It has been a really good product which is falling out with the time. The product has been great in the earlier days, but has failed to evolve with the competition moving towards XDR-based offerings. In overall it was a really good solution, which acted as the primary SIEM in SOC operations with many intuitive dashboards and reporting capabilities in addition to allowing the incident analysis and threat hunting.

The solution comes with large set of connectors and parsers and thus remove the need for custom parser development and really reduce the implementation timeframes. The user-friendly dashboard compared to competition makes it easier for beginners to get up-to-speed with monitoring and performing analysis which is straightforward. It is really helpful when it is required to execute simple and ad hoc search queries while complex search queries can be a bit tricky as it would require some inside knowledge of queries and search parameters to tweak the parameters to get the required output. The licensing model based on daily average EPS count makes it a good solution in financial terms for most of the organisations unless they run a 24/7 operation.

Even though there is a massive collection of parsers, most of them are not of solid build. When they are customised, which is a tough process with the need for many hours of troubleshooting. The troubleshooting to sort out issues is really complex with need to spend higher number of hours compared to other competing products. This maybe due to the complex nature of the solution, which has different components in the front-end to back-end with complex integrations. Further, it is a bit troublesome to integrate SaaS based next generation security solutions and require comprehensive expertise in the product and domain to make them work.