Our company is a system integrator for Rapid7 InsightIDR. We use the latest SaaS version of the product. Rapid7 InsightIDR works as the foundation of the security operation center in our company. The solution is used in our organization for data ingesting for multiple security devices and solutions. Rapid7 InsightIDR provides insights and stability on the security aspects of the company.
Director of Solutions and Alliances at a tech services company with 1-10 employees
Offers unconventional detection rules and native integration features
Pros and Cons
- "The solution provides satisfying native integration features"
- "The searching feature in Rapid7 InsightIDR needs to evolve"
What is our primary use case?
What is most valuable?
The unconventional detection rules of Rapid7 InsightIDR are quite beneficial. The solution provides satisfying native integration features.
What needs improvement?
The searching feature in Rapid7 InsightIDR needs to evolve. For instance, when pursuing an incident handling task, extensive searching is required, and the solution's own query language can only be used. In situations similar to the aforementioned example, the solution becomes difficult to use. It would be interesting if the vendor could make the search feature like the Google search engine.
For how long have I used the solution?
I have been working with Rapid7 InsightIDR for three years.
Buyer's Guide
Rapid7 InsightIDR
October 2024
Learn what your peers think about Rapid7 InsightIDR. Get advice and tips from experienced pros sharing their opinions. Updated: October 2024.
814,649 professionals have used our research since 2012.
What do I think about the stability of the solution?
Overall, the solution is stable enough. I would rate the stability a nine out of ten.
What do I think about the scalability of the solution?
The product's scalability seems good enough. In our company, we are able to manage a couple of thousand devices comfortably using only one single tenant.
Through our company, thousands of users are using the interface of Rapid7 InsightIDR to process data and check incidents. I have implemented data ingestion for couple of thousand devices that include virtual machines, switches, routers and firewalls.
For all the aforementioned devices we haven't faced any issues in our company. Rapid7 InsightIDR is used in our company, majorly for medium and enterprise grade customers, where some enterprises have more than 5000 employees and some less than that.
How are customer service and support?
Our company mostly receives fast and suitable support from Rapid7 InsightIDR, but sometimes the response arrives quite slow. I would rate the technical support a seven out of ten.
How would you rate customer service and support?
Neutral
How was the initial setup?
I would rate the initial setup a nine out of ten. It's quite straightforward to put the solution to work. Once Rapid7 InsightIDR activates the tenant, the deployment process becomes straightforward. In our company, we just download the agents and install them in the customers' virtual machines.
Following the aforementioned step, some integration with Azure Entra ID authentication services or on-prem authentication is required. Thus, some base integration is required for login data. For the final stage of deployment, as part of the company, we configure a couple of customizations for the detection rules to start ingesting data; the niche customizations can be performed easily for the use cases.
In our company we have an engineering deployment team who are highly skilled in setup processes. For client companies with less than 500 devices, usually one full-time engineer is enough for the deployment. For clients with 500 devices, when we at our company use automation to deploy the agents, it takes only a couple of days to finish the deployment process.
What's my experience with pricing, setup cost, and licensing?
The solution has a mid-range price point in the market. The licensing cost depends on the customer size and the negotiation on whether to add IVM. There are multiple add-ons to the base licensing fee, we use them only for specific customers of our organization. The additional licenses increase the pricing drastically, so we try to stick with the base license at our company.
What other advice do I have?
At our company, along with Rapid7 InsightIDR we use multiple cloud providers like Azure, Google, Oracle and AWS infrastructure to ingest data.
I would advise others to select a reliable system integrator to implement Rapid7 InsightIDR for the correct use cases or business needs. The solution is satisfying, but there are multiple other solutions in the market, and having a partner can help a customer explore all the options before adopting one. Overall, I would rate Rapid7 InsightIDR an eight out of ten.
Disclosure: My company has a business relationship with this vendor other than being a customer: reseller
Last updated: May 29, 2024
Flag as inappropriateMarketing Expert at a comms service provider with 51-200 employees
A cost-effective and stable solution but lacks an AI-driven capability
Pros and Cons
- "It improves because several sensors are deployed within the on-premise environment. It can be very efficient if the customer implements and operates it effectively."
What needs improvement?
The solution lacks an AI-driven capability. While other competitors emphasize AI as the most important feature.
For how long have I used the solution?
