I have used a number of SIEMs including ArcSight, Splunk, and IBM QRadar. I even recently heard of a major company trying to manage their security logs via KIWI Syslog, which is another great product I use, but it has no rules, correlation, Threat Intel or Context to put the content in to create actionable reports and Intelligene to act on as an Incident Responder or anyone on the InfoSec team. LEM makes it possible not have to hire an army of InfoSec Analysts, which were can they be found, and it is so easy to setup and is very intuitive. It also does not require constant fiddling, tuning, open tickets and the joy that is support at most IT companies. If those in the "Magic Quadrant" for Gartner! You are doing yourself and your company if you don't have a SIEM and try a free download of LEM while you are considering your options.
Not only has it saved my bacon but saved my budget tremendously and allowed me to afford bacon. It really is awesome.
I considered IBM QRadar, ArcSight, and SPLUNK but they are not really SMB friendly, I didn't say that out loud did i? I mean they are not geared towards SMBs unless you consider Wally World or other organizations with 10 of thousands of devicves.
Life has been great since I rolled out SolarWinds i my Environment.
I would sum it up this way: https://youtu.be/swYdKF1MpWg
:-)