Anomali ThreatStream vs. SolarWinds Kiwi Syslog Server

Anomali ThreatStream is excellent in scenarios where we deliver Managed Security Services to customers. It offers exhaustive volumes of information in the form of threat bulletins, IOCs, Threat Actor profiling, and details related to campaigns in the wild which can be used to a great extent by MSSPs. For an enterprise SOC, I believe it is a little less suited purely because of the pricing aspect as it is slightly towards the expensive side of the spectrum.

Incentivized

To monitor syslog events Kiwi syslog much helpful and needed .Its saving human efforts and cost.Easy to check on GUI panel flow and status of server ,start and stop services we can do them from GUI panel it self . Recent version also no need C++ libraries to install .We can store the ingested events and archive based on our threshold criteria .We can import and export INI file which contain everything what we have configured

• Indicators of Compromise
• Signatures
• Community Sharing

Incentivized

• Collection of SNMP traps a reliable and stable collection server for these is crucial to troubleshooting and time to ROS. Kiwi excels at this.
• Easy to install set up and train users on.
• The free version is a good free tool and handy to use for personal labs and other smalle use cases.
• SNMP traps to user readable format is great, sometimes syslog and smnp messages can be hard to interpret and read with out a knowledge of how to do this.

Incentivized

• The user interface, perhaps there is some room for improvement although it is good already.
• Confidence assigning process for IOCs needs to be more robust and transparent.
• While integration with SIEM solutions is a cakewalk, there is definitely added value if SIGMA rule conversion and YARA rule creation are provided from the platform.

Incentivized

• Minimalistic; If you're looking for something with analysis features look elsewhere.
• Operating System support is Windows only.
• Some management features cannot be configured via web interface.

Incentivized

Kiwi Syslog has the best usability of any syslog server. While not being able to offer the most features, the ones it does have are intuitive and easy to work with. Everything that it has is where you think it should be. If you can't find it in the menus, it doesn't exist.

Incentivized

Because the solution is so simple to use and implement, support wasn't very necessary. The one time I did call them to better understand where logs were stored, they were very helpful and friendly. Kiwi has been around for some time and not a lot has changed over the years, so support for it is pretty straightforward and quick.

Incentivized

Many of the products that can be used to be ingested into a security event management software can be cumbersome with threat streamThere are many opportunities to continue fine-tuning the environment and providing great context in regards to threat research. When compared to other products threat stream stands out from usability and features.

Incentivized

PRTG is a great package and very useful, but the jump from the free 100 sensor price model to the first tier of the paid model is WAY too expensive. SolarWinds Kiwi Syslog Server is very inexpensive and provides us with the results we needed for log monitoring.

Incentivized

• After the Initial startup cost, it has overall had a positive impact by increasing efficiency of the team and freeing up analysts to do manual threat hunting

Incentivized

• 100 ROI overall business prospective
• Every time we have to monitor disk space ,Because sometime its will not work properly
• Saves recourses expenses
• Large and small scale project very helpful