I have been using Rapid7 InsightIDR as a distributor for seven years.
What do I think about the stability of the solution?
The product's stability is high. I rate the solution’s stability an eight out of ten.
What do I think about the scalability of the solution?
Due to its cloud-based nature and numerous agents, its scalability is high. This, combined with its on-premise environment, ensures rapid performance. It can handle several thousand. It is best suited for large-scale businesses.
How are customer service and support?
Support is slow. I'm not satisfied with the support so far.
How would you rate customer service and support?
Neutral
How was the initial setup?
Due to the product's complexity, the initial setup can be challenging. Additionally, setting up the product and training the customer can be quite demanding. Deploying the appliance or sensor on-premises can take up to twelve months.
What's my experience with pricing, setup cost, and licensing?
The product pricing is very cheap.
What other advice do I have?
InsightIDR automates everything through InsightConnect in a seven-day cycle.
The product has improved significantly since its inception. However, based on feedback I've received from other products in the market, aside from InsightIDR.
It improved because several sensors are deployed within the on-premise environment. It can be very efficient if the customer implements and operates it effectively.
If you combine it with InsightIDR, then it may become more compact. Maybe IBM was a bit larger. So, having MDR is the main key point for this product.
Overall, I rate the solution a four out of ten.
Which deployment model are you using for this solution?
Public Cloud
Disclosure: My company has a business relationship with this vendor other than being a customer: Reseller
Last updated: Jun 3, 2024
Flag as inappropriateBuyer's Guide
Rapid7 InsightIDR
October 2024
Learn what your peers think about Rapid7 InsightIDR. Get advice and tips from experienced pros sharing their opinions. Updated: October 2024.
814,649 professionals have used our research since 2012.
Director of Technology at a tech vendor with 11-50 employees
Offers capabilities in areas like threat intelligence and vulnerability management but needs to improve support
Pros and Cons
- "Scalability-wise, I rate the solution a ten out of ten. As a cloud tool, the product is highly scalable."
- "It takes time for the product's support team to resolve issues, making it an area of concern where improvements are required."
What is most valuable?
The most valuable feature of the product for managing security events stems from the fact that the product's intelligence part is very good since it offers its own threat intelligence and vulnerability management platform. The tool also has its own cloud security posture management platform. The tool also is a dynamic application security testing platform. The aforementioned tools fall under Rapid7 InsightIDR's kitty. The intelligence and the data that Rapid7 gathers from customers across the globe enrich the quality of its detection capabilities. All other tools in the market depend on third-party solutions for intelligence. Rapid7 InsightIDr has the intelligence part natively available within the product, giving it a good edge over other vendors.
What needs improvement?
I believe that Rapid7 InsightIDR has moved to a complete cloud-first strategy. The tools offered by Rapid7 InsightIDR are amazing. The product should have provided some capabilities to users who wanted to stay or use the tool's on-premises version, as it would have provided the solution with more acceptance in the market, especially in the Middle East region.
It takes time for the product's support team to resolve issues, making it an area of concern where improvements are required.
For how long have I used the solution?
I have been using Rapid7 InsightIDR for three to four years.
What do I think about the stability of the solution?
As I haven't heard any complaints about the product, I rate the solution's stability a nine out of ten.
What do I think about the scalability of the solution?
Scalability-wise, I rate the solution a ten out of ten. As a cloud tool, the product is highly scalable.
The product is meant for medium-sized customers and large enterprises and not for corporate or government organizations since the product is available only on the cloud. Customers who have the privilege of using cloud solutions can use Rapid7 InsightIDR. Cloud solutions' use is less in government spaces in the Middle East region since there are some regulations to use cloud-based products. In the private space, I feel that Rapid7 InsightIDR is considered to be a fairly strong product.
It is difficult for enterprise businesses to use the solution, especially the ones regulated by governments. There are no problems with the solution when it comes to a private company or a private enterprise. I think Rapid7 InsightIDR provides the best tools. The tool won't work for you if you are not allowed to use a public cloud.
How are customer service and support?
I rate the technical support a six to seven out of ten.
How would you rate customer service and support?
Neutral
What other advice do I have?
The tool has improved the efficiency of security incident detection and response in our company as it works fairly well. It is possible to enhance the capabilities of the platform since the solution offers a whole stack or suite of tools. When dealing with Rapid7 InsightIDR, you will see the integration capabilities offered are extremely seamless. Rapid7 InsightIDR offers its own set of features that enrich the capabilities of the vulnerability management tool. In general, the product's features increase the solution's overall capabilities in terms of reporting and detection of vulnerabilities.
