
"Currently, the watchlist feature is being utilized, and although there have been improvements, it is still not fully optimized."
"There is room for improvement in entity behavior and the integration site."
"ArcSight Intelligence's pricing needs improvement."
"The frequency of the updates that we are getting can be improved because the number and types of incidents that are happening at the global level are far more than what we are receiving. The frequency of updates feeds related to our rules should be increased. There should be more frequent information about the new rules that are coming and the global threats that are happening. There should be better options for dashboard creation. At present, the dashboards are good, but there is scope to make them better."
"We haven't found the product fully scalable."
"ArcSight Intelligence is a bit slower, and its speed should be improved."
"The dashboard is not user-friendly and is in black and white."
"We don't always know what the configurations are all about. They change the configuration possibilities all of the time and we don't always get the same results."
Earn 20 points
ArcSight Intelligence is ranked 31st in Security Information and Event Management (SIEM) with 5 reviews while Cisco CMX Analytics [EOL] doesn't meet the minimum requirements to be ranked in Security Information and Event Management (SIEM). ArcSight Intelligence is rated 8.0, while Cisco CMX Analytics [EOL] is rated 6.0. The top reviewer of ArcSight Intelligence writes "A user-friendly solution that can be used to integrate the logs properly with different connectors". On the other hand, the top reviewer of Cisco CMX Analytics [EOL] writes "Good for IoT devices and occupation-calculations, but there are issues with stability and it is not user-friendly". ArcSight Intelligence is most compared with ArcSight Enterprise Security Manager (ESM), Exabeam Fusion SIEM and Splunk User Behavior Analytics, whereas Cisco CMX Analytics [EOL] is most compared with .
We monitor all Security Information and Event Management (SIEM) reviews to prevent fraudulent reviews and keep review quality high. We do not post reviews by company employees or direct competitors. We validate each review for authenticity via cross-reference with LinkedIn, and personal follow-up with the reviewer when necessary.