We performed a comparison between ArcSight Enterprise Security Manager (ESM) and Rapid7 InsightIDR based on real PeerSpot user reviews.
Find out in this report how the two Security Information and Event Management (SIEM) solutions compare in terms of features, pricing, service and support, easy of deployment, and ROI."Microsoft Sentinel provides the capability to integrate different log sources. On top of having several data connectors in place, you can also do integration with a threat intelligence platform to enhance and enrich the data that's available. You can collect as many logs and build all the use cases."
"The scalability is great. You can put unlimited logs in, as long as you can pay for it. There are commitment tiers, up to six terabytes per day, which is nowhere close to what any one of our customers is running."
"I've worked on most of the top SIEM solutions, and Sentinel has an edge in most areas. For example, it has built-in SOAR capabilities, allowing you to run playbooks automatically. Other vendors typically offer SOAR as a separate licensed solution or module, but you get it free with Sentinel. In-depth incident integration is available out of the box."
"Log aggregation and data connectors are the most valuable features."
"The best functionality that you can get from Azure Sentinel is the SOAR capability. So, you can estimate any type of activity, such as when an alert was triggered or an incident was found."
"The automation rules and playbooks are the most useful that I've seen. A number of other places segregate the automation and playbook as separate tools, whereas Microsoft is a SIEM and SOAR tool in one."
"The best feature is that onboarding to the SIM solution is quite easy. If you are using cloud-based solutions, it's just a few clicks to migrate it."
"Its inbuilt Kusto Query Language is a valuable feature. It provides the flexibility needed to leverage advanced data analytics rules and policies and enables us to easily navigate all our security events in a single view. It helps any user easily understand the data or any security lags in their data and applications."
"Stable solution with good customer service support."
"Some of the benefits of using this solution are rapid correlation and near-time response on alerts."
"I really like the correlation part and the way the logs are correlated. I have never faced issues with parsing in this product. I like the way it parses, and everything is so clear to me."
"We do consulting and I get feedback from our clients that the product really helped them with compliance, especially with GDPR."
"The most valuable features of ArcSight ESM are the dashboards, ease of management for anyone, and simple for teams to provide reports related to cyber security. There are a lot of good features that are provided."
"The real-time analysis adds value."
"The stability of ArcSight Enterprise Security Manager is good."
"The most useful features are directories, price, and live reporting."
"The product works well. Stability-wise, I rate the solution a ten out of ten."
"I rate Rapid7 nine out of 10 for affordability"
"Simple configuration and automatically syncs to the cloud platform."
"It improved my organization by building a security alerting program."
"The alerting to drive investigations and remediation has been its most valuable feature."
"Dashboards, including the main screen, provide much-needed information at a glance, without hours of coding and sifting through logs to find it. In case of an actual security incident, I have faith that insightIDR has retained all logs in a secure manner that prevents log tampering as well."
"Scalability-wise, I rate the solution a ten out of ten. As a cloud tool, the product is highly scalable."
"Very intuitive and easy to set up."
"The performance could be improved. If I create 15 to 20 lines for a single-use case in KQL, sometimes it takes more time to execute. If I create use cases within a certain timeline, the result will show in .01 seconds. A complex query takes more time to get results."
"Azure Sentinel will be directly competing with tools such as Splunk or Qradar. These are very established kinds of a product that have been around for the last seven, eight years or more."
"One key area that can be improved is by building a strong integration with our XDR platform."
"There is some relatively advanced knowledge that you have to have to properly leverage Sentinel's full capabilities. I'm thinking about things like the creation of workbooks, how you do threat-hunting, and the kinds of notifications you're getting... It takes time for people to ramp up on that and develop a familiarity or expertise with it."
"If Sentinel had a graphical user interface, it would be easier to use. I would also like it to be more customizable."
"In terms of features I would like to see in future releases, I'm interested in a few more use cases around automation. I do believe a lot of automation is available, and more is in progress, but that would be my area of interest."
"Sentinel's alerts and notifications are not fully optimized for mobile devices. The overall reporting and the analytics processes for the end user should also be improved. Also, the compatibility and availability of data sources and reports are not always perfect."
"The data connectors for third-party tools could be improved, as some aren't available in Sentinel. They need to be available in the data connector panel."
"Micro Focus does not have a physical presence here in Pakistan, although IBM does."
"When we need to consume old events, we have to wait for a long time. ArcSight should improve the database capability to reply to queries faster. It would also be interesting if they implemented network visibility. For example, they could add a feature like NetWitness with a model just for looking through the packets."
"The API integration could be better, and I'd like to see more machine-learning capabilities in the future."
"The tool should improve its UI. It also should make data more searchable."
"The roadmap is not clear."
"Sometimes, it takes ages to get an issue resolved. I have ArcSight experience, so I normally try to fix things on my own or find a workaround, but it's tough to get support when I need it."
"ArcSight ESM is not easy to use and it should be integrated with other tools that have infrastructure capabilities."
"ArcSight ESM could improve by adding more features and documentation. There needs to be more documentation."
"The interface for doing investigation needs to be enhanced with minor improvements that would make it more useful."
"The main problem lies in the processes within the client's operating systems."
"It would be useful to import threat intelligence in YARA format along with known incorrect email addresses."
"The solution needs improvement in threat intelligence. Increasing the depth of intelligence to help users understand more about threats is a possibility. My suggestion is to expand access to other websites or resources."
"Customised alert recipients need to be added to allow better first-line action and quicker response. Configurable honeypots would be a welcome addition."
"Inability to get access to compliance reports within the solution."
"Sometimes, it is hard to get the right queries to use. Currently, the tool lacks a pre-made set of queries."
"One of the things that could be better is digital forensics. It is there, but it can be better. They could provide more on the endpoint detection level."
More ArcSight Enterprise Security Manager (ESM) Pricing and Cost Advice →
ArcSight Enterprise Security Manager (ESM) is ranked 12th in Security Information and Event Management (SIEM) with 93 reviews while Rapid7 InsightIDR is ranked 10th in Security Information and Event Management (SIEM) with 29 reviews. ArcSight Enterprise Security Manager (ESM) is rated 7.8, while Rapid7 InsightIDR is rated 8.4. The top reviewer of ArcSight Enterprise Security Manager (ESM) writes "Allows for monitoring logs according to industry standards within ESM but has a total capacity capped at 12 TB, limiting real-time data retention periods". On the other hand, the top reviewer of Rapid7 InsightIDR writes "An affordable product that is easy to use and has many advanced features and default templates". ArcSight Enterprise Security Manager (ESM) is most compared with Splunk Enterprise Security, ArcSight Intelligence, Trellix ESM and IBM Security QRadar, whereas Rapid7 InsightIDR is most compared with Darktrace, Splunk Enterprise Security, Rapid7 InsightVM, IBM Security QRadar and Microsoft Defender for Identity. See our ArcSight Enterprise Security Manager (ESM) vs. Rapid7 InsightIDR report.
See our list of best Security Information and Event Management (SIEM) vendors.
We monitor all Security Information and Event Management (SIEM) reviews to prevent fraudulent reviews and keep review quality high. We do not post reviews by company employees or direct competitors. We validate each review for authenticity via cross-reference with LinkedIn, and personal follow-up with the reviewer when necessary.