ManageEngine’s SIEM portfolio consists of its core ManageEngine Log360 SIEM offering and several modules that can integrate with it to extend its value proposition — particularly for Microsoft and cloud environments — and are capable of addressing security as well as IT operations use cases. These include ManageEngine EventLog Analyzer (central log management), ManageEngine ADAudit Plus (Active Directory change auditing and reporting), ManageEngine Cloud Security Plus (CLM and SIEM for AWS and Azure), ManageEngine O365 Manager Plus (Office 365 security and compliance) and ManageEngine Exchange Reporter Plus (Exchange Server change audits and reporting).
ManageEngine Log360: a web-based cloud-hosted service
ManageEngine Log360 is available for on-premises deployments as software for physical or virtual systems, with perpetual or term licensing, and pricing is based on the number of assets in scope. Individual components are licensed based on the volume of assets (which vary depending on the specific component). A notable outlier is ManageEngine Log360 Cloud, which is only offered as a web-based cloud-hosted service, available as a subscription with pricing based on the number of cloud accounts in scope, with upsell pricing for additional AWS S3 buckets.
Since August 2017, ManageEngine Log360 is at version 5.0, with the latest update in April 2018 offering deeper integration with ManageEngine Exchange Reporter Plus. Other notable enhancements this year include the update to ADAudit Plus 5.1 to support Azure Audit data, or EventLog Analyzer version 11.12 with column integrity monitoring to support GDPR.
Midsize organizations with Windows-centric and AWS/Azure environments that want to address IT operations and basic threat detection uses cases should consider ManageEngine.
Strengths
• The vendor’s focus is on cloud environments, with native and seamless integration with several IaaS/PaaS offerings (e.g., AWS and Azure), as well as some SaaS cloud applications (e.g., Salesforce).
• There is a focus on Microsoft environments with native and seamless integration with Windows infrastructures. Autodiscovery features for Windows systems and Microsoft SQL/IIS devices allow for faster deployment in Windows-centric environments.
• The ability to capture information is strong as a variety of capture methods are supported and automatic parsing of fields from new data sources is supported. The native ability to monitor hypervisor activities specifically is well-supported.
• Comprehensive out-of-the-box content is offered, with 700 parsers, 200 correlation rules, 2,000 dashboards and prebuilt reports for compliance requirements (e.g., GDPR, PCI-DSS, HIPAA, FISMA, ISO27001).If you wish to require more information of any
Should you require more details of the above mentioned products, please do not hesitate to contact us.
Source: Gartner report 2018: Magic Quadrant for Security Information and Event Management