Would like to have inputs from everyone - which SIEM tool is cost effective and quickly understandable in monitoring perspective?
Splunk is the boss of the sock 😀
Wow, this question is like opening a can of worms.I say it because often, the SIEM solution is not that important as the telemetry you ingest in the SIEM. Of course an EDR in the endpoint with ATT&CK signatures and good app and network coverage should get any SIEM to do the work.
I personally have worked with Splunk, RSA netwitness and logrhthym and McAfee.The one I see often deployed is Splunk(not a SIEM ) and McAfee which seems a commodity well rounded SIEM but nothing in the high end.
Throughout my career I have used ArcSigh ( a bit dated these days) and Splunk. As already said, the SIEM is just the tool, the telemetry ingested is the real deal.
The least cost effective solution mentioned is Splunk as the cost is prohibited for many organisations. Splunk's pricing model is based around the data you need to process, traditional SIEM do not based the price around the data, but around special features to tackle security monitoring and detection issues. Splunk as someone said above, it is not a solution specifically design for the security industry although it seems to be widely adopted especially in big enterprises which are the ones that can stand the high costs.