SenSage SIEM Competitors and Alternatives

Read reviews of SenSage SIEM competitors and alternatives
Av.logo.icon type
AlienVault
F0283eec e8b7 452d 80bb f53c9afca1fb avatar
Real User
Security Architecture and Operations Lead at a university with 1,001-5,000 employees
Jan 25 2017

What is most valuable?

The NIDS/HIDS features have probably been the best features for us in our environment. We've had some open-source options and, while they work, it isn't the same as having commercial support. SIEM is the second-most useful feature.

How has it helped my organization?

We've been able to professionally generate alerts for IDS, SIEM and vulnerabilities where we didn't have those capabilities before.

What needs improvement?

Reporting still needs a lot of work, especially on the vulnerability side. Vulnerability management UI could be improved as well. Vulnerability reports are clunky and difficult to manage. The layout is not really professional or intuitive and... more»
Damian scott avatar 1432837163?1432837161
Consultant
Sr SIEM Consultant at a tech services company with 51-200 employees
Jan 29 2018

What is most valuable?

* Correlation Rule Engine, built-in use cases: QRadar has the highest number of built-in use cases among any SIEM on the market. There are many built-in rules that are enabled by default and easily tunable to meet the specific needs of each... more»

How has it helped my organization?

As a Professional Services consultant, I have heard many reports of how QRadar SIEM

What needs improvement?

Some UI enhancements would be nice, such as exporting custom event properties and the ability to export rules.
Micro focus logo
Micro Focus
E88d8cca 6ff0 43e0 9d72 ce98ca7743f0 avatar?1438788850
Real User
Network Security Administrator at a government with 1,001-5,000 employees
Jan 25 2017

What is most valuable?

The ESM's interface is really comprehensive. While the ArcSight console is really heavy, and I tend to dislike Java-based Windows GUIs, it's feature-rich and provides a seamless way to move between analyzing events and creating content.

How has it helped my organization?

The ability to correlate such a diverse range of information into a single location is invaluable.

What needs improvement?

SmartConnectors should be resilient, since they ingest directly from sources (often sources that I have no control over). But they're not resilient. The slightest change in the format of an event can cause SmartConnectors to stop working... more»
Micro focus logo
Micro Focus
Anonymous avatar x80
Real User
Security/Service Engineer at a comms service provider with 10,001+ employees
Nov 15 2017

What is most valuable?

Anomaly dashboards, search/filters features. Anomaly dashboard provides possibility to find 0-day attacks. This feature is built based on the second-search/filters. It's great and very useful, because I would first find out if search/filter... more»

How has it helped my organization?

For example, from version 7.1 the company where I worked started using an anomaly dashboards. It very convenient, because SOC could and can react on possible attack, which are not seen in alerts made by rules. As I said before, anomaly... more»

What needs improvement?

I would prefer to extend dashboards part and their functions in Web GUI version, so the charts could be for configurable.
21282df1 3d06 4286 a77a 2e380ecd138b avatar?1454423526
Real User
Information Security Analyst at a tech services company with 501-1,000 employees
Jul 04 2016

What do you think of McAfee Enterprise Security Manager (McAfee ESM)?

Valuable Features The most valuable feature for us is that it comes with many correlations, reports, and dashboards already available. It's also very easy to use. • Improvements to My Organization It's easy to create reports for compliance and for detecting different kinds of attacks and breaches through correlations. This makes the client devices to be more secure. • Room for Improvement The disk space needed for events is not clear. In all clients, we had at least more than 100GB free that we could not use. • Use of Solution I've used it for two-and-a-half years. • Deployment Issues The disk space sizing is very hard and when the version was updated to 9.4 the space needed to store events was cut by half, making it harder to explain to clients who now needed...
Splunk logo
Splunk
1035dc28 12ce 4481 82cd 37440c1c249e avatar
Real User
Foundation Technology Specialist at a insurance company with 1,001-5,000 employees
May 26 2017

What is most valuable?

The ability to rapidly diagnose problems in production and non-production, across hundreds of log files, is the most valuable feature.

How has it helped my organization?

MTTR is drastically reduced, because the developers and other IT support staff have instant access to log events. People costs are saved by not having to involve the domain developers from multiple teams, when tracing a problem that spans... more»

What needs improvement?

Official training, even CBT, is expensive so not many people are able to get certified. This leads/causes the users to make use of the most basic functionality only. It is a challenge to manage the environment in such a way, that one’s log,... more»

Sign Up with Email