Siemplify Reviews

The alerts grouping mechanism, which helps to group alerts that could be related based on IP or hostnames. This significantly reduces the amount of alerts that the analysts has to deal with. Lots of out-of-the-box integrations with other products, and very responsive with quick turnaround times for developing integrations with unsupported products.

The playbook creation interface is not as user friendly as compared to competing products. Lack of out-of-the-box playbooks/recommendations.

If your SOC does not have a single pane of glass right now, Siemplify is a great product that should definitely be under consideration when evaluating SOAR products.

Automation of operations processes, as well as ensuring consistency and accuracy across all steps done within the SOC. Improvement of SLAs.

I like how easy it is to navigate within the Siemplify platform. The User Experience is definitely one of the best. I also like how easy it is to integrate various platforms to work with Siemplify.

The playbook function could be improved. It is a little complicated to create a playbook at the moment. But it has all the required features. May require additional training to understand and make use of all the features.

For users who are looking for an easy-to-use SIEM, Siemplify is the way to go. It is also packed full of features which will require a dedicated individual or team to fully learn and utilize it at its maximum potential.

It solves the Orchestration issue that the business is facing. With Siemplify, we are able to integrate a lot of different platforms into a unified process. This saves us a lot of time by eliminating the manual process of performing correlation of security alerts.

I like the integrations. We haven't got to enable them much yet but I like the idea of having the playbooks talk to a firewall or AD server to shut down a computer or account.

The playbooks are great but they can't react to everything from an alert. For instance, I can't have the playbook make a decision based on the process running, that field just isn't an option. I would like for it to be able to display every field that it can read.

Also with the company being based out of Israel, there have been times when I'm not able to get an answer for a technical question because it's after-hours there.

This product is new but has a team that listens to suggestions and a frequent update schedule. This product also has integrations with many different vendors and with playbooks can automate many functions.

I think the problems solved will be once we really get the integrations and playbooks going. I think it will really cut down on the things our analysts need to do.

Based on the speed at which attacks occur and change, organizations that ignore automation will fall further behind and be on the losing side of most attacks.SIEMPLIFY give us the ability to reducing mean time to respond (MTTR), contain and remediate security incidents. Reducing unnecessary, routine and burdensome work for the analysts. Improving detection capabilities and alert triage quality. Reducing time to train new SOC analysts and Improving the ability to measure and manage our security operations.

There are still some features and several capabilities that don't exist yet in the product, such as Playbooks recommendations and more widgets for the Dashboards.

Identify processes for Orchestration & Automation - Choose documented, consistent processes

and focus on highly manual processes that will provide immediate benefit.

Create a roadmap for SOAR - Add new playbooks as you gain success.

Build success criteria and measure success - Know what a successful deployment looks like

Measure productivity gains, MTTD, and MTTR.

My big challenge as SOC manager is to get a full visibility within the SOC based on these building blocks: People, Process, and Technology. SIEMPLIFY help me to manage the SOC from a management perspective and provide the right tools to get the visibility that we look for and the ability to improve each one of those building blocks. Another thing is the ability to handling easily and professionally the security incidents that we have, start with a deep and built-in knowledge that come with SIEMPLIFY till the dedicated playbooks that handling our security incidents, more than 60% of our incidents fully automated, without involving Tier1 Analysts!

Easy to use UI, ensures that cases all met the relevant SLA.

Very good support from the vendor to ensure that all integration works fine, even if there are no existing integration , the vendor will assist to create it.

Requires additional training to use it effectively, it is not easy to pickup with just one session of training.

Lots of exploration required to fully understand everything and function which will take time.

If you are having issues with SLA, Siemplify will solve it with ease

Reduce work load of security analyst. For low severity cases which requires no effort to analyze can be solved with automation.

Solving SLA problems

As a security engineer, the livelihood of the company and clients that I serve is my responsibility.

Most times I feel as though I either need three of me, or I need a way to work more effectively on my own.

While bringing on additional analyst and engineers isn't always a financial reality, figuring out a way to work more effectively is. This is where automation comes into play, which is where Siemply is a life saver.

The UI is a lot to take in, at first. However, it is a similar learning curve with any new solution you take on. Especially one that takes inherently complicated things and simplifies them into drag and drop GUI elements.

Security and Security Automation help make the lives of those in the InfoSec field easier.

I would recommend this product and its team, to that end.

As outlined above, Siemplify has supplemented our need for additional human capital by making our existing processes more efficient. Siemply can resolve many of our Tier 1 security alert tickets, update the customer, and close the ticket case. It integrates with our existing ticketing system and our SIEM.

The team is simply awesome. They are efficient and assisted us to integrate our in-house application for automation and Orchestration. Web based UI is fast and easy to use.

The learning curve for playbook creation is steep and not able to pick up everything in one training session. Multiple training session are required and practical implementation are required to pick up the skills to create playbook.

Learn Python. Very important Language to automate and orchestrate things.

Looking a solution to reduce the manpower required to run a shift. Using Siemplify, the efficiency of the analyst is improved significantly.

The ability of accepting many different devices products and able to automate to populate the data fields to the respective fields that either is pre-set or user-defined.

The playbook feature may be too complex to implement at the start as it allow many different feature ranging from rules/alerts etc.

NIL

Currently we are using Siemplify to link up different siem monitoring program to create a 1 stop portal for SIEM monitoring. It is easier to maneuver as quality time are saved from toggling different siems interface for 1 incident investigation.

