• Support
  • Forums
  • Blogs
A New Community Experience is Coming! For more information, please see our announcement.

Speed up SIEM searches


New Life Form
Every other product I have worked with properly indexes fields and allows for quick searching. Please work on this area. Searches are basically not worth it in the SIEM. We try to avoid it when we can (kind of defeats the purpose of the SIEM to begin with). 

Please consider altering the interface to something more like Splunk, ELSA, ElasticSearch to allow for dymanic query building, selecting of input data, and free form input.

Share post:


  • hey, that´s would be very cool....
    securityonion, wazuh and so on are already on that pitch...
    any news here?

  • or graylog but just as frontend...it´s use as well mongodb 

    i believe it´s the better option because within graylog you have role base right mgmt out of box 
    within elk you have to buy the elk shield...

    let us be realistic..it´s look a little bit better modern as the current version/function in alienvault :) 
  • the database queries have been a complaint for a while now, the HIDS datasource is essentially broken at this point due to how long it takes. i think it was announced that it would be updated in an update but no ETA on release date. also it appears as thought AV is moving away from the appliance and moving towards the cloud platform
  • i can confirm that the queries are not optimal.
    and hopefully they will not forgot the paying customer which prefers the on premise solution!

    any news here?
  • Just putting in the option for SIEM search to put  Last X minutes, or Last X hours would make a huge difference.  Why does the smallest period of time have to be 1 day.   This is a huge reason why I would consider moving to a different SIEM solution.
  • hey OpenEdge,

    I know this is an old thread, but you can set a custom start and end time for SIEM searches by clicking the Advanced Search button on the right of the screen under the current filters.
Sign In or Register to comment.