Siem reviews from Reddit
Summary
We analyzed 255 Reddit reviews across 14 subreddits and 46 posts to rank the best Siem brands recommended by redditors, including communities like r/cybersecurity, r/sysadmin, r/msp, r/AskNetsec, r/networking. Top-rated brands include Wazuh (4.8/5), Splunk (4.4/5), Security Onion (4.2/5).
Stats
Reviews255
Subreddits14
Posts46
Brands78
Products41
255 reviews from
and
By Brand
/By Product
#1
Wazuh
4.8
(21)
"If I was going open source I'd 100% go Wazuh. Spun it up a while back and spent some time working with it and was very impressed."
"Just got Wazuh installed since it's a fork of OSSEC and it works amazing."
"We recommend these top open source siem tools 1) Wazuh"
"Look into wazuh features, I think you will love it when has no siem in place yet. Totally free"
"Wazuh. Its free."
"Wazuh if you got the tech chops for it."
"Id go for Wazuh for servers instead."
"We are looking to roll out wazuh across our server infrastructure."
"I have to say it's fairly easy to deploy and maintain IF you read the docs."
"Wazuh! Easy to deploy."
#2
Splunk
4.4
(22)
"There are lots of free resources to start learning Splunk - start with https://www.splunk.com/en_us/training.html"
"Get an AWS account and configure logging to a Splunk instance whether in an ec2, ecs, or locally. Then look at building some alerts in Splunk and attempt to trigger them. If you don’t care for the infra side, look into the Splunk attack range https://github.com/splunk/attack_range."
"I'd only use Splunk or Elastic, because I'm most familiar with them."
"Splunk here. I use a dev license in my Homelab 10GB ingestion a day and the license last 6 months."
"Splunk"
"I use splunk. Just run the syslogng package on Pfsense and send data to splunk that way"
"Splunk is the nicest/easiest."
"Highly recommended the "Enterprise Security" add on application. It is so much easier for our users to use than Arcsight."
"Splunk remains solid for large enterprises but Elastic is catching up fast."
"A simpler siem like Splunk (which I use at home)"
#3
Security Onion
4.2
(18)
"I highly recommend Security Onion."
"If you need a free/minimal cost I highly recommend Security Onion and Elastic Security"
"Security Onion! It's free and not too hard to setup."
"Security Onion."
"Check out securityonion. It's free and provides a great set of tools."
"I don't know how they did it, but they got all the different security tools that you'd want in a siem to work together. it's fucking magic."
"Security Onion is worth looking into imo."
"Security onion is a really good option."
"Try Security Onion. Seems like it might fit your needs."
"Sec onion is easy to setup and free for almost anything you would need in the home lab environment."
#4
Graylog
4.1
(17)
"Its incredibly easy to set up and has an active community."
"Graylog is an enterprise-ready tool out of the box, without any licensing."
"Everyone is super happy with Graylog."
"Highly recommend graylog :)"
"I run product mgmt at Graylog. We are hyperfocused on developing capabilities for efficient security operations."
"We use graylog + wazuh + securityonion + automation."
"Graylog, its free, fairly okay to config for security events."
"Greylog, elk, splunk, etc"
"Deploy the open source version of Graylog which has no limits on throughput but doesn't have a couple of features found in the Enterprise version."
"I use Graylog and SecurityOnion. Graylog more for the generic syslog role and the Onion for more SIEM roles."
#5
Rapid7
4.2
(11)
"Rapid7 InsightIDR Advanced...great tool, as it's easy to implement."
"Rapid7 InsightIDR."
"Rapid7 Insight IDR is dead simple and works very well for us."
"Rapid7, Adlumin."
"I would recommend rapid7 insightIDR."
"Rapid7 InsightIDR"
"Rapid7 MDR looks really, really good especially as they added Velociraptor and Minerva Labs functionality after the acquisition."
"I recommend Rapid7 IDR."
"Rapid 7 IDR: https://www"
"Rapid7IDR is pricey but covers endpoint, incident response, vulnerability mgt, siem, threat hunting l, and others in one platform."
#6
Blumira
4.3
(9)
"Blumira has been great for us"
"Pretty happy with Blumira so far."
"Blumira's SIEM is literally built for small companies."
"Blumira might be worth a look."
"If everyone else likes blumira go with the masses."
"A few I've used and liked: Blumira."
"Blumira."
"Blumira, not open source, but way easier to setup."
"Check out Blumira - they are specifically targeted towards SMBs."
#7
Microsoft
4.2
(9)
"Sentinel is definitely recommended to implement."
"Assuming this company is a Microsoft shop, Sentinel hands down."
"Reports shows that Microsoft Sentinel is the leader."
