Great question. Some SIEMs are the worst and some are great. I like Splunk a lot because it is easy to use. I think it is something that is needed in an enterprise network. They are as good as you set them up to be. A lot of places just sent logs to their SIEM and thats it. They do not tune their logs or anything. You have to spend time making it work correctly. You have to spend the time making worth while alerts and dashboards. When we would deploy to a network the first thing we would do would be is fine tune our SIEM. Making sure the correct logs are going in and not just all the logs.

long answer short is they are as good as you let them work. Spend the time to tune them and make them work well for your organization.