We have seen significant improvements in our day-to-day operations that drive better efficiency, more effective incident response and have improved the organization’s ability to demonstrate compliance and protect the bottom line.

Not a thing. The product is fantastic as well as the group behind the scenes supporting it!

Reduce average time to identify linkage between alerts from seven hours to a few seconds

➢ Consolidated eight user interfaces into one single console

➢ Got rid of five manual, cycle-driven processes through built-in automation

➢ Created high-risk event aggregation while eliminating duplicate data

➢ Prioritized alerts and assigned tasks to maintain a common caseload for each analyst

➢ Introduced data-driven, custom-defined dashboards that met internal executives’ expectations and needs, while meeting auditors’ demands for documenting compliance.

Everyone in the organization seems to be on the same page, always attentive and loves collaboration. Working with Sales, Marketing and development has been smooth, engaging and successful.

At this point i can honestly say there is nothing i dislike about them. They have always done what they said they would, always delivered on time.

Dedicate a team to it, hit all the options in testin, learn python

Bringing Automation of our SIEM platform, We have realized a 95% plus automation of all Tier 1 tickets.

My favorite part about Siemplify are the many integrations we can incorporate into one platform. As a NOC/SOC team, we utilize many vendors and applications that can be challenging to remember where everything is and how it all works. With the integrations as well as playbooks, we can train new hires faster and get them working with our tools comfortably.

While the platform itself has many contributions to our organization, there are times where the Siemplify client does not respond well with the playbooks that we have created. Some examples include: freezing, no data displaying on screen for instructions, and playbooks not closing out on completion.

As previously stated with "What do you like best," we have found that when we have no hires coming into our company, we can train using this tool utilizing the playbooks as everything is laid out. It can be challenging to learn the different platforms that we use, playbooks help eliminate that issue as we can draw out a simple plan that each person should follow in order to reach a resolution on an issue.

Simple and clean interface

Gentle learning curve

Flexibility

Initial difficult integration with the choice of SIEM we were using

Multi-tenancy SOC environment whereby we have issues trying to keep tabs on genuine alerts from multiple customers.

Siemplify helps to relieve redundant workload on analysts and ensure that genuine alerts are being worked on.

The product is having modules that are able to integrate with multiple well known security products. Siemplify is also willing to work with my team to resolve those products that are not supported by them at the moment.

.

Siemplify will still need programming skill to configure the playbook. The support hours does not align to my region and thus the hours for interaction are restricted and might not be able to provide prompt support.

This product should be able to meet every SOC requirements for automation and orchestration.

Faster and consistent response to known alerts that SOC had identified. As the implementation is new and it take time to configure the playbooks, I believe we should be able to fully utilize what SIEMPLIFY is capable over time.

The interface is good and easy to understand and use for daily operations.

The playbook documentation is not detailed enough, Need to configure it by trial and error.

For incident response, and handling events as case. This provide customer with variables needed to justify their security operation performance.

Helps to consolidated add related alerts into the existing tickets to ease the number of ticket required to be created to both customer and analyst.

New runbook need to be configured manually when there are new rules being forwarded to siemplify. Process takes times and testing before it can be transited into operational use.

Automation of tickets and actionable use case. In certain area where we could access to firewall, such orchestration could reduce the amount of lead time to block away malicious traffic.

SIEM made simple with automation and orchestration. Automation helps to automate and standardise the workflow. Orchestration helps to kick-off a set of run books and remediation actions.

I would hope to see more SIEM platforms supported in Siemplify and improve in the out-of-box run books for the end-users to deploy/duplicate/modify/ in their environments.

SIEM made simple with automation and orchestration

To overcome the manpower issues to ,monitor the SIEM console and also hiring cyber security expertise willingly to work 24x7x365.

What I like best about Siemplify is that it can automate the things that an SOC analyst does.

What I dislike about Siemplify is that it is not easy for end users to add custom connectors and integrations.

One of the business problems we are solving with Siemplify is the response time of analysts to actual attacks. We realized that it can also correlate similar alerts into one case which helps with the time to investigate.

I definitely love the versatility of the solution, Siemplify offer a lot of integration via API and the availability of API action in template.

I love how they deliver the creation of playbook as a drag and drop process, this one is definitely a big plus .

Lock of documentation.

Playbook must have a jump back flow to branch where it originated to minimize the creation of duplicate step and minimize the branch line.

I love to see in the future for the application to be a mobile responsive.

I realize that correlating hundreds of event logs/alarms every hour can remediate in a single pane window and it can 100% automated as well

The ability to see important data in a single location. It really does help cut down time spent on incidents overall.

The difficulty to build playbooks and the sometime slow to respond interface. (2.x interface I believe). The UI could use some work.

Your support is your greatest asset. As you grow keep up the personal level of support.

Report generation of incidents.

Incident handling and automation.

Satisfaction of audit requests as they arise.

With Siemplify i can automated my process with a runbook which really help saved lot of my time.

Too much python script needed, most of our team members are in hardware perspective and not really doing well in python script when developing the runbook.

NA

With Siemplify i can automated my process with a runbook which really help saved lot of my time.

Helps to ease the workload for analysts, can develop play books for different alert scenarios

Does not contains out of the box play books as compared to other automation tools

Easy to integrate with SIEM platforms

Helps to automate the SIEM alerts, easing the work for our analysts

The ability to automatically correlates security alerts, identifies and prioritizes incidents, and graphically depicting the complete threat chain.

Unfortunately in an enterprise environment which thrives on Linux solutions, makes this Windows-only application the odd one out

Reduce the noises generate by multiple alerts