"I'd recommend Sentinel."
"If you can spend money, Sentinel is a good one."
"I would just get Microsoft business premium license and use defender XDR."
"Microsoft Sentinel"
"I'm a huge fan of Sentinel, especially if you're already a MS shop."
"Sentinel is good, pretty easy set up."
#8
LogRhythm
3.9
(8)
"We are pleased with our Logrhythm implementation."
"Out of all of them I would say LogRhythm."
"The strength of LogRhythm is it's ability to do a LOT out-of-the-box. It's not as expensive as Splunk, but SIEMs that are worth-a-crap aren't exactly cheap."
"I'm a fan of Logrhythm."
"This user reviewed Splunk and other SIEM solutions, but ultimately went with LogRhythm."
"I think we're split between LogRythm and AlienVault."
"LogRhythm and Exabeam are joining forces, might be one to keep an eye on."
"One of the biggest gripes I have is that the web interface is slow and clunky (pretty as hell though), requiring the service be restarted at least once a week."
#9
Arctic Wolf
4.1
(7)
"Take a look at Arctic Wolf. Send me a message if you want a demo"
"I pay $15k a year for Arctic Wolf."
"Just finished reviewing 5 different services and decided Arctic Wolf is our best fit."
"We are switching from Managed Event Tracker to Arctic Wolf. Looks pretty good so far."
"We have recently implemented ArcticWolf. They do 100% of the monitoring and alert us as necessary. Quite happy so far."
"ArcticWolf, FortiSIEM, Azure Sentinal would be where I'd start."
"Also check out Arctic Wolf."
#10
Microsoft Sentinel
3.9
(7)
"If you’ve already got office365, check out Microsoft sentinel."
"My incredibly biased view is a vote for Microsoft Sentinel + Defender XDR."
"Microsoft Sentinel and Splunk are #1 contenders but you need at least two people who are already experts."
"Second on sentinel, especially if you are a big O365 shop."
"Sentinel is probably the best if your on Azure."
"Microsoft Sentinel with Copilot"
"Microsoft Sentinel will meet your needs the most appropriately"
#11
AlienVault
3.9
(7)
"We have been on Alienvault for several years - not unhappy overall"
"If you need a SIEM Alienvault / AT&T OSSIM is really nice."
"Alienvault/AT&T's thing works great for us."
"Alien vault is pretty good."
"Alienvault free version is really good if you toss it a SPAN port."
"Look into AlienVault - or if you have no budget, OSSIM - the Open Source version of AlienVault."
"AlienVault does some very nice stuff. I don't have enough experience with it to downright recommend it, but I wouldn't steer people clear of it either."
#12
Securonix
4.2
(5)
"Securonix. Hands down."
"Price wise we were impressed with their customization, our spend and implementation with Securonix"
"Securonix is one of the best SIEM/SOAR solutions."
"Securonix or Logpoint for siem/ueba."
"Securonix has an on-prem and cloud based solution."
#13
QRadar
3.5
(6)
"Data analysis has just been so much easier with qradar for security purposes."
"The siems that I see a lot are QRadar."
"QRadar Community Edition might work for your environment."
"QRadar is pretty solid for small to medium volume of events but once events hit certain number, the performance started to slow down."
"Qradar if you're up for it."
"Qradar"
#14
ManageEngine
4.3
(4)
"They have great support that no other SIEM could match."
"You can consider using Log360, they have a whole new approach where they cost you by the number of devices added to the Log360 and their Support is awesome."
"ManageEngine's Log360?"
"ManageEngine Cloud360 maybe?"
#15
Elastic
4.3
(4)
"It comes with a pretty decent EDR solution included."
"Personally loving Elastic."
"My org uses Elastic. If you are open source friendly, that's a good option."
"I would say give Elastic a try. I went to their event and it seems extremely intuitive to use."
#16
RocketCyber
4.0
(4)
"We use RocketCyber which is priced by endpoint."
"RocketCyber is a robust, cost-effective SIEM alternative to Splunk."
"We use RocketCyber also and it's improved a lot over the last year."
"RocketCyber has worked very nicely for us."
#17
Gravwell
4.0
(4)
"Gravwell could be a fit."
"Look at Gravwell. It'll eat everything (including binary data)"
"I'd recommend at least taking a look at Gravwell."
"Gravwell’s community edition doesn’t have commercial restriction but a limit of 14GB a day ingest. Worth checking out since it’s free."
#18
ELK Stack
3.3
(4)
"For a few thousand, ELK stack is your only option."
"We recommend these top open source siem tools 6) The ELK Stack"
"ELK stack if you have someone who can maintain it."
