Strengths: Excellent visual analysis capability.
Weaknesses: A little pricey.
Verdict: Feature rich and strong on analysis.
The Trustwave SIEM uses a large set of listeners and services to gather logs from several network devices and hosts and, once gathered, the appliance saves the logs in their native format. From here this product continually parses and correlates these logs for further analysis. All results are displayed on the dashboard in several visual formats to make analysis of events quick and easy.
Installation and configuration is quite straightforward. Once the appliance is connected to the network, the web-based management GUI is accessible from any network machine's web browser. The web GUI itself is well organized and has an intuitive layout with a nice clean look. This console can also be customized in several ways and organized to meet the needs of the user quickly and easily.
We found the main focus of this appliance to be very visual. The Trustwave SIEM has a wide array of visual charts and diagrams that make analyzing events and data easy and intuitive. These visuals combined with the Event Explorer to drill down into log data give this product some fairly decent investigative power.
Documentation included administrator, user and notifications guides. The administrator guide provides a lot of in-depth detail on configuring and managing the appliance, while the user guide takes more of the perspective on how to navigate around and use product features. The notifications guide illustrates the many ways that the device can be set to notify of suspicious activity, as well as how to design custom notifications. All these guides include many step-by-step instructions and screen shots in an easy-to-follow format.
Trustwave offers 24/7 phone and email technical support, as well as access to an online support portal as part of a support contract. The support portal includes access to a knowledge base, as well as other support resources. At an additional cost, customers can also receive other services, such as setup, training, custom reports, remote health and patch management.
At a price of $27,000, we find this product to be an average value for the money. While it does have some nice features, we find that it is a little pricey for some environments.