We performed a comparison between Snare and SolarWinds Security Event Manager based on real PeerSpot user reviews.
Find out in this report how the two Security Information and Event Management (SIEM) solutions compare in terms of features, pricing, service and support, easy of deployment, and ROI."It's easy to use. It's a very good product. It can easily ingest data from anywhere. It has an easily understandable language to perform actions."
"It is able to connect to an ever-growing number of platforms and systems within the Microsoft ecosystem, such as Azure Active Directory and Microsoft 365 or Office 365, as well as to external services and systems that can be brought in and managed. We can manage on-premises infrastructure. We can manage not just the things that are running in Azure in the public cloud, but through Azure Arc and the hybrid capabilities, we can monitor on-premises servers and endpoints. We can monitor VMware infrastructure, for instance, running as part of a hybrid environment."
"The most valuable feature is the alert notifications, which are categorized by severity levels: informational, low, medium, and high."
"I like the KQL query. It simplifies getting data from the table and seeing the logs. All you need to know are the table names. It's quite easy to build use cases by using KQL."
"The initial setup is very simple and straightforward."
"It is quite efficient. It helps our clients in identifying their security issues and respond quickly. Our clients want to automate incident response and all those things."
"I've worked on most of the top SIEM solutions, and Sentinel has an edge in most areas. For example, it has built-in SOAR capabilities, allowing you to run playbooks automatically. Other vendors typically offer SOAR as a separate licensed solution or module, but you get it free with Sentinel. In-depth incident integration is available out of the box."
"The features that stand out are the detection engine and its integration with multiple data sources."
"The most valuable feature of Snare is flexibility or the ability to filter all things you don't want and don't have security value."
"Snare has good agents, especially for Windows."
"The best thing about Snare is its format and consistency."
"The most valuable feature is the reporting."
"The most valuable feature of this solution is the visibility into both attempted and failed logins."
"It has in-depth monitoring capabilities and an easy way for setting up dashboards. I can expand in various areas, or I can reduce areas. It supports different types of breakdowns, filters, and rules. It is very simple for an out-of-the-box type of product. It doesn't take a lot of time to figure it out, which is unlike some of the solutions that I have looked at. It meets all the aspects."
"Some of the rules are most valuable because you can be notified about various things, such as spyware or things that are going on in the internal network."
"SolarWinds Security Event Manager has been generally working well."
"The most valuable feature of SolarWinds Security Event Manager is the analysis and the knowledge about the incidence that we trace."
"We did previously use a different solution, but SolarWinds is much better. It's easy to interact with SolarWinds. It's easy to operate, easy to configure and is generally easier compared to what we were working with before."
"This tool is simple to use."
"Sometimes, it is hard for us to estimate the costs of Microsoft Sentinel."
"Given that I am in the small business space, I wish they would make it easier to operate Sentinel without being a Sentinel expert. Examples of things that could be easier are creating alerts and automations from scratch and designing workbooks."
"They're giving us the queries so we can plug them right into Sentinel. They need to have a streamlined process for updating them in the tool and knowing when things are updated and knowing when there are new detections available from Microsoft."
"I would like Sentinel to have more out-of-the-box analytics rules. There are already more than 400 rules, but they could add more industry-specific ones. For example, you could have sets of out-of-the-box rules for banking, financial sector, insurance, automotive, etc., so it's easier for people to use it out of the box. Structuring the rules according to industry might help us."
"If Azure Sentinel had the ability to ingest Azure services from different tenants into another tenant that was hosting Azure Sentinel, and not lose any metadata, that would be a huge benefit to a lot of companies."
"There are certain delays. For example, if an alert has been rated on Microsoft Defender for Endpoint, it might take up to an hour for that alert to reach Sentinel. This should ideally take no more than one or two seconds."
"It could have a better API to be able to automate many things more extensively and get more extensive data and more expensive deployment possibilities. It can gain some points on the automation part and the integration part. The API is very limited, and I would like to see it extended a bit more."
"Add more out-of-the-box connectors with other SaaS platforms/applications."
"Snare should modernize its GUI a little bit."
"Users will initially find it difficult to identify the event types and installation in Snare."
"The solution is now developing a SIEM-like feature on Snare Central Server, but it's not complete yet."
"There is no correlation made between log entries, so no threat information is presented."
"The reporting could be more robust. It can be a lot more granular and that will make it a lot more useful in comparison to how it is incorporated at the moment."
"I don't think SolarWinds is scalable enough. It is somewhat limited when I need to deploy it across multiple environments in a distributed architecture."
"It is a very technical program. They can simplify it so that it isn't so hard to deal with."
"We used the support from SolarWinds Security Event Manager and they are knowledgeable but challenging to get in contact with them."
"Under the new system, it is not upgradable the way they say. When you try to do an upgrade, it doesn't really work unless you dump everything and start from scratch. You lose a lot of your nodes. Whenever you set your nodes up and everything else, they don't want to bring those nodes back in, so you have to really go back and restructure all your nodes. I went from version 6.5 to version 6.6 and then to version 6.7. I then went to version 2019, and now it is version 2020. It would be good if we can upgrade without having to delete everything and start from scratch. They can maybe build more KPIs and other things for the dashboard. Some of the other systems already have built-in KPIs. SolarWinds is starting to catch up, but it is not there yet. They can include some of the business or industry standards for tracking the time, that is, the meantime to detect (MTTD) and the meantime to resolve (MTTR). They can also find a way to build a KPI that measures the number of instances of port scans experienced in a week or a month."
"It can be difficult for users who are inexperienced with the solution."
"We'd like more customization capabilities."
More SolarWinds Security Event Manager Pricing and Cost Advice →
Snare is ranked 37th in Security Information and Event Management (SIEM) with 3 reviews while SolarWinds Security Event Manager is ranked 20th in Security Information and Event Management (SIEM) with 24 reviews. Snare is rated 8.0, while SolarWinds Security Event Manager is rated 7.8. The top reviewer of Snare writes "A highly scalable solution that is easy to manage and super easy to set up". On the other hand, the top reviewer of SolarWinds Security Event Manager writes "A comprehensive network security with robust technical capabilities, effective threat response, and centralized management". Snare is most compared with Splunk Enterprise Security, syslog-ng, SolarWinds Kiwi Syslog Server, LogRhythm SIEM and ArcSight Enterprise Security Manager (ESM), whereas SolarWinds Security Event Manager is most compared with ManageEngine Log360, Splunk Enterprise Security, Wazuh, IBM Security QRadar and Microsoft Defender XDR. See our Snare vs. SolarWinds Security Event Manager report.
See our list of best Security Information and Event Management (SIEM) vendors.
We monitor all Security Information and Event Management (SIEM) reviews to prevent fraudulent reviews and keep review quality high. We do not post reviews by company employees or direct competitors. We validate each review for authenticity via cross-reference with LinkedIn, and personal follow-up with the reviewer when necessary.