ManageEngine Log360 Reviews

Our primary case for this solution is log management and finding vulnerabilities. It has file server monitoring and we use it to oversee specific file paths from file servers. For a few of them, we also do servers, Linux, and syslogs from network devices. We are trying to add it to our Windows Server, and they inform us whenever there are changes in their PaaS. We deploy it on-premises.

We have found the FIM (file integration monitoring) feature valuable.

ManageEngine Log360 could be improved by including XDR, remediation and Sandbox. XDR can be different from other solutions because you don't just get logs, vulnerabilities or cyber threats. Also, SOA can be included as a type of security or phishing risk scam. Azure Sentinel has those features and it is a solution that can detect and remediate simultaneously. We can have a sandbox environment where we flag and simulate an attack. Hence, the system can be aware in case something happens.

We have been using this solution for approximately three years.

The solution is stable.

The solution is on-premises and does not need to be scaled.

We have had a fantastic experience with customer service and support.

We did not previously use other solutions.

The initial setup is straightforward. Deployment took approximately two days because the issue we had was getting credentials and importing devices into the solution. It will help if we have credentials from the server team, as required. The issues were in-house and not the solution application itself.

Implementation was done in-house. We require four teams for deployment and maintenance. The Server team, DevOps team, Active Directory team, and network team. That's why we only have four users because they can get into the solution and log in to see exactly what's going on.

The license is subscription-based and it is not expensive compared to other solutions.

I rate this solution eight out of ten. The solution is good and provides us with what we need, but it can be improved by including XDR, remediation and Sandbox.

If the client does not have much knowledge regarding the SOC and cyber, then ManageEngine Log360 is good because you can get default reports.

It is easier to deploy than are other SIEMs, which is great. You can also get an overview of your environment, which is very handy.

It's difficult to find which conditions have been applied to a report because they are provided by default by ManageEngine. However, with other SIEMs if you want to create a report, they provide details, like which conditions are triggering certain reports. This needs to be there in ManageEngine. It would be good to know which parameter has been applied to the report that is updating the system.

The on-premises solution is very slow. When I move to another tab inside Log360 or in the SIEM, even if my system is running on 36 GB and with a high processor, it takes a lot of time to get into the alert page or the search page.

It takes a long time to load a single page. With other solutions, such as Splunk, Securonix, Wazuh, I can quickly grab the details within seconds, but with ManageEngine, it takes a lot of time.

I've been using it for about four months.

Compared to the scalability of other solutions, ManageEngine Log360's scalability is average.

I have contacted technical support, and they solved a particular issue I was facing.

The initial setup was easy and not complex. One person can handle the deployment.

The deployment was done in-house.

My client has a yearly license. I think the cost is not expensive compared to that of other SIEMs, given the service it is providing.

Compared to other SIEMs, ManageEngine gives you the reports by default, which is good for small enterprises. Other solutions require one person to monitor user accounts. So, if your firm is not huge, then you can install ManageEngine Log360 to get password sharing and all other details.

I don't recommend using ManageEngine Log 360 in large organizations with more than 300 employees because they require certain compliance policies.

Overall, I would give this solution a six out of ten.

The reports that you can run are really nice. They give you a lot of standard reports, which are nice, and the ability to run some custom ones, too. It takes some intuitive thinking to use it, but overall it's generally user-friendly; although it takes some digging to find the report you're looking for — it's almost overkill by data.

They have been doing some webinars for their solutions that run-down through it, and those are actually quite helpful. What they're doing for their improvement is kind of nice. They're sending out a series of webinars and then you can log on and ask live questions to the engineers as they're taking you through the use of the product. I am actually finding that quite helpful.

I've had to go leaps and bounds, wondering where stuff was at. There's a lot of tabs to go through. There's a lot of information presented within the system and knowing where to go in it is taking that process through, like, "You go here, you look there, you see this here. Can you think of a use case where you would want to know that?" They ask those questions and they get responses in their webinars and I think that's quite valuable.

