We performed a comparison between ArcSight Enterprise Security Manager (ESM) and Snare based on real PeerSpot user reviews.
Find out in this report how the two Security Information and Event Management (SIEM) solutions compare in terms of features, pricing, service and support, easy of deployment, and ROI."The most valuable features in my experience are the UEBA, LDAP, the threat scheduler, and integration with third-party straight perform like the MISP."
"The log query feature has been the most valuable because it's very good. You can put your data on the cloud and run queues from Sentinel. It will do it all very fast. I love that I don't have to upload it to an Excel file and then manually look for a piece of information. Sentinel is much faster and is good for big databases."
"We have no complaints about the features or functionality."
"There are a lot of things you can explore as a user. You can even go and actively hunt for threats. You can go on the offensive rather than on the defensive."
"The pricing of the product is excellent."
"The connectivity and analytics are great."
"We’ve got process improvement that's happened across multiple different fronts within the organization, within our IT organization based on this tool being in place."
"I like the unified security console. You can close incidents using Sentinel in all other Microsoft Security portals, when it comes to incident response."
"We use ArcSight ESM for log analysis and security alerts. It warns us of threats and then helps us conduct a forensic investigation of a cyber attack or internal incident after it happens."
"When WannaCry attacks I can minimize the damage. My company had no protection at the time. We get alerts in ArcSight and then whenever a user got a copy of WannaCry and the WannaCry malware wants to connect to the mother ship, it alerts me in the ArcSight dashboard, and that helps us a lot. We then just go to the user and erase the malware."
"Once the rules are defined, it becomes easy to detect changes and generate automated logs."
"It gives better overall visibility. Before, we didn't have a unified system for managing security alerts. ArcSight introduced various alerts, giving us a better visibility of potential problems."
"The solution has gone beyond signature-based monitoring and analysis and is AI-powered. It is good enough to cover the full range of cybersecurity services."
"The solution offers very good monitoring."
"It makes maintenance very easy."
"The most important feature is ArcSight's event correlation capabilities. It's powerful and easy. I also like the flex connector capability. It's easy to develop a new connector that isn't fully supported out of the box. For example, say you created a solution internally that's completely different, and it's not unsupported by the solution. You can write your own connector using the flex connector."
"Snare has good agents, especially for Windows."
"The most valuable feature of Snare is flexibility or the ability to filter all things you don't want and don't have security value."
"The best thing about Snare is its format and consistency."
"Sentinel can be used in two ways. With other tools like QRadar, I don't need to run queries. Using Sentinel requires users to learn KQL to run technical queries and check things. If they don't know KQL, they can't fully utilize the solution."
"Sentinel's alerts and notifications are not fully optimized for mobile devices. The overall reporting and the analytics processes for the end user should also be improved. Also, the compatibility and availability of data sources and reports are not always perfect."
"I would like Sentinel to have more out-of-the-box analytics rules. There are already more than 400 rules, but they could add more industry-specific ones. For example, you could have sets of out-of-the-box rules for banking, financial sector, insurance, automotive, etc., so it's easier for people to use it out of the box. Structuring the rules according to industry might help us."
"I can't think of anything other than just getting the name out there. I think a lot of customers don't fully understand the full capabilities of Azure Sentinel yet. It is kind of like when they're first starting to use Azure, it might not be something they first think about. So, they should just kind of get to the point where it is more widely used."
"The built-in SOAR is not really good out-of-the-box. The SOAR relies on logic apps and you almost need to have some kind of developer background to be able to make these logic apps. Most security people cannot develop anything..."
"It could have a better API to be able to automate many things more extensively and get more extensive data and more expensive deployment possibilities. It can gain some points on the automation part and the integration part. The API is very limited, and I would like to see it extended a bit more."
"They can work on the EDR side of things... Every time we need to onboard these kinds of machines into the EDR, we need to do it with the help of Intune, to sync up the devices, and do the configuration. I'm looking for something on the EDR side that will reduce this kind of work."
"For certain vendors, some of the data that Microsoft Sentinel captures is redacted due to privacy reasons."
"There are several improvements that we would like to see, including: Building a system based on a log collection (SOC), a scenario for external encroachment, and Operator training."
"The visualization is not very good compared to Splunk."
"The user interface of ArcSight Enterprise Security Manager could improve. It is not very good. Additionally, they could integrate the web interface better."
"The solution could be more stable."
"Customer service and support is our biggest challenge."
"Currently lacks SOAR feature."
"ArcSight ESM needs to improve performance, user interface, and automation."
"What could be improved in ArcSight Enterprise Security Manager (ESM) is its analytics feature. That feature should be more powerful and have more correlation in terms of AI/ML, though MicroFocus has done a good job in adding analytics to ArcSight Enterprise Security Manager (ESM) which has become a big draw to customers. What I'd like to see in the next release of the solution is the addition of AI/ML features."
"The solution is now developing a SIEM-like feature on Snare Central Server, but it's not complete yet."
"Snare should modernize its GUI a little bit."
"Users will initially find it difficult to identify the event types and installation in Snare."
More ArcSight Enterprise Security Manager (ESM) Pricing and Cost Advice →
ArcSight Enterprise Security Manager (ESM) is ranked 11th in Security Information and Event Management (SIEM) with 93 reviews while Snare is ranked 38th in Security Information and Event Management (SIEM) with 3 reviews. ArcSight Enterprise Security Manager (ESM) is rated 7.8, while Snare is rated 8.0. The top reviewer of ArcSight Enterprise Security Manager (ESM) writes "Allows for monitoring logs according to industry standards within ESM but has a total capacity capped at 12 TB, limiting real-time data retention periods". On the other hand, the top reviewer of Snare writes "A highly scalable solution that is easy to manage and super easy to set up". ArcSight Enterprise Security Manager (ESM) is most compared with Splunk Enterprise Security, ArcSight Intelligence, Trellix ESM, IBM Security QRadar and Elastic Security, whereas Snare is most compared with syslog-ng, Splunk Enterprise Security, SolarWinds Kiwi Syslog Server and LogRhythm SIEM. See our ArcSight Enterprise Security Manager (ESM) vs. Snare report.
See our list of best Security Information and Event Management (SIEM) vendors.
We monitor all Security Information and Event Management (SIEM) reviews to prevent fraudulent reviews and keep review quality high. We do not post reviews by company employees or direct competitors. We validate each review for authenticity via cross-reference with LinkedIn, and personal follow-up with the reviewer when necessary.