The setup is not difficult. It was easy. The documentation provided on the Exabeam documentation website was already there, so that was perfect. I didn't face any issues with that. The only challenge I had was figuring out how to find or filter the criteria to locate my exact log, as sometimes there are keywords or messages that are forwarded.

So, if I mention a forwarder with a specific IP address or server address, it gives me a whole bunch of logs that are already there. It would be great if I could access my latest or earliest logs.

There are many filter criteria available. I can retrieve logs from one hour, two hours, seven days, or twenty-four hours ago. But having logs in real-time would be very helpful. Real-time logs would be beneficial.

The reason I mention real-time is that, in ELK or Splunk, we don't face any issues when it comes to finding the exact log. They create a separate area where you can directly search for logs using keywords. 

However, in Exabeam's filter criteria, we need to use key-value pairs to match specific logs or services. For example, if I want to create a filtering criteria based on my service name, I need to specify the key as "service name," followed by a colon and the service name in double quotation marks. Similarly, with "forwarder: server address" I can locate logs for a specific service deployed on that server address.

The platform is perfect. There are no drawbacks or major issues. However, enhancing the UI with minimal filtering criteria would be really helpful. We should focus on improving the UI screens where all the logs are displayed.

Since I have the guides and tutorials on installing Exabeam Fusion SIEM for a virtual environment, the initial setup was easy for me.

If you are new to Exabeam Fusion SIEM and reading the resource for the first time, it may take hours. However, since I have read every installation detail and am ready with every resource and material, it now takes me less than an hour.

This solution has not been installed yet. Right now, we are in distributing stage. We are trying to assess the requirements and to decide accordingly the proper way forward. We're still figuring out the hardware, for example, and still have questions that need to be addressed. 

The solution's initial setup process is easy.

The initial setup is pretty straightforward. Depending on the size, it usually takes about six days for implementation time.

Setting up the system was relatively easy - it took about a day. Adjusting the information was an ongoing process, so I can't really give a good estimate on that.

We had RSA earlier, we were a mature client, we had a big bang kind of start. Exabeam was really prepared there. We had some issues that we were able to sort out. They sent very experienced engineers to help us with the issues we had. Now we have a technical account manager. We are very pleased with it. Now, it looks much better but it's a large implementation. If you have a large implementation with lots of data you can expect a few issues and problems. If you start off with a small implementation then it would be a different story. We started off with loads and loads of data that we wanted to ingest. After a couple of months, things look a lot better. 

The initial setup of Exabeam Fusion SIEM is complex because it needs to integrate with the SIEM solution, but after this is complete it is straightforward.

Initial setup is fairly straightforward.