"It's very easy for anyone to work with." "The solution is easy to use and user-friendly." "The most valuable feature is the anomaly-reporting alarms." "I like the various options, including the option for CMDB and the easier access to create rules, playbooks, or use cases. Devo is pulling back information in a fast fashion, based on real-time events." The way that their architecture and technology works, they've really focused on the speed of query results and making sure that we can do what we need to do quickly. There are a lot of data feeds going into it and it's very quick at pulling up and correlating the data and showing you what's going on in your infrastructure. You'd have a backlog of processing the logs as it was ingesting them." "The real-time analytics of security-related data are super. This meant that if you didn't build the parser efficiently or correctly, sometimes that would bring the system to its knees. From the previous SIEM that I came from and helped my company administer, it really was the type of system where data was parsed on ingest. You don't need a lot of training, because the UI is relatively very intuitive." "The most valuable feature is definitely the ability that Devo has to ingest data. You can easily get a report combining your data, along with calculations and graphical dashboards. The table can be as big as you want it, depending on your use case. The UI has a graphically interface with the raw data in a table. It's very appealing in terms of the user interface. I can write a query that says, 'Join all these things together on IP, and where the IP matches in all these tables, return to me that subset of data, within these time windows.' I can break it down that way." "Even if it's a relatively technical tool or platform, it's very intuitive and graphical. Let's say I have a table which has Okta, a table which has G Suite, a table which has endpoint telemetry, and I have a table which has DNS telemetry. And I can do that by creating entity-based queries.
#SPLUNK ENTERPRISE VS SPLUNK ENTERPRISE SECURITY FULL#
As our users start to use it and adopt this system, we expect people to be able to do those long-term analytics." "Devo helps us to unlock the full power of our data because they have more than 450 parsers, which means that we can ingest pretty much any type of log data." "The thing that Devo does better than other solutions is to give me the ability to write queries that look at multiple data sources and run fast. That's one reason that having 400 days of live data is pretty huge. Our users were constantly asking us for at least 90 days, and we really couldn't even do that. In the past, our operational norm was to keep live data for only 30 days. And they can not only do so from a security point of view, but even for operational use cases. The UI is very clean." "Those 400 days of hot data mean that people can look for trends and at what happened in the past. As an end-user, there are a lot of possibilities to tailor the platform to your needs, and that can be done without needing much support from Devo. With this kind of platform, you have that information in real-time." "The user interface is really modern. Splunk Enterprise can be classified as a tool in the "Log Management" category, while FortiAnalyzer is grouped under "Security"."In traditional BI solutions, you need to wait a lot of time to have the ability to create visualizations with the data and to do searches. Functions such as viewing/filtering individual event logs, generating security reports, alerting based on behaviors, and investigating activity via drill-downs are all key features of FortiAnalyzer. It offers centralized network security logging and reporting for the Fortinet Security Fabric. What is FortiAnalyzer? Analytics-Powered Security and Log Management. Splunk Enterprise delivers massive scale and speed to give you the real-time insights needed to boost productivity, security, profitability and competitiveness. What is Splunk Enterprise? Splunk Enterprise is the easiest way to aggregate, analyze, and get answers from your machine data. Splunk Enterprise vs FortiAnalyzer: What are the differences?
0 kommentar(er)