I can't remember a scenario where the product was effective in threat hunting or investigation. Rapid7 InsightIDR is a very acceptable product for people who want a cloud-based solution. The product is not available on an on-premises version. The product can be useful for industries ranging from SMBs to large-sized companies where there is a need for a tool that can be very easily rolled out at a very effective and attractive price point that gives them very good coverage from a cybersecurity perspective.
Speaking about how the product has enhanced the security posture in our company, I would say that I am not really sure about the capabilities of the UABA part of the solution since I haven't seen many use cases around it.
Rapid7 InsightIDR mean time-to-detect and mean time-to-respond are fairly good because Rapid7's support team does pick up a ticket whenever it is raised from the users' end, but its mean time-to-resolve has some concerns since some of the tools under Rapid7 are available on an on-premises model. In specific to InsightIDR, I think that everything is very good, including areas like detection, MTTD, and MTTR, which are very good in InsightIDR specifically. The product can improve a bit in the area of MTTD and MTTR.
Rapid7 InsightIDR's integration capabilities with other tools are not an area I have experience with since the product is completely available on the cloud. I believe that whatever integrations users want from the product would work since it is a solution that is available on the cloud. I don't have personal experience with the integration part.
I rate the overall tool a seven out of ten.
Which deployment model are you using for this solution?
Public Cloud
Disclosure: My company has a business relationship with this vendor other than being a customer: Partner
Last updated: Mar 4, 2024
Flag as inappropriateSecurity Solution Engineer II at a security firm with 501-1,000 employees
Quick to deploy and helpful in detecting and responding to security incidents before there is a big outage
Pros and Cons
- "The biggest reason why we chose Rapid7 was to gain value in a really quick time. Its deployment doesn't take months. It just takes a few days."
- "One of the things that could be better is digital forensics. It is there, but it can be better. They could provide more on the endpoint detection level."
What is our primary use case?
I used it in my previous company. We were the integrator of the solution, and also a partner of Rapid7 at the time.
We used it for security monitoring and also for analytics. We used it for our own company, and like an MSSP, we sold this to our customers. So, we did security monitoring for our customers and interim response for them.
It was cloud-based, and I was using its latest version.
How has it helped my organization?
Previously, when something happened, such as when a hacker was attacking one of our customers, we were always behind, or we didn't know that we were hacked until the ransomware started. With the Rapid7 solution, at every step, we could online see what a person was doing, and we could prevent ransomware. Previously, we could never say it can be really prevented, but with Rapid7, we could see the first steps of what they were trying to do, and we could mitigate those steps before there is a big outage.
What is most valuable?
The biggest reason why we chose Rapid7 was to gain value in a really quick time. Its deployment doesn't take months. It just takes a few days.
When something is happening, such as there is hacking or something else going on, the information provided is really helpful. It almost tells you what to do. It is enriched with a lot of information.
What needs improvement?
One of the things that could be better is digital forensics. It is there, but it can be better. They could provide more on the endpoint detection level.
It could have intelligence. It is available as a separate product but not as a part of the platform itself.
What do I think about the stability of the solution?
It is definitely stable. We never have any outages. I would rate it a ten out of ten in terms of stability.
What do I think about the scalability of the solution?
It is definitely scalable. I would rate it a ten out of ten in terms of scalability.
We had six users who were monitoring the systems. There were 10 customers with about 10,000 employees in total.
How are customer service and support?
They are responsive, but there is scope for improvement. I would rate them an eight out of ten.
How would you rate customer service and support?
Positive
How was the initial setup?
It is straightforward. I would rate it a nine out of ten in terms of the ease of setup.
In terms of maintenance, it is all cloud-based. So, the maintenance is done by the vendor.
What was our ROI?
It must be really high, but we never looked at the real numbers.
What's my experience with pricing, setup cost, and licensing?
It is on a yearly basis. For our own company, for about 250 users, it was 16,000 euros a year.
Which other solutions did I evaluate?
We had a list of three products. We tried them all, and in the end, we went for Rapid7 because it was easy to deploy, and it required little or no maintenance. The price was another reason.
What other advice do I have?
