Elastic Security Reviews

We are a service provider, and use this solution to work with our customers.

We use this solution for collecting firewall logs and then supplying them to the log analyzer.

We are running Fortinet FortiGate for our firewall, and these are the logs that we are analyzing. Normally, we have a problem with the visualization part.

This solution helps us because we can find all of the logs in one place. We can easily find a specific log in a specific time period.

The visualization is very good.

There are connectors to gather logs for Windows PCs and Linux PCs, but if we have to get the logs from Syslog then we have to do it manually, and this should be automated.

It would be good if I could get technical support for specific devices. I think that Windows should have some specific connectors. When we implemented a new product, we had to create it manually.

The stability of this solution is fine.

This solution is scalable.

We have approximately two hundred users and we do not plan to increase usage at this time.

We had not contacted technical support for this solution.

We have used other SIEM solutions in our company.

On week is enough for the deployment.

We performed the integration ourselves.

We are using the free, open-source version of this solution.

We did not evaluate other options before choosing this solution.

We are interested in learning more about plugins for specific firewalls or other products.

The only problem with this solution is the development part, where we have to do it manually.

I would rate this solution a six out of ten.

The primary use case of this solution is for IT monitoring, predictive maintenance, and anomaly detection.

It's simple and easy to use.

This solution cannot do predictive maintenance, so we have to build our own modules for doing it.

It doesn't do advanced analytics. They should have some advance analytics in this solution.

With Kibana, we wanted it to be easier to use. The data visualization is there but it should be easier to use.

Also, they should start proving APIs for doing ML and AI.

I have been using this solution for two months.

This solution is stable and so far, we have had no issues.

The scalability is very good. We are running it on an eight-node machine so far, and with eight nodes we have had no issues.

We haven't contacted support. They do have the support and we have spoken with them over email. We might need their assistance next month.

Anyone who wants to do IT log monitoring, realtime and who wants to do the anomaly detection, should go with this solution.

So far from what we have seen, I would rate this solution a nine out of ten.

Elastic is straightforward, easy to integrate, and highly customizable.  

The Integration module could be improved. It is a pain to build integration with any product. We have to do parking and so on. It's not like other commercial solutions that use profile integration. I would also see more detection features on the SIEM side.

Elastic is easily scalable.

Elastic support is good.

Elastic's initial setup is quite straightforward. 

Elastic is still priced far less than other commercial products. 

I rate Elastic SIEM eight out of 10. Elastic is easy, lightweight, and highly scalable, but you need to be skilled at scripting to use it. If you're going to use the product, you need to ensure your engineers have the scripting ability. 

We are using ELK Logstash for application log management and fault detection.

The feature that we have found the most valuable is scalability. 

The process of designing dashboards is a little cumbersome in Kibana. Unless you are an expert, you will not be able to use it. The process should be pretty straightforward. 

The authentication feature is what we are looking for. We would love to have a central authentication system in the open-source edition without the need for a license or an enterprise license. If they can give at least a simple authentication system within a company. In a large organization, authentication is very essential for security because logs can contain a lot of confidential data. Therefore, an authentication feature for who accesses it should be there.

We have been using ELK Logstash for nearly three years.

It's quite stable. We have not seen it going down at all for the last three years. It's working well consistently.

Scalability is very good. 

We have not taken the technical support at all, so we have been supporting ourselves. We are using the open-source edition, and we are supporting ourselves.

The initial setup was very straightforward for us because we are a software development company. We understand how to compile the source code. We can compile the source code, and we can deploy it. It was pretty straightforward for us.

You should know this solution pretty well. You need to be clear beforehand for what you are going to use this product. This is not something that you can use generally for anything and everything. You should be really clear in terms of your requirements.

I would rate ELK Logstash a nine out of ten. 

Elastic SIEM is used to monitor and deal with system log files.

The best part about this solution is that it is open-source and free to use.

The performance is good and it is faster than IBM QRadar.

The interface could be more user friendly because it is sometimes hard to deal with.

The initial setup can be made easier.

I have been using Elastic SIEM for six months.

I am satisfied with the stability of Elastic SIEM.

There is no technical support for the open-source, free version.

I have used other SIEM solutions but this one is open-source, unlike some of the others.

It is also faster than IBM QRadar.

The initial setup is complex and it is not easy to deploy.

It is also possible to have a cloud-based deployment.

There is no charge for using the open-source version.

This solution is complex and cannot be used by just anybody. That said, for people who don't want to buy a product or who want to do everything themselves, I would recommend it. The real problem is that its complexity means that it takes a lot of time to set up and learn to use. There is a lot of configuration and hard work.