They're giving you an hour to go through it and they're covering most of the material in 45 minutes. They need to actually have the product explained a little bit better than just, "Here you go." I think Varonis is a little bit more, "Hey, these are the alerts you have." And then on the right, it drives you right to where you need to go. With ManageEngine, you need to actually have an idea of what you want to do with the information you're looking at. It doesn't drive you in the direction — that's a con. Varonis kind of drives you down. On the right, it gives you the event list and you can go through it and drive to the data on the individual alert. ManageEngine gives you the alert and then you need to know where to go. 

Because I haven't been using it long enough, I am not too sure what's missing. I am comparing it with Varonis. The two seem to be lining up a lot, but Varonis is a little bit better as it gives me real-time alerts for the file shares. It takes a little bit of time for Log360 to actually learn your environment. I am dealing with a lot of alerts that aren't exactly valid because it just doesn't know yet.

The learning environment time is a little bit lengthy, but I think it's necessary. Since Varonis was already in the environment, I have no idea how long that took for it to learn that behavior. It's hard for me to compare the two in that aspect, but that's what I'm dealing with. That's what I would expect somebody else to be dealing with if they just got the product and they didn't have anything.

I have been using ManageEngine Log360 for the past couple of months.

Overall, on a scale from one to ten, I would give ManageEngine a rating of eight. It gives me a lot of information. Without the webinars, I'd give it a seven.

If they improved their alerting capabilities, I'd give them a higher rating. For example, "Click here to drive down, and here are the recommended steps for evaluating this alert." If it did that, I would give it a rating of ten. That's really the thing that they need. They need to drive their traffic on their platform as opposed to you having to guess where to go.

I work with an organization that focuses on money management. So we usually deploy for organizations such as banks, pension providers, and major IT firms that are interested in this. I've even deployed for micro-finance banks.

People use it to analyze security event information from their servers. It could be from an IaaS server address. They get logs we didn't know how to interpret and it helps them to prioritize. When a device connects, after the analyzation it prompts the administrator depending on the server data entered into it.

Customers don't really complain about any particular feature. The deployment is quite simple and pretty straightforward. 

The only thing I'd say is to provide log sheets that accurately describe how this solution works. Most times log sheets are not assigned well. You need to contact your support or you need to go to marketing and I don't like that.

Also, a Cloud version would be a major breakthrough. I think it should be looked into because most organizations these days don't want to publish on servers. Also in terms of flexibility, I think a cloud version should be pushed.

Backups are very, very important. We had a situation where because cloud reliability is not 100% when we wanted the backup we needed to re-position the server. So instead of starting from the previous position completely, it would be nice if you could just take the file and install the same version of the ones you want because now if you want to run that backup, you must install the one that was going before. I should be able to replicate the same on another server. I should be able to pick the same file and go. So the backup process is not that easy and not that straightforward.

I've not really seen any bugs from my own experience. If you are looking at network devices where you might need the SMTP, VP version 1, version 2, or 3. I'm not sure the application supports SMTP version 3. I think they support 1 or 2. So that might also be looked into especially for network devices.

It's scalable. 

In terms of licensing, it is scalable, as well. Before your clients can go in, first they have to say they want to buy a license. Then you have to get the number of licenses they want. How many administrators do they want to manage the application? So that would tell me what kind of license to buy. In that regard, it's not difficult. Though I've had some challenges in the past where it expired and maybe they just want to renew, something like that. A client is ready to go to the command, CMD, to go to the right tools. Then you go to the license that you applied for before. However, even then, it's not complex at all.

I have successfully deployed for two clients, one is a bank and the second one is a pension fund administrator.

I have been in touch with the ManageEngine technical support. They have been amazing when it comes to helping. I remember there was a time I wanted to to see from one database to another and I was stuck. I was able to get a support request to them. They assisted me, they provided the documentation that I needed to follow through. I still had one or two challenges so I went to a remote session with them and they did it for me.

