We performed a comparison between Logpoint and Trellix ESM based on real PeerSpot user reviews.
Find out in this report how the two Security Information and Event Management (SIEM) solutions compare in terms of features, pricing, service and support, easy of deployment, and ROI."Sentinel has an intuitive, user-friendly way to visualize the data properly. It gives me a solid overview of all the logs. We get a more detailed view that I can't get from the other SIEM tools. It has some IP and URL-specific allow listing"
"What is most useful, is that it has a good connection to the Microsoft ecosystem, and I think that's the key part."
"Sentinel also enables you to ingest data from your entire ecosystem and not just from the Microsoft ecosystem. It can receive data from third-party vendors' products such firewalls, network devices, and antivirus solutions. It's not only a Microsoft solution, it's for everything."
"We didn't have anything similar. So, it really provides value from the incidents and automation point of view. The overview of the security fabric is most valuable."
"I like the KQL query. It simplifies getting data from the table and seeing the logs. All you need to know are the table names. It's quite easy to build use cases by using KQL."
"It has a lot of great features."
"The automation feature is valuable."
"The most valuable feature is the onboarding of the workloads. You can see all that has been onboarded in your account on the dashboards."
"Technical support is responsive and very friendly."
"The main advantage of Logpoint is the support service. They reply within ten minutes to an hour to our queries."
"It is a very comprehensive solution for gathering data. It has got a lot of capabilities for collecting logs from different systems. Logs are notoriously difficult to collect because they come in all formats. LogPoint has a very sophisticated mechanism for you to be able to connect to or listen to a system, get the data, and parse it. Logs come in text formats that are not easily parseable because all logs are not the same, but with LogPoint, you can define a policy for collecting the data. You can create a parser very quickly to get the logs into a structured mechanism so that you can analyze them."
"They basically charge you in a better way."
"The integration is very user-friendly. There are not many CLI commands. Everything is directly accessible from the web interface."
"The solution's user interface is quite simple, and the integration is better than other products."
"Log collection, dashboards and reporting are good."
"The most valuable features are the ones that we use the most, which are the search and report facilities."
"It is easy to use and deploy. It comes with user-friendly manuals."
"The solution's technical support is great."
"The most valuable feature is the capability to correlate different events from different platforms that we feed into it."
"Trellix ESM is very user-friendly."
"The most valuable feature is that if the scanning does find something, it quarantines it. Then you can decide what you are going to do with it."
"The support I have received from the vendor has been great."
"It is easy to use."
"It is a good central viewpoint for issues. These can then be investigated in more detail on the subnet server(s)/endpoints."
"The built-in SOAR is not really good out-of-the-box. The SOAR relies on logic apps and you almost need to have some kind of developer background to be able to make these logic apps. Most security people cannot develop anything..."
"They need to work with other security vendors. For example, we replaced our email gateway with Symantec, but we couldn't collect these logs with Azure Sentinel. Instead of collecting these logs with Azure Sentinel, we are collecting them on Qradar. We couldn't do it with Sentinel, which is a problem for us."
"Microsoft should improve Sentinel, considering that from the legacy systems, it cannot collect logs."
"The solution should allow for a streamlined CI/CD procedure."
"I would like to be able to monitor applications outside of the Azure Cloud."
"There is some relatively advanced knowledge that you have to have to properly leverage Sentinel's full capabilities. I'm thinking about things like the creation of workbooks, how you do threat-hunting, and the kinds of notifications you're getting... It takes time for people to ramp up on that and develop a familiarity or expertise with it."
"Sentinel could improve its ticketing and management. A few customers I have worked with liked to take the data created in Sentinel. You can make some basic efforts around that, but the customers wanted to push it to a third-party system so they could set up a proper ticketing management system, like ServiceNow, Jira, etc."
"They only classify alerts into three categories: high, medium, and low. So, from the user's point of view, having another critical category would be awesome."
"Sometimes, the product is not stable."
"It is complicated to collect daily logs from other systems."
"LogPoint can improve its dashboards. We are not able to customize the dashboard when creating them. They only have preset dashboards which do not have exactly what we are looking for."
"One of the things we faced last year was that we had some memory issues with the server running. We were running them as virtual services, and we were facing some performance issues. Back then, there were some things that had already been solved at the end, but one of the small issues we had was that it was quite memory-consuming. After one upgrade that we did, we faced some performance issues."
"It is a good product, but its interface or GUI could be better."
"One of the downsides is it is not a SaaS solution. It must be on-premises."
"LogPoint must find a way to integrate the servers without agents."
"Log management could be better because transporting the log from a password to the client system takes time."
"I would like to see good analytics in future releases."
"There are always multiple bugs in the product. For example, the console page was hanging multiple times. Afterwards, they released multiple upgrades for the same, multiple patches from McAfee."
"The solution needs to improve case management. The UI is confusing."
"Product-wise, adding accounts on a single data source by batch would be a really great help."
"The support from McAfee ESM could improve. They could improve the speed."
"I would like to see fingerprint recognition included in the next release of this solution."
"The disk space needed for events is not clear. In all clients, we had at least more than 100GB free that we could not use."
"The product’s alert response feature needs improvement. It could be more flexible and secure."
Logpoint is ranked 24th in Security Information and Event Management (SIEM) with 20 reviews while Trellix ESM is ranked 18th in Security Information and Event Management (SIEM) with 34 reviews. Logpoint is rated 7.4, while Trellix ESM is rated 7.4. The top reviewer of Logpoint writes "Good technical support but it is complex to use and resource-heavy". On the other hand, the top reviewer of Trellix ESM writes "Provides visibility of all the traffic within the company infrastructure". Logpoint is most compared with IBM Security QRadar, Elastic Security, Rapid7 InsightIDR, Wazuh and LogRhythm SIEM, whereas Trellix ESM is most compared with ArcSight Enterprise Security Manager (ESM), IBM Security QRadar, Splunk Enterprise Security, LogRhythm SIEM and Cybereason Endpoint Detection & Response. See our Logpoint vs. Trellix ESM report.
See our list of best Security Information and Event Management (SIEM) vendors.
We monitor all Security Information and Event Management (SIEM) reviews to prevent fraudulent reviews and keep review quality high. We do not post reviews by company employees or direct competitors. We validate each review for authenticity via cross-reference with LinkedIn, and personal follow-up with the reviewer when necessary.