Elastic SIEM Review

Stable, good technical support, and valuable machine learning features

What is our primary use case?

We use Elastic SIEM for security and analytics.

What is most valuable?

The most valuable feature is the machine learning capability.

What needs improvement?

This solution is very hard to implement. It is not a simple product but rather, it has many features and we need to understand all of them. For example, there is the analytics, the parser, and the visualizer, and setting them all up is a little bit complex.

In the next release of this product, I would like to see SOAR automation features, similar to what Splunk Phantom has.

For how long have I used the solution?

We are conducting a PoC with Elastic SIEM and I have about two months of experience with it.

What do I think about the stability of the solution?

The deployment is stable, although they are evolving very fast. They frequently update everything.

We are using Elastic SIEM on a daily basis, even during holidays.

What do I think about the scalability of the solution?

I would say that it is scalable.

How are customer service and technical support?

The technical support is good.

How was the initial setup?

The initial setup is quite complex. Starting from the point where we were collecting the data, the deployment probably took about a month. However, simply installing the applications only takes a few days.

What about the implementation team?

We have an engineer in the company who handled the deployment. So far, things have been good.

What other advice do I have?

My advice to anybody who is implementing Elastic SIEM is to understand how the data works first. It is really different from other types of products.

Overall, the product is very stable and it is well-liked. I think that everybody should consider using it.

I would rate this solution an eight out of ten.

Which deployment model are you using for this solution?

**Disclosure: My company has a business relationship with this vendor other than being a customer: Partner
More Elastic SIEM reviews from users
...who compared it with Splunk
Add a Comment