One of the biggest reasons why we chose it as our security platform was that it is not only for security monitoring. We could see a lot of improvements coming over the next couple of years. Automation is one of the things that will be really important in the next few years. It is already there, but we didn't buy it.
I would rate it a nine out of ten.
Disclosure: My company has a business relationship with this vendor other than being a customer: Partner
Information Security Systems Administrator at a non-tech company with 5,001-10,000 employees
I am able to run automated actions based on the output of reports
Pros and Cons
- "I am able to run automated actions based on the output of reports, leaving me extra time to focus on more pressing matters."
- "The ability to ingest Office 365 log files, then process them into events and display them on a map."
- "The technical support is a solid 10 out of 10 as they take the time to answer any questions or problems which may arise in a reasonable time frame."
- "I feel it would greatly benefit from more supported log sources."
- "The ability to tune the collector for custom logs would greatly help."
What is our primary use case?
Visibility and response.
How has it helped my organization?
I am able to run automated actions based on the output of reports, leaving me extra time to focus on more pressing matters.
What is most valuable?
The ability to ingest Office 365 log files, then process them into events and display them on a map. This feature is particularly useful as it allows us to view students who are attempting to bypass our content filters, and it shows us users who have been phished.
What needs improvement?
Personally, I feel it would greatly benefit from more supported log sources. Additionally, the ability to tune the collector for custom logs would greatly help.
For how long have I used the solution?
Less than one year.
What do I think about the stability of the solution?
Product is cloud-based. Thus far, it has proven to be stable.
What do I think about the scalability of the solution?
No product scales extremely well
How is customer service and technical support?
The technical support is a solid 10 out of 10 as they take the time to answer any questions or problems which may arise in a reasonable time frame.
How was the initial setup?
Initial setup was straightforward.
What about the implementation team?
I had a support engineer sit with me through the whole process over the course of three days. He was a huge help!
What's my experience with pricing, setup cost, and licensing?
This is a great product. The team is very willing to work with companies. My suggestion is to call the Rapid7 sales department and see how they can help.
Which other solutions did I evaluate?
We did PoC with a couple of other products. However, Rapid7 InsightIDR was the best product for our needs and budget.
We evaluated LogRhythm and AlienVault. Both were inferior in regards to pricing or performance.
Disclosure: PeerSpot contacted the reviewer to collect the review and to validate authenticity. The reviewer was referred by the vendor, but the review is not subject to editing or approval by the vendor.
Information Security Officer at PTCI
Dashboards provide critical information at a glance, without hours of coding
Pros and Cons
- "Dashboards, including the main screen, provide much-needed information at a glance, without hours of coding and sifting through logs to find it. In case of an actual security incident, I have faith that insightIDR has retained all logs in a secure manner that prevents log tampering as well."
- "InsightIDR’s ability to process millions of transactions per day, and to notify me of the most critical ones, is priceless. InsightIDR has the alerts tuned, and has the ability to quickly drill down to determine the threat level."
- "Another very important part of insightIDR is the ability to collect data from endpoint devices via agent software. With a large remote workforce, this allows visibility into the endpoints that are connected to the internet, but not to the corporate network."
- "I would like the ability to adjust the threshold of certain existing alerts. Currently the only option is to change the notifications or create my own alert."
What is our primary use case?
I was looking for a behavior analytics solution to help me monitor our users' activity and to notify of any suspicious activity.
InsightIDR was able to meet those needs and even exceed it by providing full SIEM capabilities, even for devices they don’t support directly. Most importantly, I don’t need a team of people dedicated to log collecting and sifting.
How has it helped my organization?
With the full suite of Rapid7 products, I am able to provide effective oversight to the information security program with measurable progress. This is a very difficult thing to measure with the ever-changing threat landscape. Dashboards, including the main screen, provide much-needed information at a glance, without hours of coding and sifting through logs to find it. In case of an actual security incident, I have faith that insightIDR has retained all logs in a secure manner that prevents log tampering as well.
What is most valuable?
InsightIDR’s ability to process millions of transactions per day, and to notify me of the most critical ones, is priceless. InsightIDR has the alerts tuned, and has the ability to quickly drill down to determine the threat level, which is very important to me as a one-person security department.
Another very important part of insightIDR is the ability to collect data from endpoint devices via agent software. With a large remote workforce, this allows visibility into the endpoints that are connected to the internet, but not to the corporate network.
