What is our primary use case?
My main use case for
Carasoft Services for Rapid 7 is that we use the Rapid 7
SIEM and InsightConnect.
I use Rapid 7 SIEM for day-to-day monitoring of security alerts that are being sent to the SIEM. I also use it to integrate log sources, including firewalls, routers, network devices, security devices, Windows devices, Windows logs, and all other logs based on the customer's requirements. This SIEM provides real-time monitoring on these devices to identify anomalies and issues that should not occur, allowing me to report them quickly. InsightConnect is the automation component whereby I leverage the SOAR feature in conjunction with playbooks to automate responses when an alert is triggered, sending it to a third-party website, ticketing solution, or email as appropriate.
How has it helped my organization?
Carasoft Services for Rapid 7 has positively impacted my organization by helping scale our detection and response, especially after moving from a previous SIEM to this new one. It has improved visibility and enabled seamless integration of log sources.
Visibility and integration have improved my detection and response by allowing me to see all manner of logs, including audit logs and system logs. Thanks to Rapid 7 SIEM, integrating Darktrace enabled me to have more visibility.
What is most valuable?
The best features Carasoft Services for Rapid 7 offers are software as a service and seamless integration of log sources, whereby I can integrate various log sources that I have. It also provides a wild card integration whereby if the log source is not predefined, I can use it for cloud, on-premises, or API pull scenarios. This wild card event source can be used to integrate log sources if they are not predefined with the SIEM.
The wild card event source has especially helped me for F5. I was trying to integrate F5 API and F5 WAF, which do not come predefined on the SIEM because there is no event source for them. Using this particular feature, I was able to pull in my keys and storage bucket and everything necessary, enabling it to go to the bucket to pull the logs for me so I could see the logs on the SIEM.
What needs improvement?
Carasoft Services for Rapid 7 could be improved in terms of integration of Windows log sources. Rapid 7 SIEM has a feature whereby I can integrate Active Directory. However, when I want to integrate system logs, application logs, and everything from my event viewer, Rapid 7 does not have a customized feature for that. Most times, I have to leverage NXLog, which is not ideal. It would be better to have a ready-to-go plugin for it. Additionally, for InsightConnect, an orchestrator, sometimes when I am integrating with third-party ticketing solutions, SNMP might give me issues. Finally, the TLS feature of Rapid 7 is a bit unreliable.
For how long have I used the solution?
I have been using Carasoft Services for Rapid 7 for the past two years.
What do I think about the stability of the solution?
Carasoft Services for Rapid 7 is stable.
How would you rate stability?
What do I think about the scalability of the solution?
Carasoft Services for Rapid 7 has positively impacted my organization by helping scale our detection and response, especially after moving from a previous SIEM to this new one.
How would you rate scalability?
How are customer service and support?
The customer support is adequate. I can always reach out if I need any help.
How would you rate customer service and support?
Which solution did I use previously and why did I switch?
I previously used ArcSight SIEM. It is more manual, and I find Rapid 7 to be better.
How was the initial setup?
I purchased Carasoft Services for Rapid 7 through the
AWS Marketplace.
What about the implementation team?
We use
AWS as our cloud provider.
What was our ROI?
I have a general impression of seeing a return on investment. Carasoft Services for Rapid 7 is a strong SIEM software as a service offering. They are performing well, especially with their plugins. The automation feature has been amazing and provides more visibility. I love the dashboard and the templates. Overall, it is an amazing SIEM, and exploring ways to improve it would be beneficial.
How would you rate roi?
What's my experience with pricing, setup cost, and licensing?
I do not know much about pricing, setup cost, and licensing because I am not on the finance team. I only know that the logs have a retention period of thirteen months.
How would you rate pricing?
Which other solutions did I evaluate?
I evaluated other options before choosing Carasoft Services for Rapid 7.
What other advice do I have?
My advice to others looking into using Carasoft Services for Rapid 7 is that it is an amazing product. Ensure that the people implementing it have the technical knowledge required. I would rate this product an eight out of ten.
Which deployment model are you using for this solution?
Private Cloud
If public cloud, private cloud, or hybrid cloud, which cloud provider do you use?