FireEye Helix: Cuts Through the Noise
July 25, 2021

FireEye Helix: Cuts Through the Noise

Anonymous | TrustRadius Reviewer
Score 10 out of 10
Vetted Review
Verified User

Overall Satisfaction with FireEye Helix

Helix is used as a log aggregator to support global business. It is the SIEM within the environment.
  • Single pane of glass for all alerts.
  • Great at consolidating threat intelligence, alerts, and metadata all in a single platform.
  • The ability to pivot directly from Helix to endpoint (HX) EDR, Email, etc. is a big blessing.
  • Additional integration points (API cloud integrations).
  • Helix has had a significant impact on CSOC visibility efforts across the organization.
  • Helix fills the logging and alerting gaps that are missing across the infrastructure side.
  • Having a single pane of glass allows teams to more efficiently run incidents. Additionally, Helix is integrated with ServiceNow providing enhanced and efficient case management for all Helix alerts.
I find Helix to be super-efficient and able to cut through the noise. Previous installations of LogRhythm and Splunk resulting in an overwhelming amount of noise (out of the gate), and we had to constantly tune out false positives. Helix is different. Out of the gate, Helix provided higher fidelity hits, and our teams don't spend half their day turning out the noise.

Do you think Trellix Helix delivers good value for the price?


Are you happy with Trellix Helix's feature set?


Did Trellix Helix live up to sales and marketing promises?


Did implementation of Trellix Helix go as expected?


Would you buy Trellix Helix again?


Helix integration isn't too difficult. The Cloud version of Helix can be stood up in an afternoon. Cloud integrations can be configured over the course of a week or two as well.
Very impressed with the solution. I would recommend it to any organization. Even if they have a SIEM in place, the Helix solution could be another area of telemetry.

Trellix Helix Feature Ratings

Centralized event and log data collection
Event and log normalization/management
Deployment flexibility
Integration with Identity and Access Management Tools
Custom dashboards and workspaces
Host and network-based intrusion detection