What needs improvement?
I would like the ability to adjust the threshold of certain existing alerts. Currently the only option is to change the notifications or create my own alert.
For how long have I used the solution?
One to three years.
What do I think about the stability of the solution?
I have not encountered any stability issues with the local collector. On the rare occasion that the cloud part of insightIDR is undergoing maintenance or having other issues, I usually receive a notification from Rapid7 before I even notice a problem.
What do I think about the scalability of the solution?
I have not seen any issues with scalability. On average, insightIDR is processing about 60 million events per day from my environment.
How are customer service and technical support?
The technical support folks at Rapid7 are a great bunch of folks. I haven’t had much need to contact them, but when I have they have been extremely professional and will escalate issues and suggestions to developers, if needed.
Which solution did I use previously and why did I switch?
I actually purchased the predecessor, InsightUBA, which quickly changed into the insightIDR that we have today. There was no other previous solution.
How was the initial setup?
Setup was extremely simple. An implementation specialist was assigned to me to help get me started and to learn my environment and challenges.
For the most part, all communications are sent to a log aggregation server. It is as simple as pointing syslogs to that server. For some, such as Active Directory and Exchange, there are plugins that are simple to install on those servers to make sure the appropriate logs are sent.
From InsightIDR, it is as simple as choosing from a list of supported log sources, or you can create a generic log source by specifying a port number. It’s that simple.
What's my experience with pricing, setup cost, and licensing?
Licensing is straightforward. If, for some reason, you don’t meet the minimum licensing requirements, there is a third-party managed service that can help.
Which other solutions did I evaluate?
I did not consider any other options in depth. Most other options I saw required one or more full-time employees to maintain.
What other advice do I have?
In the past I have made several requests and have had the opportunity to work with developers and user-interface specialists to add enhancements to the product. The effort that Rapid7 puts into the user interface, after gaining first-hand use-case information directly from us, the end users, is unprecedented. Even when I worked for much larger companies, I did not see so many suggestions turn into reality.
Be sure to take full advantage of the agents. I have not seen any performance problems on the endpoints, and having this level of information from outside the network is difficult otherwise.
Disclosure: PeerSpot contacted the reviewer to collect the review and to validate authenticity. The reviewer was referred by the vendor, but the review is not subject to editing or approval by the vendor.
Coordinator & Teacher at Pahldata
A stable solution that works well for playbooks and viewing events
Pros and Cons
- "The solution is very stable and works very well for what I need it to do."
- "The main problem lies in the processes within the client's operating systems."
What is our primary use case?
Normally, we use the solution as an event viewer to collect and resume cases and playbooks.
What needs improvement?
The main problem lies in the processes within the client's operating systems. XDR is superior to CMs. Observing how the processes function within the machine is essential if you are monitoring the client or servers, and not only the event with the first or second line but the third line is most important.
For how long have I used the solution?
I've been familiar with the solution for six months.
What do I think about the stability of the solution?
The solution is very stable and works very well for what I need it to do. The solution is completely different in an experienced environment and a real environment.
Which solution did I use previously and why did I switch?
I have worked with Wazuh before, but only to try it. Wazuh is more or less the same as Rapid7 InsightIDR.
What other advice do I have?
I rate Rapid7 InsightIDR an eight out of ten.
Disclosure: I am a real user, and this review is based on my own experience and opinions.
Information Security Manager at a tech vendor with 51-200 employees
Users/endpoints focus gives us more understanding of network events, allowing us to see behavior patterns
Pros and Cons
- "The incident case management is the most valuable feature. Even though there's always something I find I would like to add to that feature, the ability to quickly sort through all the logs, network and endpoint data, etc., and add it to an incident case as part of the investigation, is nice. Having it automatically timeline that additional data into the original incident timeline, and correlate it to other notable events and activities on the network, results in a huge improvement in our overall confidence that we've quickly traced down the right source of an issue."
- "The reporting is the weakest aspect. There needs to be multi-level grouping for events (for example, group by user and destination). Right now, we can do a group by user and a separate table or group by destination. But I'd be more interested in where a person was logging into instead of who was logging in or where he was logging in."
What is our primary use case?
Centralized SIEM / Intrusion Detection System.
How has it helped my organization?
