Security Information and Event Management (SIEM) Reviews and Ratings

What is Security Information and Event Management (SIEM)?

SIEM aggregates the event data that is produced by monitoring, assessment, detection and response solutions deployed across application, network, endpoint and cloud environments. Capabilities include threat detection, through correlation and user and entity behavior analytics (UEBA), and response integrations commonly managed through security orchestration, automation and response (SOAR). Security reporting and continuously updated threat content through threat intelligence platform (TIP) functionality are also common integrations. Although SIEM is primarily deployed as a cloud-based service, it may support on-premises deployment.

Products In Security Information and Event Management (SIEM) Category

"SIEM- Data Collection For Multiple Event Logs"

Splunk, it provides integration and visibility across the various tools in place, and it is widely recognized as a powerful and versatile tool for collecting, Analyzing, and visualizing large amount of data. Splunk enterprises is all in one tool for automation and log analysis, and it will perform real time analysis and reporting, and provide wide range of customization and integration Splunk the security features such as access control and data encryption helps in securing sensitive data. Splunk can also be a powerful tool for identifying patterns and anomalies in the data which can be particularly useful for security and IT operations use cases. Splunk is an user friendly interface, real time monitoring, analytics, scalability and a vibrant user community, and it is trustworthy and web-based management solution that anyone with computer skills can use to navigate in real time.

Read reviews

"Easily the best SIEM in the market"

My experience with LogRhythm has been nothing short of amazing. I know that time and time again their team will step up to the plate, and provide the best possible service and relationship they can to me. The price is legitimately 50%+ less than most and it provides more OOTB than any SIEM I have tried before. I have used most of the major SIEMs within the market and so many have turned into black boxes in which you have almost zero control of rules / parsing and other configurations that a mature business should be looking out for. This creates an expensive catch-all scenario in which you're stuck with the bill, and rules that are too broad. LogRhythms open type architecture has allow me to create flexible rules, stay up to date against threats and also reduce down my log ingestion an incredible amount which in turns saves me money.

Read reviews

"I would highly recommend QRadar for a SIEM!"

QRadar has proven to be a consistently reliable Security Information and Event Management tool for our organization. It is literally the heart of our Security Operations Center and we have utilized since a day one of our inception.

Read reviews

"Trellix Security Manager keeps us all safe"

I could not be happier. We needed a way to protect against malicious IT programs and increase our IT security. We use a lot of private information for work.

Read reviews

"Powerful and Scalable SIEM for improving security posture in my organisation."

Splunk ES is a very robust and powerful security and event management SIEM platform that is designed to help organisations detect, investigate, and respond to security threats. It provides real-time threats detection. It provides real-time monitoring and detection of security threats across all our data sources in our organisation. This allows our security teams to quickly identify and respond to potential security incidents. I've seen a great improvement on our security posture over the time we've been using this tool.

Read reviews

"Easy to use, powerful configuration and reporting possibilities "

After years of search of a good SIEM and testing some ones, we found LogPoint as a SIEM that our requirements fullfill.

Read reviews

"Securonix Next-Gen SIEM Product review "

This SIEM is providing a easy to access and understable GUI for single pane of glass monitoring, outstanding.It provide centralized log management, collecting and coorelating security event data from various sources across your IT infrastructure. This unifies view of logs can assist in detecting patterns, identifying security incidents and conducting forensic investigations.

Read reviews

"Elastic as a SIEM"

Elastic has been an outstanding as a SIEM software for our company. The product is being updated constantly with new functionality, especially the EDR, security, and ingest/shipping solutions. Elastic has been responsive and flexible with us through the entire process.

Read reviews

"Rapid7 IDR delivers on turn key cloud based SIEM"

I get what I expect to get, ,within the time I expect to get it. The product was well explained, simple to implement and does what they say it will

Read reviews

"Review of SolarWinds Security Event Manager "

SolarWinds Security Event Manager is great tool to check the logs which is made on the Critical server in our environment.

Read reviews

"Excellent deployment experience and great modern cloud native SIEM"

We purchased the latest Exabeam Fusion cloud native SIEM, and ran a deployment PS engagement with the Exabeam team during the start of 2023. The deployment team were excellent, guiding us through the setup procedures for onboarding logs and initiating the analytics engine. This new platform is in active constant development, so we're constantly seeing new features come live into our view, and whilst there has been some issues occur from time to time, we are supported by an excellent account management team and technical support team to help solve any problems. We are looking forward to the future with Exabeam, at the forefront of SIEM and Analytics.

Read reviews

"A SIEM solution with all necessary supportive modules like SOAR, MITRE "

Situation awareness based Realtime correlation taking our security to next level

Read reviews

"360* IT Audit"

ADAudit Plus provide full visibility of your authentications

Read reviews

"Cost-effective, secure, scalable and managed data analytics and visualizations platform."

Splunk Cloud according to my user experience it has been very helpful and great tool that is very scalable and user friendly. It allows us to scale our deployment easily. Whether its to increase or decrease our data ingestion rates, storage capacity, or computing power, Splunk Cloud can accommodate our growing needs. It provides the flexibility to handle varying workloads without the hassle of managing and provisioning hardware resources. This tool reduce infrastructure management. It takes care of the hardware, software updates, security patches, and system maintenance allowing us to focus on analyzing our data and extracting insights.

