Strengths: Solid feature set with many preloaded templates.
Weaknesses: Slightly difficult to configure.
Verdict: You need to understand your environment thoroughly to get the most out of this one, but once configured, it is a solid tool.
SummaryThe Trustwave SIEM offers the ability to collect, normalize and analyze logs and events for use in forensic investigation and auditing. This product features solid alerting and compliance-based reporting that is highly configurable and customizable. Furthermore, this appliance allows for quick identification of possible threats or risks, such as policy violations, rogue servers or services, configuration management, and shared credential use.
This offering is easy to deploy but not as simple to configure. The initial installation of the appliance is guided by a web-based setup wizard, which goes through the steps to get the appliance up and running on the network. At the completion of the wizard, the full, web-based management console can be accessed. We found this console to be easy to navigate, but it does require some getting used to. Configuration of the appliance also took us a few minutes of work to really get a solid understanding on how to set up various log sources.
With that said, this product does offer some serious log management and analysis functionality. It also comes preloaded with many compliance and policy templates. The Log Explorer is also a nice feature. It makes it quite easy to search and view logs for precise analysis.
Documentation included a quick-start guide that illustrates how to get the product up and running on the network quickly, as well as administrator, user and notifications guides. We found all documentation to be clear and straightforward.
Trustwave provides full technical support as part of an annual agreement. Customers can choose between standard and premium options, which include various levels of phone and email assistance, as well as access to an online portal that includes a knowledge base and other resources.
At a price starting at $19,000, we find the Trustwave SIEM to be a good value for the money. While it can be a little tricky to configure, this tool offers a solid amount of log management and analysis features.