We performed a comparison between Elastic Security and Rapid7 InsightIDR based on real PeerSpot user reviews.
Find out in this report how the two Security Information and Event Management (SIEM) solutions compare in terms of features, pricing, service and support, easy of deployment, and ROI."The threat intelligence is excellent."
"We can automate routine tasks and write scripts to carry out difficult tasks, which makes things easier for us."
"Defender XDR has a feature called the timeline that lets you track all activities. It helps a lot with investigations."
"The most valuable features are spam filtering, attachment filtering, and antivirus protection."
"There is also one dashboard that shows us the status of many controls at once and the details I can get... It gives a great overview of many areas, such as files, emails, chats, and links. Even with the apps, it gives you a great overview. In one place you can see where you should look into things more deeply..."
"My clients like Defender's file integrity monitoring. They're monitoring Windows and Linux system files."
"The most valuable feature depends on the scenario. For compliance, I like Microsoft Purview Information Protection and Data Loss Prevention. Sentinel is the most helpful feature for security. 365 Defender helps us prioritize threats across an enterprise. It's a crucial feature for the managed services team."
"The most valuable aspect is undoubtedly the exploration capability"
"It is an extremely stable solution. Stability-wise, I rate the solution a ten out of ten."
"Elastic Security is very easy to adapt."
"Elastic is straightforward, easy to integrate, and highly customizable."
"The most valuable feature is the scalability. We are in Indonesia, more engineers understand Elastic Security here. So it is easier to scale and also develop. In features, the discovery to query all the logs is very important to us. It is very easy, especially with the query function and the feature to generate alerts and create tools. Sometimes we use the alert security dashboard to monitor our clients."
"ELK is open-source, and it will give you the framework you need to build everything from scratch."
"It's open-source and free to use."
"The scalability is good. It can be scaled easily in the production environment."
"The solution is quite stable. The performance has been good."
"If you were on other solutions, you would notice that they use agents from third-party, from open-source, from a native OS, or from other tools. Here, however, it is an agent from Rapid7 itself. This adds to the solution's overall capabilities."
"I like that it's a cloud-based solution."
"The web interface is great — very useful and user-friendly."
"The UI is very good."
"I rate Rapid7 nine out of 10 for affordability"
"I am able to run automated actions based on the output of reports, leaving me extra time to focus on more pressing matters."
"InsightIDR’s ability to process millions of transactions per day, and to notify me of the most critical ones, is priceless. InsightIDR has the alerts tuned, and has the ability to quickly drill down to determine the threat level."
"Intelligent alerting to avoid the common problem of alert fatigue associated with traditional SIEMs."
"When we do investigations, it would be better if Microsoft could populate the host dashboard more. When we open any host for investigation, we want the entire timeline of what is happening on the host, including all the users logging in, their hardware, Windows version, etc."
"The design of the user interface could use some work. Sometimes it's hard to find the exact information you need."
"There are other SIEM solutions that are easier to use, mainly based on the creation of rules, use cases, and groups."
"The solution could improve by having better machine learning and AI. Additionally, the interface, documentation, and integration could be better."
"The price should be adjustable by region."
"From an integration standpoint, it is always improving overall. With Security Copilot coming out, as partners, we are waiting for the GDAP support so that we can actually see Security Copilot on behalf of customers if they subscribe to it."
"The tool gives inconsistent answers and crashes a lot."
"Advanced attacks could use an improvement."
"The process of designing dashboards is a little cumbersome in Kibana. Unless you are an expert, you will not be able to use it. The process should be pretty straightforward. The authentication feature is what we are looking for. We would love to have a central authentication system in the open-source edition without the need for a license or an enterprise license. If they can give at least a simple authentication system within a company. In a large organization, authentication is very essential for security because logs can contain a lot of confidential data. Therefore, an authentication feature for who accesses it should be there."
"Upgrades currently released as stacks when it should be a plugin or an extension to save removal and reinstallation."
"Elastic Security's maintenance is hard and its scalability is a challenge. There are complications in scaling and upgrading. The solution needs to also provide periodic upgrade checks."
"The solution's query building is not that intuitive compared to other solutions."
"We'd like to see some more artificial intelligence capabilities."
"The setup process is complex. You need a solid working knowledge of networking, operating systems, and a little programming."
"Better integration with third-party APMs would be really good."
"The solution does not have a UI and this is one of the reasons we are looking for another solution."
"The interface for doing investigation needs to be enhanced with minor improvements that would make it more useful."
"Customised alert recipients need to be added to allow better first-line action and quicker response. Configurable honeypots would be a welcome addition."
"It takes time for the product's support team to resolve issues, making it an area of concern where improvements are required."
"InsightIDR is only available in a cloud version. Some of our customers prefer an on-prem solution because they want to manage the security within their environment."
"I would like the ability to adjust the threshold of certain existing alerts. Currently the only option is to change the notifications or create my own alert."
"The APIs can be further improved in Rapid7."
"Rapid7 InsightIDR is not intuitive to search for logs. It should be more user-friendly and improve the dashboards. We should be able to use ready-made templates instead of having to build one."
"Needs a better ability to customize the check within the console."
Elastic Security is ranked 5th in Security Information and Event Management (SIEM) with 58 reviews while Rapid7 InsightIDR is ranked 9th in Security Information and Event Management (SIEM) with 31 reviews. Elastic Security is rated 7.6, while Rapid7 InsightIDR is rated 8.4. The top reviewer of Elastic Security writes "Customizable with great dashboards but the premium support is poor". On the other hand, the top reviewer of Rapid7 InsightIDR writes "Helps in the management of compliance, secret events and information". Elastic Security is most compared with Wazuh, Splunk Enterprise Security, Microsoft Sentinel, IBM Security QRadar and Microsoft Defender for Endpoint, whereas Rapid7 InsightIDR is most compared with Darktrace, Microsoft Sentinel, Splunk Enterprise Security, Rapid7 InsightVM and Sumo Logic Security. See our Elastic Security vs. Rapid7 InsightIDR report.
See our list of best Security Information and Event Management (SIEM) vendors, best Endpoint Detection and Response (EDR) vendors, and best Extended Detection and Response (XDR) vendors.
We monitor all Security Information and Event Management (SIEM) reviews to prevent fraudulent reviews and keep review quality high. We do not post reviews by company employees or direct competitors. We validate each review for authenticity via cross-reference with LinkedIn, and personal follow-up with the reviewer when necessary.