Elastic SIEM Review

Analyses your security data quickly and effectively

What is our primary use case?

We plan to use it to analyze the data that we're pumping into it from Active Directory and from firewalls, then we'll pass that information onto our own external SOC.

What is most valuable?

We really haven't had any significant SIEM solutions, so it's all new to us, other than a simple up-down solution. Just the ability to do a lot more than just up-down is nice, which a lot of people take for granted.

What needs improvement?

The biggest challenge has been related to the implementation. It's a very complex product which, without a lot of knowledge or a lot of training, it's very difficult to get into and make use of. They try and make a lot of the general features very simple to access; a lot of the dashboards are very simple to use and so forth, but a lot of the refined capabilities take serious skills. They're not necessarily the easiest to implement.

For how long have I used the solution?

We've been trying to implement it and get it up and going for a good three to four months now.

What do I think about the stability of the solution?

Elastic SIEM is pretty stable. I did have a problem during one of the upgrades, but customer support was able to resolve it for me quickly. Other than that, it's been very reliable and stable.

How are customer service and technical support?

The customer service is great; not a whole lot of back-and-forth going on.

How was the initial setup?

The initial setup was pretty straightforward.

What's my experience with pricing, setup cost, and licensing?

It's a monthly cost with Elastic SIEM, but I am not sure of the exact cost.

What other advice do I have?

In our case, being a medium-sized business, it takes a lot of resources to learn how to properly use and implement it — you need to have a good understanding. They give you a very good framework and a very good solution to work with, but there's a lot of intuition that's required to actually make it work well. It requires a lot more effort than they would lead you to believe or that you would even expect.

On a scale from one to ten, I would give this solution a rating of eight. This is based on my experiences from the past as we're still implementing it.

**Disclosure: I am a real user, and this review is based on my own experience and opinions.
More Elastic SIEM reviews from users
...who compared it with Splunk
Add a Comment