The most valuable features of the solution are flexibility and the ability to incorporate data sources, as it is a very tunable and tweakable tool with the ability to ingest logs from various cloud sources.

The dashboards are great.

It's very customizable, which is quite helpful. 

It's mostly stable. 

The solution can scale.

It is a reasonably priced product that is open-source and can be free to use. 

Elastic Security is very customizable, and the dashboards are very easy to build. It's a very, very, very fast tool. If I click on something on my other SIEM to drill down into that thing, it only drills down a little, but Elastic Security will filter everything that's on the screen.

Elastic Security gives us the ability to look at more than one source of data. For example, if a Windows client is doing something weird, I can grab all the Windows clients, then pivot to the firewall logs. 

I can look at events from more than one source across multiple different locations and find patterns or anomalies. The machine learning capabilities are helpful, and I can create rules for notifications to be more proactive rather than responding after something has gone wrong.

It is very quick to react. I can set it to check anomalies or suspicious behavior every 30 seconds. It is very fast.

Elastic has a lot of beats, such as Winlogbeat and Filebeat. Beats are the agents that have to be installed on the terminals to send the data. When we install beats or Elastic agents on every terminal, they don't overload the terminals. In other SIEM solutions such as Splunk or QRadar, when beats or agents are installed on endpoints, they are very heavy for the terminals. They consume a lot of power of the terminals, whereas Elastic agents hardly consume any power and don't overload the terminals. 

The most valuable feature of Elastic Security is that you can install agents, and they are not separately licensed. You can also directly install integrations onto those agents. The solution's user interface is good.

It works just fine. We haven't had any issues with it. 

It is scalable. 

Technical support has been good.

It is stable. 

The product is fast to set up and very easy to deploy.

I like that it's a SIEM platform. I like that I can sell Elastic Security quickly. Elastic Security has a large community that can support users.

Its flexibility is most valuable. We can have a number of scenarios, and we can get logs from anything. If we know how to use Logstash, we can tweak it in many ways. This makes the logging search on Elastic very easy.

With Kibana, we can make very beautiful dashboards the way we wanted. It makes sense for the business.

Its search engine is great, and it is really quick. In the beginning, we wanted to search through terabytes of log data, and after that, we decided to search using the solution.

The initial setup is very easy.

It can scale well. 

It's very stable and reliable. 

We use it as an open-source product and do not have to pay for licensing. 

There is a lot of good documentation online if you need to troubleshoot. Everything is clear and easy to follow. 

One of the most valuable features of this solution is that it is more flexible than AlienVault. 

I think that it's a good solution for a SIEM.

Overall, the solution is good.

The machine learning aspect of the solution has been great.

The deployment is not that complicated.

ELK is open-source, and it will give you the framework you need to build everything from scratch.

This solution enables us to monitor application performance from Elasticsearch and we can predict some behaviors for applications using ELK. This product is distributed and scalable which is good for us.

The integration with Siemens Endpoint Security in Elastic Security has been beneficial for security. The provided rules are good, making it easy to create and understand rules. Patterns and detections are made through index patterns, requiring some follow-up steps.

In real-time, the impact of Elastic Security on ransomware is significant. For known and repeated ransomware, it can detect and prevent effectively using established signatures and behavioral patterns. However, for new types of ransomware with less complex behaviors or those that modify files minimally, conventional detection methods may struggle. Elastic Security proves to be effective even in challenging cases.

On the cloud, it allows testing of SaaS-based applications, performance evaluations using CDMs and APIs, incident detection within company network infrastructures, and comprehensive management of security services.

The interesting thing is about the dashboard. There are available widgets for the dashboards, along with specific features like different types of reports, such as a list of alerts. This helps to remind us which events are happening most often.

We are still evaluating the solution, but the dashboard is something good. And one more thing, it also has anomaly reports. I like that there is a report that is only based on anomaly-related activity.

It can handle millions of loads at a time, and you can always use the filters to find exactly what you are looking for and detect errors in every log message you are searching for, basically.

In terms of query resolution, error searching finding and production issues, we're able to find issues quicker. We don't need to manually obtain the logging reports. All bugs in code are quickly identified in the logs as they are in one centralized logging location.

Elastic Security is very easy to adapt. 

Elastic Security is a highly flexible platform that can be implemented anywhere. 

The solution is compatible with the cloud-native environment and they can adapt to it faster. 

What customers found most valuable in Elastic Security feature-wise is the search capability, in particular, the way of writing the search query and the speed of searching for results.

The solution has very good logging functionality. 

The aggregation capability is quite useful. 

The solution is quite stable. The performance has been good.

The solution scales well.

The solution has gotten easier to deploy since the 2019 version.

The most valuable feature is the speed, as it responds in a very short time. I think that the alerts are generated in less than a minute.

It is very easy to set up and doesn't take much time.

The product has huge integration varieties available. 

I like that there is a knowledge base. There's the possibility for technical people to develop this product and to know much more. However, they do not need additional certifications from the vendor side or to pay a lot of money for their courses and certifications. We don't need to rely on vendors. We can handle the product ourselves. 