"ELK stack if you want to go completely free open source, you’ll have to do a bit of setting up stuff."
#19
Exabeam
3.0
(4)
"Exabeam is a contender in this space and is coming with some nice new updates in the summer."
"Exabeam is taking over LR's cloud business and LR is being used for current on-prem users."
"Exabeam is good for UEBA but not sure about the SIEM side. I've heard mixed reviews."
"Meh, it's OK. I'll take Hunters and Sekoia over Exabeam"
#20
OSSIM
3.7
(3)
"OSSIM. I've been running it for a couple of years now."
"Use OSSIM - its good exposure to making plugins."
"We recommend these top open source siem tools 9) OSSIM"
#21
Logpoint
3.7
(3)
"Maybe have a look at Logpoint, they have many connectors / normalizers."
"Logpoint can be very interested. Node-based licensing, without limitations on EPS or data volumes."
"Logpoint looks promising on the payable SIEM market."
#22
SolarWinds
3.7
(3)
"SolarWinds SEM scales nicely."
"Im standing up SolarWinds SEM right now actually."
"SolarWinds Alert Central."
#23
Devo
5.0
(2)
"If you're looking for the best bang for the buck and a rabid level of incredible customer support, then I'd look at Devo."
"Moved from LogRythm to Devo and couldn't be happier."
#24
EiQ Networks
5.0
(2)
"EiQ Networks has is a great SIEM which they help co-manage."
"I've found that a managed SIEM is the only way to go. Spoke to the folks at EiQ Networks. Highly suggest checking them out if you're serious."
#25
Crowdstrike
5.0
(2)
"We use Crowdstrike NG-SIEM and are very happy with that."
"We are now using Crowdstrike log scale and is amazing compared to Sentinel , so much faster and cheaper"
#26
CS
4.5
(2)
"CS NG SIEM / LogScale handles data like nothing else. Fastest response results period."
"We went with CS next gen siem."
#27
Exabeam Fusion
4.0
(2)
"Exabeam Fusion. Full stop."
"Exabeam Fusion"
#28
PocketSIEM
4.0
(2)
"PocketSIEM or GreyLog or Elk for a SME."
"Check out pocketsiem."
#29
EventTracker
4.0
(2)
"We use EventTracker and it’s MSP friendly with multi tenancy."
"Eventtracker is what we are using right now."
#30
Elastic Stack
4.0
(2)
"I would check out ELK before I went down the Splunk path. ELK has all the power but lacks the polish. Definitely worth a look."
"Elastic.io's ELK stack will do a lot of what you'd normally want from a SIEM (essentially a free Splunk)."
#31
Adlumin
4.0
(2)
"I think a better fit for the SMB space would be Adlumin."
"Adlumin has become my go to SIEM. Lots of prebuilt alerting and SOAR automations out of the box."
#32
Lima Charlie
4.0
(2)
"I've been using it for about a year and it's been solid for our use case (we're a small MSSP)."
"Not SIEM but look at Lima Charlie it does a bit of logging itself."
#33
SOCFortress
4.0
(2)
"+1 for Socfortress"
"SOCFortress. A stack of many open source tools, and the project itself is open source."
#34
AlienVault USM
4.0
(2)
"AlienVault USM: https://cybersecurity.att.com/products/usm-anywhere"
"Maybe Alien Vault USM?"
#35
Chronicle
4.0
(2)
"Chronicle's great for getting started, especially with all the free content."
"Chronicle's price point was too tempting to ignore – it's significantly more affordable (perhaps 10 to 15 times cheaper than Splunk)."
#36
OSSEC
4.0
(2)
"We recommend these top open source siem tools 2) OSSEC"
"I have used OSSEC to perform the functions you are looking for."
#37
SumoLogic
4.0
(2)
"SumoLogic CSE could be good."
"SumoLogic. You can share cost between dev and security by ingesting both security logs for SIEM and other logs for observability."
#38
AlienVault OSSIM
2.3
(3)
"OSSIM or SecurityOnion if you want something free."
"OSSIM (don't know one way or another whether it's any good)."
"Alien Vault from what I can tell is crap. At least our security department couldn't get it to run worth while."
#39
ArcSight
3.5
(2)
"ArcSight, which is a great and mature solution worth considering."
"If you want a good SIEM then use Arcsight. If you want a free SIEM then stay away because it is expensive."
#40
Panther
3.5
(2)
"Yep I am a fan of Panther for the right teams. Solves alot of problems and pricing is very reasonable."
"Might check out panther.com. I listen to their podcast, which isn’t pushy about their platform."
#41
Zeronsec
5.0
(1)
"Check out Zeronsec's *Anrita.* Won't break your budget."
