We performed a comparison between ArcSight Intelligence and Rapid7 InsightVM based on real PeerSpot user reviews.
Find out what your peers are saying about Microsoft, Splunk, Wazuh and others in Security Information and Event Management (SIEM)."Azure Application Gateway makes things a lot easier. You can create dashboards, alert rules, hunting and custom queries, and functions with it."
"The main benefit is the ease of integration."
"The most valuable features in my experience are the UEBA, LDAP, the threat scheduler, and integration with third-party straight perform like the MISP."
"The initial setup is very simple and straightforward."
"The analytics has a lot of advantages because there are 300 default use cases for rules and we can modify them per our environment. We can create other rules as well. Analytics is a useful feature."
"The UI-based analytics are excellent."
"Microsoft Sentinel provides the capability to integrate different log sources. On top of having several data connectors in place, you can also do integration with a threat intelligence platform to enhance and enrich the data that's available. You can collect as many logs and build all the use cases."
"I like the unified security console. You can close incidents using Sentinel in all other Microsoft Security portals, when it comes to incident response."
"We found the correlation engine to be very good. It takes logs from different types of devices and does the correlation in a good way."
"The ability to tailor an environment to suit our specific use cases is a major advantage of ArcSight compared to other logging servers such as Splunk."
"The most valuable feature of ArcSight Intelligence is a single console where the entire dashboard gives all the connected details in a single place."
"The platform helps us improve threat detection capabilities."
"The product has a valuable interface."
"When it comes to the process, installation is very easy and does not take long."
"One of the most valuable features is it's graphical dashboard feature. It is quite easy to manage the widgets, and we can customize those according to our queries."
"The remediation project is a pretty effective because it allows us, as clients or countries, to choose specific assets and set limitations on them for a certain period which allows us to track and follow up on those limitations. However, when it comes to real-time monitoring and live dashboards, InsightVM doesn't quite fit the bill. It's not a real-time solution and is not instant."
"There are many integrations with things like the VMware NSX that are great, the reporting is really solid."
"NeXpose is a pretty good vulnerability scanner... There's a nice dashboard."
"It is good and fits well with pretty much all of our use case needs."
"The pricing is reasonable."
"You can bring in and get online to do reports fairly quickly,"
"We have been working with multiple customers, and every time we onboard a customer, we are missing an essential feature that surprisingly doesn't exist in Sentinel. We searched the forums and knowledge bases but couldn't find a solution. When you onboard new customers, you need to enable the data connectors. That part is easy, but you must create rules from scratch for every associated connector. You click "next," "next," "next," and it requires five clicks for each analytical rule. Imagine we have a customer with 150 rules."
"If their UI was a bit more streamlined and easy to find when I need it, then that would be a great improvement."
"Sentinel still has some anomalies. For example, sometimes when we write a query for log analysis with KQL, it doesn't give us the data in a proper way... Also, the fields or columns could be improved. Sometimes, it is not giving the desired results and there is a blank field."
"They're giving us the queries so we can plug them right into Sentinel. They need to have a streamlined process for updating them in the tool and knowing when things are updated and knowing when there are new detections available from Microsoft."
"Its implementation could be simpler. It is not really simple or straightforward. It is in the middle. Sometimes, connectors are a little bit complex."
"Sentinel's alerts and notifications are not fully optimized for mobile devices. The overall reporting and the analytics processes for the end user should also be improved. Also, the compatibility and availability of data sources and reports are not always perfect."
"The troubleshooting has room for improvement."
"Documentation is the main thing that could be improved. In terms of product usage, the documentation is pretty good, but I'd like a lot more documentation on Kusto Query Language."
"The frequency of the updates that we are getting can be improved because the number and types of incidents that are happening at the global level are far more than what we are receiving. The frequency of updates feeds related to our rules should be increased. There should be more frequent information about the new rules that are coming and the global threats that are happening. There should be better options for dashboard creation. At present, the dashboards are good, but there is scope to make them better."
"We haven't found the product fully scalable."
"ArcSight Intelligence is a bit slower, and its speed should be improved."
"ArcSight Intelligence's pricing needs improvement."
"The dashboard is not user-friendly and is in black and white."
"There was functionality present previously, however, currently, we can't integrate directly with Jira Service Desk - only the cloud version."
"This solution creates false-positives which can cause issues with reporting."
"Technical support does not respond quickly."
"There have been instances where technical support takes a long time to update the status of a ticket, which is something that can be improved."
"The reporting is very bad when you compare it with other vulnerability assessment tools."
"It is still not a fully cloud-based solution. It will be helpful for customers if it is a complete cloud solution. It is a hybrid solution at the moment."
"The on-premise updates could improve from Rapid7 InsightVM."
"Some difficulties with the online reporting and lack of integrations."
ArcSight Intelligence is ranked 31st in Security Information and Event Management (SIEM) with 5 reviews while Rapid7 InsightVM is ranked 4th in Risk-Based Vulnerability Management with 55 reviews. ArcSight Intelligence is rated 8.0, while Rapid7 InsightVM is rated 8.0. The top reviewer of ArcSight Intelligence writes "A user-friendly solution that can be used to integrate the logs properly with different connectors". On the other hand, the top reviewer of Rapid7 InsightVM writes "You can scan a network, and receive recommendations to address vulnerabilities with the click of a button". ArcSight Intelligence is most compared with ArcSight Enterprise Security Manager (ESM), Exabeam Fusion SIEM and Splunk User Behavior Analytics, whereas Rapid7 InsightVM is most compared with Tenable Nessus, Qualys VMDR, Tenable Security Center, Microsoft Defender Vulnerability Management and Rapid7 InsightIDR.
We monitor all Security Information and Event Management (SIEM) reviews to prevent fraudulent reviews and keep review quality high. We do not post reviews by company employees or direct competitors. We validate each review for authenticity via cross-reference with LinkedIn, and personal follow-up with the reviewer when necessary.