We performed a comparison between SolarWinds Security Event Manager and Trellix Helix based on real PeerSpot user reviews.
Find out in this report how the two Security Information and Event Management (SIEM) solutions compare in terms of features, pricing, service and support, easy of deployment, and ROI."The Log analytics are useful."
"If you know how to do KQL (kusto query language) queries, which are how you query the log data inside Sentinel, the information is pretty rich. You can get down to a good level of detail regarding event information or notifications."
"Sentinel is a Microsoft product, so they provide very robust use cases and analytic groups, which are very beneficial for the security team. I also like the ability to integrate data sources into the software for on-premise and cloud-based solutions."
"Its inbuilt Kusto Query Language is a valuable feature. It provides the flexibility needed to leverage advanced data analytics rules and policies and enables us to easily navigate all our security events in a single view. It helps any user easily understand the data or any security lags in their data and applications."
"We have no complaints about the features or functionality."
"The native integration of the Microsoft security solution has been essential because it helps reduce some false positives, especially with some of the impossible travel rules that may be configured in Microsoft 365. For some organizations, that might be benign because they're using VPNs, etc."
"Having your logs put all in one place with machine learning working on those logs is a good feature. I don't need to start thinking, "Where are my logs?" My logs are in a centralized repository, like Log Analytics, which is why you can't use Sentinel without Log Analytics. Having all those logs in one place is an advantage."
"The best functionality that you can get from Azure Sentinel is the SOAR capability. So, you can estimate any type of activity, such as when an alert was triggered or an incident was found."
"SolarWinds is effective for server, network, and log monitoring. It's also good for IP address management. We also have a patch manager, but we're still working on getting that operational."
"The most valuable feature of this solution is the visibility into both attempted and failed logins."
"The solution helps me to go back in time and search for different events. For example, if you wanted to know who activated an account; you could go back in time and find out."
"It's extremely easy to deploy."
"SolarWinds Security Event Manager has been generally working well."
"It supports high availability, which is very helpful."
"SolarWinds' stability is fine. I don't think we've had any software issues."
"The solution helps you monitor database instances, application instances, other customer application things, Linux servers, IBM servers, and Oracle servers."
"Trellix Helix helps prevent email attacks, like phishing and email spoofing attacks."
"FireEye Helix's best features are its speed and use of an easy-to-understand language to send queries to the raw logs."
"The most valuable features include predefined use cases and threatening states."
"It is kind of simple and very easily deployable. You can start working with it very fast."
"I like that it's easy. It's got the protection set up, and we can see whatever is required. We write our own rules and the rules that we can input. I think it is good."
"The product offers very strong automation. Our cyber security analysts don't have to correlate the information to detect problems. They only need to analyze problems that have been identified by the platform."
"The integration is very useful and very easy. You can have an API connection with any cloud and I'll be able to do both ways of communication with the help of APA."
"Some of the data connectors are outdated, at least the ones that utilize Linux machines for log forwarding. I believe that Microsoft is already working on improving this."
"The solution could be more user-friendly; some query languages are required to operate it."
"Sometimes, it is hard for us to estimate the costs of Microsoft Sentinel."
"Only one thing is missing: NDR is not available out-of-the-box. The competitive cloud-native SIEM providers have the NDR component. Currently, Sentinel needs NDR to be powered from either Corelight or some other NDR provider."
"Currently, the watchlist feature is being utilized, and although there have been improvements, it is still not fully optimized."
"For certain vendors, some of the data that Microsoft Sentinel captures is redacted due to privacy reasons."
"If Sentinel had a graphical user interface, it would be easier to use. I would also like it to be more customizable."
"When it comes to ingesting Azure native log sources, some of the log sources are specific to the subscription, and it is not always very clear."
"I imagine we will have to develop our own reports soon, this seems to be more cumbersome."
"We'd like more customization capabilities."
"One of the drawbacks of being so flexible is that it is also a fairly complicated software application to install, configure, and maintain."
"The company had to use a third party for the implementation of the solution."
"The solution's technical support is okay, but we don't have an SLA, and sometimes the response times are very slow."
"I don't think SolarWinds is scalable enough. It is somewhat limited when I need to deploy it across multiple environments in a distributed architecture."
"Training for this solution needs to be improved, as new employees are sometimes unfamiliar with the product."
"There is no correlation made between log entries, so no threat information is presented."
"Trellix Helix's configuration and learning could be improved to identify normal traffic from abnormal and to identify trusted domains."
"The graphical user interface could be improved. It's not easy to handle and it's not easy for a customer or end-user to learn how to manage the solution."
"We have certain challenges with integrating the SOAR platform with multiple vendors."
"Sometimes the rules are disabled by FireEye, and we basically get it after the patch. I think there needs to be a better way of creating the application rules. I would like to see better pricing for our licensing."
"It should have more cloud connectors. It could also be cheaper."
"FireEye Helix would be improved with the option of an on-prem version, which they don't currently offer."
"Integrations could be improved, and the dashboard could be a little better."
More SolarWinds Security Event Manager Pricing and Cost Advice →
SolarWinds Security Event Manager is ranked 21st in Security Information and Event Management (SIEM) with 24 reviews while Trellix Helix is ranked 32nd in Security Information and Event Management (SIEM) with 7 reviews. SolarWinds Security Event Manager is rated 7.8, while Trellix Helix is rated 8.6. The top reviewer of SolarWinds Security Event Manager writes "A comprehensive network security with robust technical capabilities, effective threat response, and centralized management". On the other hand, the top reviewer of Trellix Helix writes "Helps prevent email attacks, like phishing and email spoofing attacks". SolarWinds Security Event Manager is most compared with ManageEngine Log360, Splunk Enterprise Security, IBM Security QRadar, Microsoft Defender XDR and Wazuh, whereas Trellix Helix is most compared with LogRhythm SIEM, Splunk Enterprise Security, Trellix ESM, IBM Security QRadar and USM Anywhere. See our SolarWinds Security Event Manager vs. Trellix Helix report.
See our list of best Security Information and Event Management (SIEM) vendors.
We monitor all Security Information and Event Management (SIEM) reviews to prevent fraudulent reviews and keep review quality high. We do not post reviews by company employees or direct competitors. We validate each review for authenticity via cross-reference with LinkedIn, and personal follow-up with the reviewer when necessary.