The focus on users/endpoints gives us so much more understanding of the events going on across the network, allowing us to step back from looking at logs only to see the actual behavior patterns instead.
What is most valuable?
The incident case management is the most valuable feature. Even though there's always something I find I would like to add to that feature, the ability to quickly sort through all the logs, network and endpoint data, etc., and add it to an incident case as part of the investigation, is nice. Having it automatically timeline that additional data into the original incident timeline, and correlate it to other notable events and activities on the network, results in a huge improvement in our overall confidence that we've quickly traced down the right source of an issue.
What needs improvement?
The reporting is the weakest aspect. There needs to be multi-level grouping for events (for example, group by user and destination). Right now, we can do a group by user and a separate table or group by destination. But I'd be more interested in where a person was logging into instead of who was logging in or where he was logging in.
For how long have I used the solution?
One to three years.
What do I think about the stability of the solution?
We have rarely encountered any issues with stability. The primary source of stability issues has been the couple times where there have been lost log messages online. While that's unavoidable, it's definitely not desirable if I happen to have an incident at that time.
What do I think about the scalability of the solution?
We haven't had any issues with scalability yet. (We'll keep trying).
How are customer service and technical support?
Technical support for InsightIDR has been fantastic. We've used Rapid7 for over a year now, and, while support calls happen, it's rarely over something simple that's just not working. Normally we call because of something heavily situational, and the techs have always figured it out.
Which solution did I use previously and why did I switch?
A private ELK stack was used originally. We moved off of it as we wanted to ensure that we were focusing on the security of the company, and not writing log parsing rules all day.
How was the initial setup?
The initial setup was pretty straightforward, but it takes a little bit of a mental leap to understand how it all works together. What's key to remember is that it is user and endpoint centric, and not account centric. That means that, over time, it will start associating user.a on host1 to user.a on host2 and treating them as the same. It could be a little confusing for some companies if they don't use standardized permissions or don't use administrative-only accounts, but for most current user-access mechanisms, it shouldn't lead to any abnormal results.
What's my experience with pricing, setup cost, and licensing?
Licensing is by endpoint and amount of retention time (at least ours is). Default retention was one year, but we are able to push the retention further if needed. There's also a provide-your-own-S3 option for longer retention if you don't want to pay for the additional retention years in your Rapid7 agreement.
Which other solutions did I evaluate?
AlienVault, LogRhythm, Qualys.
What other advice do I have?
Have a plan going forward (Syslog exports, agent-based collection, etc.) and ensure WMI is available if using Windows Servers. It was very easy to set up, but troubleshooting can be "fun" if an endpoint doesn't connect correctly. Don't be shy of support requests. They'd rather you be "that person" that keeps getting support, rather than being the one that ran into an issue and stopped using the product.
Disclosure: PeerSpot contacted the reviewer to collect the review and to validate authenticity. The reviewer was referred by the vendor, but the review is not subject to editing or approval by the vendor.
Buyer's Guide
Download our free Rapid7 InsightIDR Report and get advice and tips from experienced pros
sharing their opinions.
Updated: October 2024
Product Categories
Security Information and Event Management (SIEM) User Entity Behavior Analytics (UEBA) Endpoint Detection and Response (EDR) Threat Deception Platforms Extended Detection and Response (XDR)Popular Comparisons
CrowdStrike Falcon
Microsoft Defender for Endpoint
Fortinet FortiEDR
Splunk Enterprise Security
Microsoft Sentinel
SentinelOne Singularity Complete
Darktrace
Cortex XDR by Palo Alto Networks
Commvault Cloud
Microsoft Defender XDR
IBM Security QRadar
Elastic Security
Sophos UTM
Buyer's Guide
Download our free Rapid7 InsightIDR Report and get advice and tips from experienced pros
sharing their opinions.
Quick Links
Learn More: Questions:
- What SOC product do you recommend?
- Is Rapid7 InsightIDR the right choice to be used in SOC?
- What is the difference between IDR and EDR?
- What Solution for SIEM is Best To Be NIST 800-171 Compliant?
- When evaluating Security Information and Event Management (SIEM), what aspect do you think is the most important feature to look for?
- What are the main differences between Nessus and Arcsight?
- Which is the best SIEM solution for a government organization?
- What is the difference between IT event correlation and aggregation?
- What Is SIEM Used For?
- What Questions Should I Ask Before Buying SIEM?