Strengths: Easy to use with a good amount of reporting capability.
Weaknesses: Documentation still pretty weak when it comes to visuals and configuration examples.
Verdict: A solid value that needs somewhat better documentation
SummaryThe SIEM product from CorreLog provides organizations with an easy-to-implement, affordable log management and correlation system. This product consists of the CorreLog Server as the central point of management and a series of agents that can be deployed to Windows- and Linux-based machines. The CorreLog Server also can be fed syslogs from many other devices, including routers, switches, firewalls, Unix boxes and Mac OS X systems.
The initial setup and installation is quite straightforward. The server itself can be installed on a number of Windows-based operating systems and has a relatively small footprint, so the hardware does not have to be massive. The installation of the product itself is guided by a short setup wizard, and the installer implements all the necessary components, including the CorreLog Server's web GUI. At the completion of the install, the server web GUI can be accessed for management, as well as to deploy agents to machines.
We found the GUI to be easy to navigate and simple to use. The tab-top structure has intuitive labels and dashboards that can be customized easily to show information pertinent to the particular environment.
Documentation was comprised of several PDF manuals and guides. We found all documentation to be quite clear and easy to follow, but, as we found last year as well, there were a lack of screen shots and examples, which would have added to the effectiveness of the manuals.
CorreLog includes the first 90 days of eight-hours-a-day/five-days-a-week technical support with the purchase of the product.
At a price of $5,000 we find this product to be a solid value for the money. The CorreLog SIEM package provides a lot of easy-to-use functionality at a reasonable price.