Jump to content

Favourite SIEM


ZedSec

Recommended Posts

On 11/9/2022 at 12:24 AM, lost-troll said:

Securonix is my latest and I'm not sold on it yet.  I don't really trust it, I feel like something is always broken, but it's never the same thing twice.

You’re the first one I see mention “the Gartner leader”.

Securonix has been painful for my organization. You’re right. Something is always broken and don’t get me started on their detection policy logic. Their policies are riddled with typos and poor logic. Data parsing issues, ingestion issues… it’s just a mess. I feel like it has potential but it is no where near the level it sells people on. 

I’ve worked with Qradar, InsightIDR, Sumologic, and Securonix. Sumo is pretty great depending on your organization size. InsightIDR wasn’t bad if you subscribe to the Rapid7 agent model (but my experience was a small org with that one). 

Link to comment
Share on other sites

3 hours ago, CyberValken said:

You’re the first one I see mention “the Gartner leader”.

Securonix has been painful for my organization. You’re right. Something is always broken and don’t get me started on their detection policy logic. Their policies are riddled with typos and poor logic. Data parsing issues, ingestion issues… it’s just a mess. I feel like it has potential but it is no where near the level it sells people on. 

I’ve worked with Qradar, InsightIDR, Sumologic, and Securonix. Sumo is pretty great depending on your organization size. InsightIDR wasn’t bad if you subscribe to the Rapid7 agent model (but my experience was a small org with that one). 

I am in 100% agreement! Securonix is ALWAYS broken. I have used them for 3 years and it has gotten worse. We are in the process of migrating to Sentinel and are loving the stability. Not to mention the SOAR capabilities with LogicApps is great. 

Link to comment
Share on other sites

I've used Qradar, splunk, splunk es, sentinel, elk, securonix and exabeam (though i put them in their own ueba siem bucket).

  • I love ELK because of the speed and scalability that doesn't cost the GDP of a small nation (i'm looking at you spunk). KQL is easy to learn and teach others and Kibana makes it easy to create dashboards.
  • Qradar is solid but is kinda the old guy on the block with nothing that stands out.
  • Exabeam is neat but has some growing pains to overcome with scaling out for large customers
  • securonix didnt get past poc in our shop. it was awful
  • splunk was cool but isn't keeping up with the field in regards to tech (snowflake/cribl/tine stack works much better in my experience than the splunk es, phantom, dsp stack)
  • Hunters.ai is the new hotness, but haven't gotten enough stick time with it to make a judgment call around it yet.
  • Sentinel is awesome minus the ridiculously murky costs once you start integrating all the things into it. Don't even think about exporting out unless you want to pay out the nose. Our azure ad non-interactive audit logs were going to cost 30K a WEEK to store and analyze in Sentinel. 
Edited by synackbar
spelling
Link to comment
Share on other sites

On 11/11/2022 at 10:07 PM, fosec said:

I am in 100% agreement! Securonix is ALWAYS broken. I have used them for 3 years and it has gotten worse. We are in the process of migrating to Sentinel and are loving the stability. Not to mention the SOAR capabilities with LogicApps is great. 

Are you using on-prem or their hosted with Securonix?

Link to comment
Share on other sites

Create an account or sign in to comment

You need to be a member in order to leave a comment

Create an account

Sign up for a new account in our community. It's easy!

Register a new account

Sign in

Already have an account? Sign in here.

Sign In Now
×
×
  • Create New...