I would rate this solution an eight out of ten.

We use Elastic SIEM for security and analytics.

The most valuable feature is the machine learning capability.

This solution is very hard to implement. It is not a simple product but rather, it has many features and we need to understand all of them. For example, there is the analytics, the parser, and the visualizer, and setting them all up is a little bit complex.

In the next release of this product, I would like to see SOAR automation features, similar to what Splunk Phantom has.

We are conducting a PoC with Elastic SIEM and I have about two months of experience with it.

The deployment is stable, although they are evolving very fast. They frequently update everything.

We are using Elastic SIEM on a daily basis, even during holidays.

I would say that it is scalable.

The technical support is good.

The initial setup is quite complex. Starting from the point where we were collecting the data, the deployment probably took about a month. However, simply installing the applications only takes a few days.

We have an engineer in the company who handled the deployment. So far, things have been good.

My advice to anybody who is implementing Elastic SIEM is to understand how the data works first. It is really different from other types of products.

Overall, the product is very stable and it is well-liked. I think that everybody should consider using it.

I would rate this solution an eight out of ten.

The solution does not have a UI and this is one of the reasons we are looking for another solution.

When setting up some of the pipelines we are receiving different types of log messages with different patterns. When I try to force a certain pattern I need to restart the solution causing a huge inconvenience for us.

I have been using the solution for one year.

The solution is not stable.

We have approximately 15 users using the solution in my organization.

When doing the installation, the ELK is working well but sometimes when we search for specific words there is no longer any inception throughout. This issue has been difficult to debug or fix.

The index is very important when using this solution. We encountered a couple of issues when we set up the wrong index, it causes everything to go down. That means if we set up something incorrectly with the index, the solution will be down and we do not know why.

The solution is free.

We are currently evaluating other solutions to replace this one, such as Datadogs and New Relic. Datadog has a UI that this solution is lacking.

I would not recommend this solution.

I rate ELK Logstash a five out of ten.

The primary use cases are for infrastructure monitoring networks, security analytics, and SIEM.

We are evaluating it for business analytics as well.

The feature that I have found most valuable is the infrastructure monitoring part because it is quite easy. If you want to get up and running, we could create use cases in four to five days. So the initial infrastructure for simple analytics is quite easy.

ELK Logstash is easy and fast, at least for the initial setup with the out of box uses. I'm not talking about advanced use cases, but the basic ones are quite easy to configure.

In terms of what could be improved with Elastic, in some use cases, especially on the advanced level, they are not ready-made, so you'll have to write some scripts. This is the case, especially with a trade. If you are comparing it with a SIEM tool, you don't have ready-made use cases.

I would say that to have a better place in the market they should have more built-in use cases so that rather than people creating them, the prime uses had inbuilt use cases. It could even include more templates or automation.

I have been using this solution almost 10 - 11 months.

In terms of stability, as a starting point with simple use cases, it's quite easy and fast to deploy.

In terms of assessing its scalability, we have not gone with a very huge amount of data yet so it is early to comment on that. We started with three node architecture and I think slowly we'll scale up.

It is suitable for small to large businesses. We have started small but we plan to scale it up.

Currently, we are using the solution between 16 and 24 hours a day, 7 days a week for live monitoring.

We have been in touch with support and raised tickets a couple of times, especially when we get stuck with respect to some advanced level issues.

Sometimes the reply has been quite fast and sometimes it has taken maybe 24 to 48 hours. They could definitely improve a bit on their support.

We have done both setups, on-premise as well as on AWS.

The installation is quite okay. We have done three or four installations and it's fine. We have deployed on Windows as well as on Linux platforms.

I don't get involved in the installation, but I have a small team who does it and based on their experience, we have installed in one day.

The installation of full-frame solutions is quite smooth.

We implement it ourselves in-house. We have a technical team that does it. We can refer to blogs in case we get stuck, but so far it's been smooth.

If you have a basically knowledgeable person, even without a lot of experience, as we had on our team, people with only two months' experience, they have been able to do it quite well in a day or two.

Until now, we have not evaluated the Elastic cloud version, which is the fast kind of solution. But we have deployed the on-premise as well as the AWS options.

Based on my experience, it's quite easy and manageable with small scale implementations, and the time to market is quite fast. I can have good monitoring with a couple of use cases set up in less than four weeks.

In terms of other advice, it depends what I am looking for. Am I looking at this as a platform or for a specific use case? If I see it as a platform, I would definitely say it's a good platform to work on. In that case, I would rate it an eight on a scale of one to ten.