Quantcast
Channel: THWACK: Message List - Security Event Manager (SEM) - Formerly Log & Event Manager
Viewing all articles
Browse latest Browse all 5385

Re: How do you like LEM especially when compared to Splunk?

$
0
0

I've used both -- I was the Splunk admin at my last job, and my new company has been using LEM for a couple of years now.   In my opinion, if you are used to using Splunk you will be severely disappointed with LEM.    Not that LEM is a terrible product -- I think it offers easy access to functionality right out of the box, and includes some very useful information in the canned reports/queries.   If you're coming from having no SIEM at all, it's an easy way to start.  But it's not flexible/extensible at all, and heaven help you if you want to extract additional data from the built in connectors (I'm looking at you ASA connector).   I think the LEM interface is fairly clunky, and needs some modernization.   The advantage LEM has is clearly in the pricing model.    LEM has a different licensing philosophy than Splunk, and will likely be significantly cheaper since it's licensed by node vs log volume.

 

tl;dr -- Companies with mature practices around SIEM will most likely find LEM lacking, but it's better than nothing and an easy way to get into the game.


Viewing all articles
Browse latest Browse all 5385

Trending Articles



<script src="https://jsc.adskeeper.com/r/s/rssing.com.1596347.js" async> </script>