Elastic SIEM Competitors and Alternatives

Get our free report covering Splunk, Fortinet, AT&T, and other competitors of Elastic SIEM. Updated: July 2020.
431,468 professionals have used our research since 2012.

Read reviews of Elastic SIEM competitors and alternatives

Real User
CEO at a tech services company with 51-200 employees
Apr 29 2020

What is most valuable?

The most valuable feature is the machine learning capability.

What needs improvement?

This solution is very hard to implement. It is not a simple product but rather, it has many features and we need to understand all of them. For example, there is the analytics, the parser, and the visualizer, and setting them all up is a little bit complex. In the next release of this product, I would like to see SOAR automation features, similar to what Splunk Phantom has.

What other advice do I have?

My advice to anybody who is implementing Elastic SIEM is to understand how the data works first. It is really different from other types of products. Overall, the product is very stable and it is well-liked. I think that everybody should consider using it. I would rate this solution an eight out of ten.
Real User
Cyber Security Consultant at a tech services company with 51-200 employees
Apr 29 2020

What is most valuable?

The best part about this solution is that it is open-source and free to use. The performance is good and it is faster than IBM QRadar.

What needs improvement?

The interface could be more user friendly because it is sometimes hard to deal with. The initial setup can be made easier.

What's my experience with pricing, setup cost, and licensing?

There is no charge for using the open-source version.

Which solution did I use previously and why did I switch?

I have used other SIEM solutions but this one is open-source, unlike some of the others. It is also faster than IBM QRadar.

What other advice do I have?

This solution is complex and cannot be used by just anybody. That said, for people who don't want to buy a product or who want to do everything themselves, I would recommend it. The real problem is that its complexity means that it takes a… more»
Consultant
Consultant at a computer software company with 1,001-5,000 employees
Jul 30 2020

What is most valuable?

The most valuable feature is the speed, as it responds in a very short time. I think that the alerts are generated in less than a minute. It is very easy to set up and doesn't take much time.

What needs improvement?

There are sensors called beats that have to be installed on all of the client machines, and there are seven or eight of them. As it is now, each beat needs to be configured separately, which can be quite hectic if my client has 1000+ machines. It would take a considerable period of time for us to… more»

What other advice do I have?

My advice to anybody who is considering this product is that it is a very competitive tool that is very new in the market and the vendor is doing their best to improve services. I highly recommend it and suggest that people choose it without a second thought. I would rate this solution an eight out… more»

Which other solutions did I evaluate?

I have personally worked with Splunk in the past, but here at this company, they only use Elastic. I believe that one of the major differences between these two is the pricing model. With Splunk, it depends on how much data we are ingesting. For us, it is approximately 500 GB per day. Elastic has a… more»
Get our free report covering Splunk, Fortinet, AT&T, and other competitors of Elastic SIEM. Updated: July 2020.
431,468 professionals have used our research since 2012.