We performed a comparison between Google Chronicle Suite and Sumo Logic Security based on real PeerSpot user reviews.
Find out in this report how the two Security Information and Event Management (SIEM) solutions compare in terms of features, pricing, service and support, easy of deployment, and ROI."Sentinel improved how we investigate incidents. We can create watchlists and update them to align with the latest threat intelligence. The information Microsoft provides enables us to understand thoroughly and improve as we go along. It allows us to provide monthly reports to our clients on their security posture."
"There are a lot of things you can explore as a user. You can even go and actively hunt for threats. You can go on the offensive rather than on the defensive."
"The automation rules and playbooks are the most useful that I've seen. A number of other places segregate the automation and playbook as separate tools, whereas Microsoft is a SIEM and SOAR tool in one."
"Sentinel is a Microsoft product, so they provide very robust use cases and analytic groups, which are very beneficial for the security team. I also like the ability to integrate data sources into the software for on-premise and cloud-based solutions."
"The best feature is that onboarding to the SIM solution is quite easy. If you are using cloud-based solutions, it's just a few clicks to migrate it."
"You can fine-tune the SOAR and you'll be charged only when your playbooks are triggered. That is the beauty of the solution because the SOAR is the costliest component in the market today... but with Sentinel it is upside-down: the SOAR is the lowest-hanging fruit. It's the least costly and it delivers more value to the customer."
"The solution offers a lot of data on events. It helps us create specific detection strategies."
"It's easy to use. It's a very good product. It can easily ingest data from anywhere. It has an easily understandable language to perform actions."
"What sets Chronicle apart from other solutions is its emphasis on threat hunting rather than solely serving as a monitoring tool."
"The support team is responsive."
"The tool's most valuable feature is the search option, allowing easy navigation."
"The platform's most valuable features are multiple connectors and data output flexibility regarding dashboards and user experience."
"Google Chronicle Suite is a highly scalable solution with good search capabilities."
"Google Chronicle Suite provides useful APIs."
"The log folder is fairly simple."
"The product's most valuable feature is threat hunting. We can detect the threats directly from the console from the past data as well."
"The most valuable features of Sumo Logic Security are the rules, use cases, and ease of use. Additionally, the integration is straightforward and good GUI."
"We can ingest logs and make reports out of them. It is a good tool which can help us monitor any issues."
"Scalability has been good for our needs. We haven't run into any scaling issues in regards to size so far."
"It provides easy visibility. I also like the shareable queries because we share a lot across groups."
"We have used it many times to find a root cause of a live issue, then fix the problem in the applications."
"Technical support is always great."
"We use it to ingest Windows domain controller logs. We use this to monitor if anyone is placed in particular administration groups that potentially shouldn't be. It helps us keep track of people."
"The tool has key features like operability. It will alert the admins whenever a device is onboarded."
"They only classify alerts into three categories: high, medium, and low. So, from the user's point of view, having another critical category would be awesome."
"Only one thing is missing: NDR is not available out-of-the-box. The competitive cloud-native SIEM providers have the NDR component. Currently, Sentinel needs NDR to be powered from either Corelight or some other NDR provider."
"I believe one of the challenges I encountered was the absence of live training sessions, even with the option to pay for them."
"Sentinel's reporting is complex and can be more user-friendly."
"The troubleshooting has room for improvement."
"They could use some kind of workbook. There is some limitation doing the editing and creating the workbook."
"We do see continuous improvement all the time, however, I haven't got a specific feature that is lacking or not well designed."
"They can work on the EDR side of things... Every time we need to onboard these kinds of machines into the EDR, we need to do it with the help of Intune, to sync up the devices, and do the configuration. I'm looking for something on the EDR side that will reduce this kind of work."
"The solution's graphical user interface (GUI) should be more user-friendly."
"The tool is complicated for a first-time user. It should also include newer APIs."
"The tool is a little bit difficult to use compared to Microsoft Sentinel."
"A few areas are difficult to understand for someone who has less experience using the product."
"The product's default dashboard feature has a few limitations regarding availability."
"The tool needs to improve tasking packages. Its GUI needs to be improved. The product needs to include time-based filtration. We can only see the alert detection timeline now."
"The configuration is not optimal."
"In terms of improvement, the UI can be a bit challenging for beginners."
"The initial setup is the most stressful, like learning how to use it."
"We would like to have some type of predefined setup for the logs, making the setup easier by default."
"The solution should improve its UI."
"There needs to be improvement on imported data which can be used within Sumo Logic to do more advanced queries."
"The integration with multiple sources could be better."
"The API integration in Sumo Logic Security could improve. There are delayed connections or they stop and then automatically start. Having a seamless log collection would be beneficial."
"I would like to see improvement in the user experience when configuring things, ingesting logs, and creating ports."
"If you look at some of the other offerings right now that are available in the market, they do offer APM as well as the product they're offering. I believe Sumo Logic is not there yet. So that's something which I would love to see."
Google Chronicle Suite is ranked 28th in Security Information and Event Management (SIEM) with 8 reviews while Sumo Logic Security is ranked 17th in Security Information and Event Management (SIEM) with 18 reviews. Google Chronicle Suite is rated 7.8, while Sumo Logic Security is rated 8.6. The top reviewer of Google Chronicle Suite writes "Swiftly navigates and analyzes extensive datasets without significant delays ". On the other hand, the top reviewer of Sumo Logic Security writes "Used to store and monitor application logs and VPC flow logs". Google Chronicle Suite is most compared with Splunk Enterprise Security, AWS Security Hub, Sentinel, IBM Security QRadar and Stellar Cyber Open XDR, whereas Sumo Logic Security is most compared with Wazuh, Rapid7 InsightIDR, Splunk Enterprise Security, VMware Aria Operations for Logs and IBM Security QRadar. See our Google Chronicle Suite vs. Sumo Logic Security report.
See our list of best Security Information and Event Management (SIEM) vendors and best Security Information and Event Management (SIEM) vendors.
We monitor all Security Information and Event Management (SIEM) reviews to prevent fraudulent reviews and keep review quality high. We do not post reviews by company employees or direct competitors. We validate each review for authenticity via cross-reference with LinkedIn, and personal follow-up with the reviewer when necessary.
