![]() ![]() ![]() While this isn't absolute, there exist numerous opportunities to customize ES / Splunk to support custom workflows and enrichment. The value for us in Splunk is the ease of extensibility. One important drawback of this product is the vendor support, some technicians doesn't actually check the issue in detail and ask us to upgrade the product simply and response time is also not that good. Also, the conventional user interface is nor really attractive, but there is an app called analyst workflow, with that it is also sorted. The conventional dashboards are not attractive however, new Pusle Dashboard gives a great visibility. We can also integrate several third party apps which is also an addition advantage. Processing capabilities in QRadar really strong, CRE works without any issues. ![]() Integration of log sources with the QRadar is really easy and the current versions have DSM editor feature, which makes us easy to write custom parser. Integration of Flows in addition the events makes it unique from other SIEM solutions. First of all, The deployment of the solution is quite easy compared with other SIEM solutions. QRadar is one of the best SIEM solution I have ever worked. ![]()
0 Comments
Leave a Reply. |
AuthorWrite something about yourself. No need to be fancy, just an overview. ArchivesCategories |