Security Information and Event Management: A MITRE ATT&CK Framework Competitive Evaluation
We tested four SIEM products in this report: Micro Focus ArcSight, Splunk Enterprise Security, IBM QRadar, and Microsoft Sentinel. Micro Focus ArcSight and Splunk Enterprise Security both excelled in detecting and logging the battery of attacks, each scoring 10 out of 10 in our series. IBM QRadar failed to catch many of the attacks in our tests and fell short of Micro Focus and Splunk in the quality of results presentation. Finally, we included in our evaluation Microsoft Sentinel, which at the time of this testing was equipped with a pre-release implementation of the MITRE ATT&CK framework. While we provide a hands-on assessment of the Sentinel product in this report, the tool did not produce usable results in our detection tests and therefore was not included in that portion of our evaluation.