Trustwave SIEM uses a large set of listeners and services to gather logs from several network devices and hosts and once gathered the appliance saves the logs in their native format. From here it continually parses and correlates these logs for further analysis. All results are displayed on the dashboard in several visual formats to make analysis of events quick and easy.
Installation and configuration of this product is quite straightforward. Once the appliance is connected to the network the web-based management GUI is accessible from any network machine's web browser. The web GUI itself is well organised and has an intuitive layout. This console can also be customised in several ways and organised to meet the needs of the user quickly and easily.
We found the main focus of Trustwave SIEM to be very visual. It has a wide array of visual charts and diagrams that make analysing events and data easy. These, combined with the Event Explorer to drill down into log data, give this product some fairly decent investigative power.
Documentation provided with this appliance included: an administrator guide that provides a lot of in-depth detail on configuring and managing the appliance; a user guide that takes more of a perspective on how to navigate around and use the features; and a notifications guide, which illustrates the many ways that the device can be set to notify users of suspicious activity, as well as how to design custom notifications. All of these guides included many step-by-step instructions and screenshots in an easy to follow format.
Trustwave offers 24/7 phone and email technical support, as well as access to an online portal that includes access to a knowledgebase and other resources as part of a contract. Customers can also receive other services such as setup, training, custom reports, remote health and patch management at an additional cost.
At a price of £18,500 we find Trustwave SIEM to be of average value for money. While it does have some decent features it is a little pricey for some environments.