Core Security Event Manager consolidates and normalizes data sources to give events context and differentiate true threats from benign activities. The platform streamlines data from numerous applications into one central location, alleviating burdensome workloads from security teams and ensuring they receive only high priority alerts.
Event Manager’s flexibility makes adding customized data easy and virtually limitless. To ingest log information, simply select the log type. Event Manager will then adjust and parse the data according to type and then begin monitoring. This data customization capability adds tremendous value for those leveraging in-house applications.
With a built-in health check, the monitoring capabilities of this SIEM extend even to the system itself. Any and all Event Manager performance issues will trigger an alert so security teams can rest assured that alert silence means all is well with this SIEM. Event Manager also configures, stacks and classifies rules and notifications with ease. Subscribers may choose from several customizable, pre-built data streams and types with various applicable security to reduce alert fatigue and help security teams quickly filter for meaningful information.
We like the single-pane view of the dashboards and its ability to create user-controllable, real-time views. This feature adds a lot of value because it allows for quick access to detailed information, making the user experience feel intuitive. Views can be created on almost anything with extensive sorting, filtering and built-in regulatory views that can be shared. One item that frustrated us, however, was the apparent inability to drilldown into each data point.
The rules and threat feeds generate data automatically, allowing for quick identification of incidents, threats and highlights. Incidents are considered malicious and therefore require immediate investigation and response. Threats are potentially malicious. The SIEM scores them and pushes them to security teams for possible further remediation. Highlights are low priority items. Security teams should be aware of existing highlights but may not need to act on them.
Event Analysis has many valuable filtering abilities that optimize the investigation process. Event Analysis can extend a search so that it includes other data points that occurred around the same time as the event in question, finding correlations and quickly chaining them into the investigation. We noticed the investigation chain is not as graphically impressive as ones in other tools, but this look has little impact on usability and the filtering and event drilldown functionalities more than make up for the outdated aesthetic. One other feature we believe Event Analysis lacks is the ability to drilldown into individual data points. However, hovering over each data point does yield some information.
Overall, Event Manager is very cost-effective and easy to use, which makes it a particularly attractive solution to those who have never had a SIEM. This solution comes with a tremendous amount of intelligence and automated alerts, so security teams of any size can manage it with confidence.
Pricing starts at $9,000 for an annual license subscription and includes 24/7 phone, email and website support. A perpetual license fee option is available, for which support can be purchased at 20 percent of the license fee. Customers also have access to a knowledgebase and FAQ list.
Tested by: Matthew Hreben