The initial setup is straightforward. 

I've been trained with my organization to deploy this solution and other IT solutions. The deployment varies. It depends on the client. I tend to get clients that are not ready. Their credentials are not ready. Or they are giving credentials that are more of a privilege than is required. So it depends if everything is available. Then it is a maximum of three days to deploy no matter how complex or no matter how large the infrastructure is, and for every other device that you want to bring into the application to do proper monitoring. But most times you discover that the client is not ready, so it's not as simple as that, and you have to wait for around two months. Overall, the application is pretty simple. I can say that because I've installed it three times, as long as all the credentials needed are visible.

The advice I'd give is that if you want to enjoy the solution to the optimal level is to make sure that the credentials are correct and not that you give the credential an expired password. In that regard, if you've on-boarded one or two devices with expired passwords, the application would not be able to approve them because it's not a tool to get information like that.

It's a very nice solution and the graphics interface speaks a lot to that. The different graphs for marks that you can use with color to make sure that you have what you want. You can convert right from the interface and you can choose the kind of report you want. Do you want it to be in PDF? Do you want to get it as CSV? It's pretty nice.

Then the other area that I want us to look at is if you are trying to get a certificate. There was a time we were trying to get the certificate and you had to go to the application to get it. Then you put it in and send that format to your certificate authority. Then bring it back or plug it in. But we didn't find it very straightforward.

I would rate it a nine out of ten.

I like the product’s threat response and detection. I have seen the portal demo. The portal is very user-friendly compared to other solutions. The product is very user-friendly.

The solution lacks some features when compared to other products. It must add more features. Incident management for real-time scans must be improved a bit.

We are offering the solution to our customers.

I rate the tool’s stability an eight or ten out of ten. I haven't seen any bugs.

I rate the tool’s scalability a seven out of ten. The tool lacks some features. If those features are added, I would rate it a ten out of ten. One of our customers uses the solution. We get great feedback from them.

Most of our customers have a hybrid infrastructure.

We are looking for a solution that offers both on-premise and cloud versions. Someone with less experience using SIEM solutions must choose ManageEngine because it is very user-friendly. Overall, I rate the product an eight out of ten.

The solution needs to improve hub storage. It should integrate AI and ML capabilities. 

ManageEngine Log360 is not difficult to deploy. 

ManageEngine Log360 is expensive compared to other products. 

I rate the product a five out of ten. It is only an average solution. 

It is nice to be able to monitor and to have notifications.

Right now, we can't even get it to work. 

The support needs improvement.

The stability needs to be improved.

ManageEngine Log360 is not a stable solution. It needs improvement.

We have tickets in to get it fixed but we are not having a lot of luck.

I would rate ManageEngine Log360 a three out of ten.

We basically utilize the tool to monitor security events based on a logon process such as bad passwords, lockout, etc.

We are using its latest version. We just upgraded it over the weekend.

It basically helps us. We have to stay in compliance with certain issues with some of our customers. We have to have these types of tools in place for protecting our network and our data. We're in the aerospace industry, so we have a lot of defense contracts. So, all those guys will make sure that we're protecting their information, and it does a good job in that aspect.

Its pricing should be better. Pricing is definitely a big factor for us. 

Their technical support should also be improved.

I have been using this solution for about three years.

It is pretty stable. We haven't had any problems with the system. I don't use the tool as much as my team does, so I really couldn't get into the specifics. It does what we want in terms of staying in compliance. 

I'm not too familiar with its scalability.

I haven't had very good support from those guys.

I haven't used any other products, but I've heard of products like LogRhythm and Splunk, and they seem to be supreme to this particular product that we have.

Its pricing is definitely huge compared to some of the other SIEMs. Its price should be improved.

I would rate ManageEngine Log360 a six out of 10.