Read reviews

"Excellent value, easy to use central log management"

excellent product wirh internal deployment for log parsing and pipeline

Read reviews

"FortiSIEM Tool Review"

We were looking for a product to detect threats at organisational level in real time. That is when we came across ForiSIEM. The product is really ideal for real time infra and user awareness on account of threats. Further, it provides visibility and remediation at a scable level. Would highly recommend this product if security is a key concern to organisations.

Read reviews

"Unified Security Management with capability to most of security needs"

It is Unified Security Management Anywhere providing many features Threat detection, Incident response, compliance management, vulnerability assessment, asset discovery, file integrity monitoring

Read reviews

"Excellent SIEM tools"

it is easy to use and best SIEM tools. i am using eventlog analyzer last 2.5 year. dashboard is easy to explain to auditor and good tools to capture every event and incident logs.

Read reviews

"This platform facilitates efficient investigation and response. "

We're using this product for almost 3 years now, i can say it works pretty well in our environment. though the interface and overall experience might not be as intuitive or user friendly as some other cybersecurity tools on the market but this platform with wide range of features requires a learning curve for users who are not familiar with its capabilities.

Read reviews

"Sumo Logic - Best SIEM on the Market"

We've used Sumo Logic (both CIP and CSE) for security operations and observability for the last three years. I am continuously impressed by the new capabilities they are adding, including most recently some additions in the UEBA space. They say the "voice of the customer" drives their platform's development, and I can say that is wholeheartedly true. They have a powerful correlation engine that generates the level of visibility we're looking for without being too noisy or too quiet. Other platforms seem to rely too heavily on raw log data or on UEBA/user context, but Sumo Logic is able to leverage the two *together* in a powerful way. Security admins can generate insights on pretty much anything they want--whether that's a sequence of events that are suspicious when considered in combination, when a user deviates from their normal baseline (UEBA), or just a traditional match rule to generate an alert every time a certain event occurs. Many SIEM tools don't have this level of flexibility and are either strictly event-focused or strictly UEBA-focused. Moreover, CIP makes it incredibly easy to search and aggregate historical logs to get the data we need to make decisions. Log parsing and onboarding, historically a challenge with other vendors, is a breeze with Sumo due to all the parsers they create and maintain. As a SaaS platform, the tech debt to maintain it is very low & it's always been highly performant in our experience.

Read reviews
Products 1 - 20

Frequently Asked Questions

helpWhat does a Security Information and Event Management (SIEM) tool do?

A SIEM tool is used by security and risk management leaders to support the needs of attack detection, investigation, response, and compliance solutions by:

  • Collecting security event logs and telemetry in real-time for threat detection and compliance use cases.

  • Analyzing telemetry in real-time and over time to detect attacks and other activities of interest.

  • Investigating incidents to determine their potential severity and impact on a business.

  • Producing reports on these activities.

  • Storing relevant events and logs.

helpWhat are the core functions of SIEM technologies?

SIEM technologies provide core SIM (Security Information Management) and SEM (Security Event Management) functions, along with a variety of advanced features and complementary solutions and capabilities. Some examples of core functions are:

  • Data aggregation: Collect security event logs and telemetry in real-time for threat detection and compliance use cases.

  • Real-time analysis of events for security monitoring, advanced analysis of user and entity behaviors, querying, and long-range analytics for historical analysis.

  • Support for incident investigation and management.

  • Reporting (for example, for compliance requirements).

helpHow does SIEM technology work?

SIEM technology collects and analyzes event logs produced by networks, devices, systems, and applications. The primary data source has been time-series-based log data, but there are also advanced SIEM solutions that monitor logs in real-time and use other types of data (e.g Active Directory [AD], configuration management database [CMDB], vulnerability management data, HR information, and threat intelligence) to add context about users, IT assets, data, applications, threats, and vulnerabilities.

helpWhat are SIEM alternatives?

The cost of purchasing and deploying SIEM products has led organizations to explore other security analytics technologies and alternative approaches to detect and respond to attacks. These alternatives include:

  • Event collection and analytics platforms: Event collection and analytics products can offer both SIEM and nonsecurity use cases, while they may also provide easier cost allocation methods. Full capabilities of a SIEM product may not be available though.

  • Extended detection and response products: Extended detection and response platforms offer automated hands-off capabilities within the products to organizations who are willing to commit to vendor-defined and vendor-managed threat detection and response solutions.

  • Managed detection and response services: Providers of managed detection and response services investigate, validate, and respond to security events, rather than escalate them to the customers.

helpWhat do Peer Insights reviewers recommend to implement SIEM solutions?

Peer Insights reviewers share their experiences with implementing SIEM solutions and highlight what advice they would give to other prospective customers. Below are some of the top recommendations:

  • Conduct a requirements analysis for a SIEM Solution and obtain executive sponsorship.

  • Analyze use cases and licenses based on SIEM requirements and evaluate multiple vendors via exhaustive POCs.

  • Structure the organization’s data and create a SIEM architecture before integration.

  • Augment the implementation by soliciting vendor assistance, and dedicate internal teams to drive adoption.

  • Cultivate SIEM skills by investing in training sessions for end-users.