Exabeam also have their new Auto Parser Generator (APG) tool which helps us create\modify parsers to meet our custom requirements. Cloud migration is easier for Exabeam solutions. I did evaluate their cloud solution and they have a lot of new features. We are also moving towards their cloud journey after 3 & 5 successful years as their Data Lake and UEBA solutions. If you are an MSSP or a SOC manager building your new team and focused on improving your MTTD, identify insider threat, suspicious actors, IT configuration issues, create valuable visualizations to present metrics to higher management then Exabeam is indeed the perfect solution to meet you needs. Exabeam is a great solution when we compare against the traditional SIEM solutions like Splunk, ArcSight, IBM QRadar and I have worked on all their products. I have been a Exabeam customer since 2016 and definitely recommend their solution to anyone who is looking for feedback. The documentation and support for the SIEM product is extensive and easy to find, and without much interaction with LogRhythm support we were able to learn just about any aspect of the highly configurable SIEM. The product has a great community and slack channel where people share ideas or help each other. The setup, installation, and maintenance of the solution is seamless for our implementation. The time saved from using these modules is invaluable for any new business building their security operations center or inhouse monitoring from the ground up, it puts customers ahead of the game by covering most common use cases such as those specific to MITRE ATT&CK which has gained a lot of popularity and the modern standard. It also came with a vast number of threat event patterns and correlations it could detect out of the box, many of those could easily be tailored to different industries, standards or compliance with the different modules that are built-in. The SIEM supports one of the largest number of information systems and logging sources out of the box which made the transition from deployment to production very quick. They have also worked on providing many ways to increase automation and incident response capabilities by expanding their APIs, integration capabilities and toolsets (LR Tools Powershell module). The product and it's features have continued to evolve over the past 4 years that I've managed it by making it easy for new and veteran analysts to get the information they need in a timely fashion. The LogRhythm SIEM is an extremely well rounded platform, definitely one of the best on the market when compared to the many other products I've used in the 11 years of my career in information security. How these categories and markets are defined The technology provides real-time analysis of events for security monitoring, query and long-range analytics for historical analysis. The data may be normalized, so that events, data and contextual information from disparate sources can be analyzed for specific purposes, such as network security event monitoring, user activity monitoring and compliance reporting.
Event data is combined with contextual information about users, assets, threats and vulnerabilities. The primary data source is log data, but SIEM technology can also process other forms of data, such as network telemetry. SIEM technology aggregates event data produced by security devices, network infrastructure, systems and applications. Gartner defines the security and information event management (SIEM) market by the customer’s need to analyze event data in real time for early detection of targeted attacks and data breaches, and to collect, store, investigate and report on log data for incident response, forensics and regulatory compliance.