Gurucul's data enrichment could be improved. As a security professional, I want to consolidate all these log sources and data to the user, entity, or resource. More advancements are required, especially in enriching security data or attack response. I would like to see more improvements there. The documentation could also be better. Every user and resource has a timeline that lists all the events so we can analyze that particular system and what is happening. We would like to have an option where we can only list the confirmed security threat-related activities for a particular user rather than all activities. This way, we can see what kind of risk is reported for this user and be able to monitor them better.
Founder and CEO at Woodside Security Consultants, LLC
Reseller
Top 10
2023-10-04T20:24:00Z
Oct 4, 2023
The user interface could be made simpler. The truth is that there is such a shortage of qualified security professionals that customers who are not paying for world-class SOC services may end up with less trained, less experienced staff looking at the alerts and reports. This can make it difficult for them to tweak the reporting engine to properly identify what they are discovering and report it to the customer. I'm not sure if this is as much a Gurucul issue as it is a problem with the staff using the tool. However, the simpler the interface and the easier it is to perform basic functions, the better. I don't think this is something that is ever truly complete. The whole purpose of product improvements and constant iteration and development is to address these kinds of issues.
Gurucul Next Gen SIEM is used for threat detection and response, leveraging machine learning to identify anomalies and breaches. It provides advanced analytics, security event investigation, and compliance management.
Organizations use Gurucul Next Gen SIEM primarily for its robust capabilities in threat detection and response. Its machine learning algorithms effectively identify anomalies and potential breaches, making it a key tool for preventing insider threats. The platform features...
Gurucul's data enrichment could be improved. As a security professional, I want to consolidate all these log sources and data to the user, entity, or resource. More advancements are required, especially in enriching security data or attack response. I would like to see more improvements there. The documentation could also be better. Every user and resource has a timeline that lists all the events so we can analyze that particular system and what is happening. We would like to have an option where we can only list the confirmed security threat-related activities for a particular user rather than all activities. This way, we can see what kind of risk is reported for this user and be able to monitor them better.
The user interface could be made simpler. The truth is that there is such a shortage of qualified security professionals that customers who are not paying for world-class SOC services may end up with less trained, less experienced staff looking at the alerts and reports. This can make it difficult for them to tweak the reporting engine to properly identify what they are discovering and report it to the customer. I'm not sure if this is as much a Gurucul issue as it is a problem with the staff using the tool. However, the simpler the interface and the easier it is to perform basic functions, the better. I don't think this is something that is ever truly complete. The whole purpose of product improvements and constant iteration and development is to address these kinds of issues.