"We have been satisfied with the support." "I am satisfied with the solution's stability." "The correlation feature is good." "The reports that we are from getting from ArcSight are very valuable.
As an end-user, there are a lot of possibilities to tailor the platform to your needs, and that can be done without needing much support from Devo. You don't need a lot of training, because the UI is relatively very intuitive." "The user interface is really modern. You can easily get a report combining your data, along with calculations and graphical dashboards. The table can be as big as you want it, depending on your use case. The UI has a graphically interface with the raw data in a table. It's very appealing in terms of the user interface. That's really useful." "Even if it's a relatively technical tool or platform, it's very intuitive and graphical. And you can really quickly switch between using the GUI and using the code. Whatever you're doing, you see the code, what's happening.
#SPLUNK ENTERPRISE SECURITY COST CODE#
You'd have a backlog of processing the logs as it was ingesting them." "One of the biggest features of the UI is that you see the actual code of what you're doing in the graphical user interface, in a little window on the side. This meant that if you didn't build the parser efficiently or correctly, sometimes that would bring the system to its knees. From the previous SIEM that I came from and helped my company administer, it really was the type of system where data was parsed on ingest. The ability to use a synthesis or union table to combine all those feeds and make heads or tails of what's going on, and link it to go down a thread, is functionality that I hadn't seen before." "The most valuable feature is definitely the ability that Devo has to ingest data. The prime examples would be using the synthesis or union tables that give you phenomenal capabilities.
#SPLUNK ENTERPRISE SECURITY COST FULL#
As our users start to use it and adopt this system, we expect people to be able to do those long-term analytics." "Devo helps us to unlock the full power of our data because they have more than 450 parsers, which means that we can ingest pretty much any type of log data." "The strength of Devo is not only in that it is pretty intuitive, but it gives you the flexibility and creativity to merge feeds.
That's one reason that having 400 days of live data is pretty huge. Our users were constantly asking us for at least 90 days, and we really couldn't even do that. In the past, our operational norm was to keep live data for only 30 days. And they can not only do so from a security point of view, but even for operational use cases. Devo is pulling back information in a fast fashion, based on real-time events." "Those 400 days of hot data mean that people can look for trends and at what happened in the past. The way that their architecture and technology works, they've really focused on the speed of query results and making sure that we can do what we need to do quickly. There are a lot of data feeds going into it and it's very quick at pulling up and correlating the data and showing you what's going on in your infrastructure. "The real-time analytics of security-related data are super.
0 kommentar(er)
