|
|
|
|
|
|
by jumiejums
1875 days ago
|
|
|
We inherited them a while back. We also just started the decom process. I would say that all in, its just a glorified ELK stack (the advanced search is a Kibana frontend). They tout their advanced AI/ML/Maths/etc. that is supposed to be the golden ticket to all things security. It is not that at all. We tried and tried to get it to a useful state, even with the help of their engineers, and the tool just couldn't get anything that we didn't already have from our other sources (FW, endpoint, etc.). You can't ingest from other sources so it's not really a SIEM even if they tell you they can. You can't to TLS intercept so you get to rely on IP reputation only. You can't use the dashboard "developed by video game designer" because it's so dang heavy and the graphics come before functionality. I guess I will stop my rant there as its a bit all over the place. TLDR; not a good tool for what you are paying for (or maybe at all). It is perfect for checking a compliance box though, so there is that? |
|
|