Elastic SIEM Overview

Elastic SIEM is the #13 ranked solution in our list of top Security Information and Event Management (SIEM) tools. It is most often compared to Splunk: Elastic SIEM vs Splunk

What is Elastic SIEM?

Elastic SIEM equips security practitioners with easy data ingestion via Beats, shareable analytics based on the Elastic Common Schema (ECS), and the ability to interact with security data using the SIEM app in Kibana. As threats continue to evolve, so too will Elastic SIEM.

Elastic SIEM Buyer's Guide

Download the Elastic SIEM Buyer's Guide including reviews and more. Updated: January 2021

Elastic SIEM Customers
Harel Insurance & Financial, Delhivery, Voxpopme, POSCO, Fairfax Media, EO Media Group, Netshoes, BPCE, MM Karton, KPN, NS1, Ctcue, Forcura, Engadget, Roanoke College, St. Mary's University, ndiana University, E*Trade, Adobe, Cisco
Elastic SIEM Video

Pricing Advice

What users are saying about Elastic SIEM pricing:
  • "It's a monthly cost with Elastic SIEM, but I am not sure of the exact cost."
  • "There is no charge for using the open-source version."

Elastic SIEM Reviews

Filter by:
Filter Reviews
Industry
Loading...
Filter Unavailable
Company Size
Loading...
Filter Unavailable
Job Level
Loading...
Filter Unavailable
Rating
Loading...
Filter Unavailable
Considered
Loading...
Filter Unavailable
Order by:
Loading...
  • Date
  • Highest Rating
  • Lowest Rating
  • Review Length
Search:
Showingreviews based on the current filters. Reset all filters
reviewer1341687
Director of Engineering at a tech services company with 201-500 employees
Real User
Top 5
May 18, 2020
Continuously evolving on the security front and it has good speed, detail, and visualization

What is our primary use case?

We want to track and to respond to our security incidents. That's the main reason we use it, to analyze and see like what all the incidents that are happening. We also deploy it for some of our clients.

Pros and Cons

  • "The most valuable features are the speed, detail, and visualization. It has the latest standards."
  • "If you compare this with CrowdStrike or Carbon Black, they can improve."

What other advice do I have?

You have to decide to what level you're trying to go. Is it an SMB or larger enterprise? Because if it is a bigger enterprise there might be a lot of other cybersecurity products that are already installed on their premises. You need to check the compatibility and how it's going to integrate. Make sure it is easy to use and check to see what level you want to track. If there are incidents like unknown IPs and if you look at the logs and find there is no harm in the IPs there will be scrutiny on the endpoints. Consider what kind of team you're going to have and what their ability is to…
reviewer1393731
Consultant at a computer software company with 1,001-5,000 employees
Consultant
Jul 30, 2020
Easy and quick to set up, and the runtime performance is good

What is our primary use case?

This is a log aggregation tool and we are using it for security purposes. There are 145 pre-built use cases, but we are still making some ourselves. One we built is an alarm for log deletion. For example, if a hacker tries to delete the log from a bank machine then it will raise an alarm immediately. A second use case is an alert for too many false login attempts, perhaps indicating a brute-force attack.

Pros and Cons

  • "The most valuable feature is the speed, as it responds in a very short time."
  • "The training that is offered for Elastic is in need of improvement because there is no depth to it."

What other advice do I have?

My advice to anybody who is considering this product is that it is a very competitive tool that is very new in the market and the vendor is doing their best to improve services. I highly recommend it and suggest that people choose it without a second thought. I would rate this solution an eight out of ten.
Find out what your peers are saying about Elastic, Splunk, Fortinet and others in Security Information and Event Management (SIEM). Updated: January 2021.
457,209 professionals have used our research since 2012.
reviewer1269834
I.T. Manager at a healthcare company with 51-200 employees
Real User
Top 5
Oct 5, 2020
Analyses your security data quickly and effectively

What is our primary use case?

We plan to use it to analyze the data that we're pumping into it from Active Directory and from firewalls, then we'll pass that information onto our own external SOC.

Pros and Cons

  • "Just the ability to do a lot more than just up-down is nice, which a lot of people take for granted."
  • "The biggest challenge has been related to the implementation."

What other advice do I have?

In our case, being a medium-sized business, it takes a lot of resources to learn how to properly use and implement it — you need to have a good understanding. They give you a very good framework and a very good solution to work with, but there's a lot of intuition that's required to actually make it work well. It requires a lot more effort than they would lead you to believe or that you would even expect. On a scale from one to ten, I would give this solution a rating of eight. This is based on my experiences from the past as we're still implementing it.
reviewer1331592
CEO at a tech services company with 51-200 employees
Real User
Top 10
Apr 29, 2020
Stable, good technical support, and valuable machine learning features

What is our primary use case?

We use Elastic SIEM for security and analytics.

Pros and Cons

  • "The most valuable feature is the machine learning capability."
  • "This solution is very hard to implement."

What other advice do I have?

My advice to anybody who is implementing Elastic SIEM is to understand how the data works first. It is really different from other types of products. Overall, the product is very stable and it is well-liked. I think that everybody should consider using it. I would rate this solution an eight out of ten.
reviewer1247235
Cyber Security Consultant at a tech services company with 51-200 employees
Real User
Top 5Leaderboard
Apr 29, 2020
A cost-effective solution with good performance

What is our primary use case?

Elastic SIEM is used to monitor and deal with system log files.

Pros and Cons

  • "The performance is good and it is faster than IBM QRadar."
  • "The interface could be more user friendly because it is sometimes hard to deal with."

What other advice do I have?

This solution is complex and cannot be used by just anybody. That said, for people who don't want to buy a product or who want to do everything themselves, I would recommend it. The real problem is that its complexity means that it takes a lot of time to set up and learn to use. There is a lot of configuration and hard work. I would rate this solution an eight out of ten.
Buyer's Guide
Download our free Security Information and Event Management (SIEM) Report and find out what your peers are saying about Elastic, Splunk, Fortinet, and more!