#42
DNIF
5.0
(1)
"A solution called DNIF really stood out."
#43
Datadog
4.0
(1)
"What do you guys think about Datadog SIEM?"
#44
Milton
4.0
(1)
"If you’re looking to outsource the SOC/threat hunting for a more MDR type solution, Milton MDR is a good option."
#45
McAfee
4.0
(1)
"I use the Mcafee ESM and after writing some custom parsers, correlation rules, and alarms..I like it."
#46
Netsurion
4.0
(1)
"We've enjoyed Netsurion's offering."
#47
Neqter Labs
4.0
(1)
"The NeQter Labs SIEM/Compliance Engine is a great tool for this."
#48
Event Tracker
4.0
(1)
"Here are some solutions that fit the bill: Event Tracker: https://www.netsurion.com/solutions/threat-protection/siem"
#49
Vijilan
4.0
(1)
"Vijilan and Skout are good options for one man shops. Full SIEM w/SOC"
#50
Qualys
4.0
(1)
"Check out the Qualys platform. FedRAMP certified and they have a free trial of 30 days I think."
#51
Neqter
4.0
(1)
"Neqter and CUICK TRAC. All SMBs should be talking to them."
#52
WitFoo
4.0
(1)
"We use a product called WitFoo. It is simple and easy to deploy, and fit within our budget very, very well."
#53
Microsoft Azure
4.0
(1)
"Look at the Microsoft Azure sentinel SIEM."
#54
Logz.io
4.0
(1)
"Logz.io or Elastic SIEM."
#55
Palo Alto
4.0
(1)
"I would describe it more as ‘SIEM lite’. It’s a pretty good solution."
#56
MDR
4.0
(1)
"Go for a MDR solution, so basically a managed EDR solution."
#57
SentinelOne
4.0
(1)
"SentinelOne, they offer a soc solution that’s very affordable."
#58
Cybraics
4.0
(1)
"If you want something that's a bit more 'next gen', look at Cybraics."
#59
Perch
4.0
(1)
"Check out Perch. Simple to deploy and manage."
#60
Elastic Security
4.0
(1)
"I suggest ElasticSIEM, or new name might be Elastic Security."
#61
FortiSIEM
4.0
(1)
"Check out FortiSIEM, Elastic, Netsurion, Microsoft Sentinel etc."
#62
Alert Logic
4.0
(1)
"Look at Alert Logic (they have an AWS appliance available)."
#63
TryHackMe
4.0
(1)
"Tryhackme actually has a decent room and tutorial for splunk, they may have some other tools there as well."
#64
UnderDefense
4.0
(1)
"I have used Managed SIEM before and can recommend a company that can help you improve event log management."
#65
Sumo Logic
4.0
(1)
"Check out Sumo Logic as they have a free option that's unrestricted for 90 days then slightly feature reduced but still free."
#66
Akamai
4.0
(1)
"Should look at Akamai TrafficPeak, extremely competitive"
#67
IBM
4.0
(1)
"QRadar is a great SIEM, but it's a premium product with a premium price tag."
#68
Odyssey
4.0
(1)
"Odyssey's Clearskies. Check it out. Its in gardners top 20 but it deserves more."
#69
4.0
(1)
"I'm looking to probably migrate to something else like Google Chronicle or Sentinel as I need something that is better at cloud."
#70
Splunk ES
4.0
(1)
"100% - very similar querying to SPL, but much more efficient, the API is significantly easier to use and more feature rich."
#71
Seceon
4.0
(1)
"Automated SIEM and XDR Built for MSPs/MSSPs/IT Teams Augment and automate your MSP/MSSP security services with Seceon’s AI and ML powered SIEM and XDR platform."
#72
XSIAM
4.0
(1)
"XSIAM is great as a stand alone."
#73
Log360
4.0
(1)
"For the price it does what we want and doesn’t require too much of our time."
#74
NetCrunch
4.0
(1)
"For monitoring specific logs that you would like to act upon as soon as they happen, you may check NetCrunch."
#75
SKOUT
4.0
(1)
"We use skout, great product."
#76
ConnectWise
3.0
(1)
"Take a look at the SIEM as a Service offerings."
#77
ELSA
3.0
(1)
"Take a look at ELSA (enterprise log search and archive) if you're on a super tight budget."
#78
Unomaly
3.0
(1)
"As a complement you can look at Unomaly too."
Discover your audience
GummySearch is an audience research toolkit for 130,000 unique communities on Reddit.
If you are looking for startup problems to solve, want to validate your idea or find your customers online, GummySearch is for you.
Sign up for free, get community insights in minutes.
Tell me more
Get started
