We performed a comparison between Rapid7 InsightIDR and Trellix ESM based on real PeerSpot user reviews.
Find out in this report how the two Security Information and Event Management (SIEM) solutions compare in terms of features, pricing, service and support, easy of deployment, and ROI."Sentinel is a SIEM and SOAR tool, so its automation is the best feature; we can reduce human interaction, freeing up our human resources."
"We can use Sentinel's playbook to block threats. It covers all of the environment, giving us great visibility."
"The main benefit is the ease of integration."
"Microsoft Sentinel enables you to ingest data from the entire ecosystem and that connection of data helps you to monitor critical resources and to know what's happening in the environment."
"Microsoft Sentinel provides the capability to integrate different log sources. On top of having several data connectors in place, you can also do integration with a threat intelligence platform to enhance and enrich the data that's available. You can collect as many logs and build all the use cases."
"The most valuable features in my experience are the UEBA, LDAP, the threat scheduler, and integration with third-party straight perform like the MISP."
"We are able to deploy within half an hour and we only require one person to complete the implementation."
"The solution has features that helped improve the security posture of our clients. It provides the ability to correlate a large variety of log sources very cost-effectively, especially for Microsoft sources."
"It improved my organization by building a security alerting program."
"User behavioral analytics allows us to pinpoint abnormal or suspicious behavior among millions of events every day."
"I like the tool's user analysis feature."
"Rapid7 InsightIDR integrates well with other solutions. It's also easy to configure because Rapid7 InsightIDR has a lot of instructions posted on their website that customers can follow if they need to get the source log."
"Enables the use of honey pots, honey users, and honey files to monitor for suspicious patterns."
"I have seen that Rapid7 InsightIDR provides security to the networks and endpoints in the company."
"Very intuitive and easy to set up."
"The biggest reason why we chose Rapid7 was to gain value in a really quick time. Its deployment doesn't take months. It just takes a few days."
"The most valuable features of McAfee ESM are intrusion detection, malware protection, and the device controller."
"It is user-friendly. The notification part of McAfee ESM is very easy."
"The solution's technical support is great."
"It can be easily deployed with the other solutions."
"It is easy to use."
"The solution is 100% stable. We really have had a great time working with it. It hasn't let us down."
"The product’s most valuable feature is log monitoring."
"McAfee as a whole is a good solution."
"The reporting could be more structured."
"The solution should allow for a streamlined CI/CD procedure."
"One key area that can be improved is by building a strong integration with our XDR platform."
"Everyone has their favorites. There is always room for improvement, and everybody will say, "I wish you could do this for me or that for me." It is a personal thing based on how you use the tool. I do not necessarily have those thoughts, and they are probably not really valuable because they are unique to the context of the user, but broadly, where it can continue to improve is by adding more connectors to more systems."
"The performance could be improved. If I create 15 to 20 lines for a single-use case in KQL, sometimes it takes more time to execute. If I create use cases within a certain timeline, the result will show in .01 seconds. A complex query takes more time to get results."
"When it comes to ingesting Azure native log sources, some of the log sources are specific to the subscription, and it is not always very clear."
"We do see continuous improvement all the time, however, I haven't got a specific feature that is lacking or not well designed."
"They could use some kind of workbook. There is some limitation doing the editing and creating the workbook."
"The main problem lies in the processes within the client's operating systems."
"Rapid7 InsightIDR is not intuitive to search for logs. It should be more user-friendly and improve the dashboards. We should be able to use ready-made templates instead of having to build one."
"The solution's XDR agents cannot compete with the XDR solutions out there yet."
"The interface for doing investigation needs to be enhanced with minor improvements that would make it more useful."
"I would like the ability to adjust the threshold of certain existing alerts. Currently the only option is to change the notifications or create my own alert."
"The reporting is the weakest aspect. There needs to be multi-level grouping for events (for example, group by user and destination). Right now, we can do a group by user and a separate table or group by destination. But I'd be more interested in where a person was logging into instead of who was logging in or where he was logging in."
"I would like to see more development in InsightIDR towards building their SIEM solution and converting it to XDR."
"Cloud risk assessment is one area where I think they need a lot of improvement."
"The only drawback is that they don't have any packet capturing or network behavior analysis."
"There should be support for multitenancy in the product."
"It cannot integrate with our Next-Generation Firewall and few applications such as Cisco ACI."
"The product’s alert response feature needs improvement. It could be more flexible and secure."
"Update to user interface from version 9 is cosmetic in some aspects, and after a few clicks you are back on the old interface."
"I would like to see good analytics in future releases."
"The initial setup is difficult and could improve."
"There are some banking and transactional cases that are local, South America transactions. I would like to see them add features that can be used locally, to make those transactions more reliable."
Rapid7 InsightIDR is ranked 10th in Security Information and Event Management (SIEM) with 29 reviews while Trellix ESM is ranked 18th in Security Information and Event Management (SIEM) with 34 reviews. Rapid7 InsightIDR is rated 8.4, while Trellix ESM is rated 7.4. The top reviewer of Rapid7 InsightIDR writes "An affordable product that is easy to use and has many advanced features and default templates". On the other hand, the top reviewer of Trellix ESM writes "Provides visibility of all the traffic within the company infrastructure". Rapid7 InsightIDR is most compared with Darktrace, Splunk Enterprise Security, Rapid7 InsightVM, Microsoft Defender for Identity and IBM Security QRadar, whereas Trellix ESM is most compared with ArcSight Enterprise Security Manager (ESM), IBM Security QRadar, Splunk Enterprise Security, LogRhythm SIEM and Cybereason Endpoint Detection & Response. See our Rapid7 InsightIDR vs. Trellix ESM report.
See our list of best Security Information and Event Management (SIEM) vendors.
We monitor all Security Information and Event Management (SIEM) reviews to prevent fraudulent reviews and keep review quality high. We do not post reviews by company employees or direct competitors. We validate each review for authenticity via cross-reference with LinkedIn, and personal follow-up with the reviewer when necessary.