We performed a comparison between ManageEngine Log360 and Trellix ESM based on real PeerSpot user reviews.
Find out in this report how the two Security Information and Event Management (SIEM) solutions compare in terms of features, pricing, service and support, easy of deployment, and ROI."Another area where it is helping us is in creating a single dashboard for our environment. We can collect all the logs into a log analytics workset and run queries on top of it. We get all the results in the dashboard. Even a layman can understand this stuff. The way Microsoft presents it is really incredible."
"One of the most valuable features is that it creates a kind of a single pane of glass for organizations that already use Microsoft software. So, when they have things like Microsoft 365, it is very easy for them to kind of plug in or enroll those endpoints into the Azure Sentinel service."
"Free ingestion for Azure logs (with E5 licence)"
"The ability of all these solutions to work together natively is essential. We have an Azure subscription, including Log Analytics. This feature automatically acts as one of the security baselines and detects recommendations because it also integrates with Defender. We can pull the sysadmin logs from Azure. It's all seamless and native."
"The pricing of the product is excellent."
"The automation feature is valuable."
"If you know how to do KQL (kusto query language) queries, which are how you query the log data inside Sentinel, the information is pretty rich. You can get down to a good level of detail regarding event information or notifications."
"It is easy to implement (turn on) - does need a skilled analyst to develop queries and playbooks."
"The solution could be improved by including XDR, remediation and Sandbox."
"The reports that you can run are really nice."
"The product is very user-friendly."
"The Sharecon feature is the most valuable."
"The most valuable feature is that this solution is more secure than others, and there are more applications and features as well."
"The most valuable features for us are the application logs monitoring and the dashboard, which provides a single-pane view of all the ongoing activities."
"You can have all of the logs from servers to network and it gets sent out to the correct owners. This is very helpful."
"It basically helps us. We have to stay in compliance with certain issues with some of our customers. We have to have these types of tools in place for protecting our network and our data. We're in the aerospace industry, so we have a lot of defense contracts. So, all those guys will make sure that we're protecting their information, and it does a good job in that aspect."
"The most valuable feature in ESM is its search and reporting feature. It's really nice."
"The most valuable feature is that if the scanning does find something, it quarantines it. Then you can decide what you are going to do with it."
"We are now able to completely monitor our environment so we can review what is there, which is a big win for us."
"It blocks the things which are not to be allowed. It has an adaptive mode where it learns for itself."
"It is easy to use and deploy. It comes with user-friendly manuals."
"It is a good central viewpoint for issues. These can then be investigated in more detail on the subnet server(s)/endpoints."
"The most valuable features of McAfee ESM are intrusion detection, malware protection, and the device controller."
"This solution integrates easily and very well with other technologies."
"The data connectors for third-party tools could be improved, as some aren't available in Sentinel. They need to be available in the data connector panel."
"Given that I am in the small business space, I wish they would make it easier to operate Sentinel without being a Sentinel expert. Examples of things that could be easier are creating alerts and automations from scratch and designing workbooks."
"Everyone has their favorites. There is always room for improvement, and everybody will say, "I wish you could do this for me or that for me." It is a personal thing based on how you use the tool. I do not necessarily have those thoughts, and they are probably not really valuable because they are unique to the context of the user, but broadly, where it can continue to improve is by adding more connectors to more systems."
"The AI capabilities must be improved."
"The interface could be more user-friendly. It''s a small improvement that they could make if they wanted to."
"There are certain delays. For example, if an alert has been rated on Microsoft Defender for Endpoint, it might take up to an hour for that alert to reach Sentinel. This should ideally take no more than one or two seconds."
"The only thing is sometimes you can have a false positive."
"Sentinel provides decent visibility, but it's sometimes a little cumbersome to get to the information I want because there is so much information. I would also like to see more seamless integration between Sentinel and third-party security products."
"There is room for improvement, especially in the reporting aspect. The reports are not as good as those in Splunk."
"We can log in as a local user, and it's fine, but when we login with an Active Directory user, we cannot."
"The solution lacks some features when compared to other products."
"It takes a little bit of time for Log360 to actually learn your environment."
"The matter of the data retention needs to be addressed."
"The support needs improvement."
"The integration with SharePoint and Teams should be improved."
"The solution needs to improve hub storage. It should integrate AI and ML capabilities."
"The user interface could be more user-friendly."
"It cannot integrate with our Next-Generation Firewall and few applications such as Cisco ACI."
"I would like to see good analytics in future releases."
"I have to purchase a new box now. Its existing box is not scalable and I can't use it anymore."
"There should be support for multitenancy in the product."
"The only issue I have with McAfee is the amount of computer resources that it takes... it's definitely impacting some of the other applications that are running on a computer at the same time."
"The initial setup is difficult and could improve."
"McAfee ESM is not user-friendly and the log is not accurate. For instance, if I were assigned to generate a log for changes made today, I wouldn't be able to see all the modifications. While Palo Alto allows us to see all changes, McAfee ESM only captures one out of every ten changes. It's crucial to have visibility into all changes made."
ManageEngine Log360 is ranked 24th in Security Information and Event Management (SIEM) with 15 reviews while Trellix ESM is ranked 19th in Security Information and Event Management (SIEM) with 34 reviews. ManageEngine Log360 is rated 7.2, while Trellix ESM is rated 7.4. The top reviewer of ManageEngine Log360 writes "Facilitates incident backtracking and identifying the cause of incidents but insufficient intelligence-driven analysis to suppress unnecessary alerts". On the other hand, the top reviewer of Trellix ESM writes "Provides visibility of all the traffic within the company infrastructure". ManageEngine Log360 is most compared with ManageEngine EventLog Analyzer, Wazuh, Splunk Enterprise Security, Fortinet FortiSIEM and SolarWinds Security Event Manager , whereas Trellix ESM is most compared with ArcSight Enterprise Security Manager (ESM), IBM Security QRadar, LogRhythm SIEM, Splunk Enterprise Security and SQRRL. See our ManageEngine Log360 vs. Trellix ESM report.
See our list of best Security Information and Event Management (SIEM) vendors.
We monitor all Security Information and Event Management (SIEM) reviews to prevent fraudulent reviews and keep review quality high. We do not post reviews by company employees or direct competitors. We validate each review for authenticity via cross-reference with LinkedIn, and personal follow-up with the reviewer when necessary.