It's open-source and free to use.

We like Elastic Security because it's a REST API-based solution. That's the primary reason we use it. 

Recently I started using some Kibana alerting, which is in the latest versions of Kibana. It's very helpful in general.

You can't beat the price as it is basically free. There are also a lot of features on offer.

We've found the initial setup to be quite straightforward.

The stability is excellent.

This is one of the best open-source log management and log analyzer tools in the world.

There is a lot of customizability in Elasticsearch. For example, I can use indices if I want to modify the fields or segregate the logs. I can also use different open-source tools. For example, a tool called ElastAlert can be used for detection on Elasticsearch. Even if you don't have Elastic SIEM, you can still use ElastAlert. Similarly, the APIs they provide are pretty flexible. We use those APIs in our automation to get notified in Slack.

Another good thing about Elasticsearch is that it provides extensive flexibility regarding search. The filters are pretty amazing. You can know, search whatever you want.

The important part is that it's free of charge usage. For our use case, it's enough, and it's for a good cost because the basic level of the solution is free.

We really like that it integrates into the overall ELK Stack, and we're using that as our theme. We were looking for a product compatible with that. We like the detailed investigation features of the platform as you're able to get a lot of detail as to what's going on on the host when you do investigations. We like the quarantine feature.

We chose the product based on the ability to scan for malware using a malware behavioral model as opposed to just a traditional hash-based antivirus. Therefore, it's not as intensive. We have a lot of satellite communications, and it's not as intensive since we don't require updates to calm down on a regular basis for updated DAT files for hashes on a regular basis. We only have to update quarterly against the new malware model. It's also a lot less impactful from a performance perspective on a machine.

The most valuable features of the solution are the prevention methods and the incident alerts. 

All of the features on the solution are useful due to the fact that I have the full Stack, therefore I can collect and then visualize. We have the dashboard tutor as well.

The solution has a good community surrounding it for lots of helpful documentation for troubleshooting purposes.

The best feature would be the threat hunting and its AI chat-related queries. It's simple. You can just chat with the system so it can get you the report based on a chat rather than going through a configuration. It's got a built-in artificial solution, a chatbot.

The interface of the solution is good.

I like the indexing of the logs.

The most valuable feature is the scalability. We are in Indonesia, more engineers understand Elastic Security here. So it is easier to scale and also develop. In features, the discovery to query all the logs is very important to us. It is very easy, especially with the query function and the feature to generate alerts and create tools. Sometimes we use the alert security dashboard to monitor our clients.

We really haven't had any significant SIEM solutions, so it's all new to us, other than a simple up-down solution. Just the ability to do a lot more than just up-down is nice, which a lot of people take for granted.

The most valuable feature for me is Discover. I have not used all of the features, so I can't say that this will be best for everyone.

I use the stack every morning to check the errors and it's just so clear. I don't see any disadvantage to using Logstash.

The most valuable feature is the ability to collect authentication information from service providers.

The most valuable features of Elastic Security are it is open-source and provides a high level of security.

Elasticsearch Indexing and the Visualize tools of Kibana.

Documentation is very good, so implementation is fine.

The most valuable feature is the search function, which allows me to go directly to the target to see the specific line a customer is searching for.

The solution is able to handle searches quickly and efficiently. It's much faster than other solutions we've tried. It spends far less time on searches related to capacity and indexing information.

The possibility to stack, locate, and search with your indexing feature at a high rate of speed is its best feature. 

It helps that the solution can work together with the infrastructure agents to get the metrics we need. 

The integration is quite good.

The initial setup is not difficult. It's easy to set up and customize. It's a strong selling point for the solution. 

It's easy to collect the data.

The documentation is big. It's very well documented.

It's working and easy to work with.

The cost is reasonable. It's not overly pricey.

The visualization is very good.

It's simple and easy to use.

Elastic is straightforward, easy to integrate, and highly customizable.  

The feature that we have found the most valuable is scalability. 

The best part about this solution is that it is open-source and free to use.

The performance is good and it is faster than IBM QRadar.

The most valuable feature is the machine learning capability.

The feature that I have found most valuable is the infrastructure monitoring part because it is quite easy. If you want to get up and running, we could create use cases in four to five days. So the initial infrastructure for simple analytics is quite easy.

ELK Logstash is easy and fast, at least for the initial setup with the out of box uses. I'm not talking about advanced use cases, but the basic ones are quite easy to configure.

The most valuable features are the speed, detail, and visualization. It has the latest standards.

In the case of DNS traffic or identification logs, you can actually use it on nondiscrimination laws. It has a good speed in which we can analyze the logs and the net flow.

The intelligence of the system has been very impressive. It's not quite AI, but the technical bit where it correlates information, based on the attacks within an organization is good. The intelligence bit that it gathers from within itself is really good. It's pretty accurate and gives you good details to create an intelligence report and present that to your C-level management.