We performed a comparison between Graylog Security and Microsoft Defender XDR based on real PeerSpot user reviews.
Find out what your peers are saying about Splunk, Microsoft, Wazuh and others in Security Information and Event Management (SIEM)."The solution offers a lot of data on events. It helps us create specific detection strategies."
"Sentinel has features that have helped improve our security poster. It helped us in going ahead and identifying the gaps via analysis and focusing on the key elements."
"I like the KQL query. It simplifies getting data from the table and seeing the logs. All you need to know are the table names. It's quite easy to build use cases by using KQL."
"The dashboard that allows me to view all the incidents is the most valuable feature."
"Azure Application Gateway makes things a lot easier. You can create dashboards, alert rules, hunting and custom queries, and functions with it."
"Having your logs put all in one place with machine learning working on those logs is a good feature. I don't need to start thinking, "Where are my logs?" My logs are in a centralized repository, like Log Analytics, which is why you can't use Sentinel without Log Analytics. Having all those logs in one place is an advantage."
"The pricing of the product is excellent."
"Log aggregation and data connectors are the most valuable features."
"We use the solution to collect logs."
"The tool aggregates logs. We can see the logs in one place."
"The most valuable feature is the network security."
"The common and advanced security policies for threat hunting and blocking attacks are valuable."
"Defender is easy to use. It has a nice console, and everything is all in one place."
"Microsoft Defender XDR is scalable."
"Among the most valuable features are the alert timeline, the alert story, which is pretty detailed. It gives us complete insight into what exactly happened on the endpoint. It doesn't just say, "Malware detected." It tells us what caused that malware to be detected and how it was detected. It gives us a complete timeline from beginning to end."
"Microsoft XDR's system of analysis and investigation is super convenient for our customers. It integrates with other Microsoft solutions like Defender for 365 to protect email traffic from malicious external web links and phishing."
"Microsoft 365 Defender is simple to upgrade."
"It provides a single pane of glass within the 365 admin interface, streamlining our experience by consolidating information in one place and eliminating the need to navigate through multiple interfaces."
"It could have a better API to be able to automate many things more extensively and get more extensive data and more expensive deployment possibilities. It can gain some points on the automation part and the integration part. The API is very limited, and I would like to see it extended a bit more."
"If their UI was a bit more streamlined and easy to find when I need it, then that would be a great improvement."
"Only one thing is missing: NDR is not available out-of-the-box. The competitive cloud-native SIEM providers have the NDR component. Currently, Sentinel needs NDR to be powered from either Corelight or some other NDR provider."
"I think the number one area of improvement for Sentinel would be the cost."
"There is room for improvement in entity behavior and the integration site."
"We've seen delays in getting the logs from third-party solutions and sometimes Microsoft products as well. It would be helpful if Microsoft created a list of the delays. That would make things more transparent for customers."
"The troubleshooting has room for improvement."
"The reporting could be more structured."
"Graylog Security needs to incorporate security scorecards."
"This solution could be improved if it included features such as those offered by Malwarebytes."
"A simple dashboard without having to use MS Sentinel would be a welcome improvement."
"The interface could be improved. For example, if you want to do a phishing simulation for your employees, it can take a while to figure out what to do. The interface is a bit messy and could be updated. It isn't too bad, but doing some things can be a long process."
"Improving scalability, especially for very large tenants, could be beneficial for Microsoft Defender XDR."
"In the future, it would be beneficial for Microsoft to consider making the product more user-friendly or simplified for those who are interested in using it. Currently, it requires a high level of technical expertise, making it challenging for beginners or less experienced individuals."
"There are other SIEM solutions that are easier to use, mainly based on the creation of rules, use cases, and groups."
"The only issue I've had is, when it comes to deployment, the steps I must take around policy setup. That is challenging."
"Advanced attacks could use an improvement."
Graylog Security is ranked 34th in Security Information and Event Management (SIEM) with 2 reviews while Microsoft Defender XDR is ranked 5th in Extended Detection and Response (XDR) with 79 reviews. Graylog Security is rated 8.6, while Microsoft Defender XDR is rated 8.4. The top reviewer of Graylog Security writes "Helps to collect logs and pricing is cheap ". On the other hand, the top reviewer of Microsoft Defender XDR writes "Includes four services and four products, which can help organizations a lot". Graylog Security is most compared with Wazuh, whereas Microsoft Defender XDR is most compared with CrowdStrike Falcon, Microsoft Defender for Cloud, Microsoft Purview Compliance Manager, Wazuh and Microsoft Intune.
We monitor all Security Information and Event Management (SIEM) reviews to prevent fraudulent reviews and keep review quality high. We do not post reviews by company employees or direct competitors. We validate each review for authenticity via cross-reference with LinkedIn, and personal follow-up with the reviewer when necessary.