Graylog Competitors and Alternatives

Get our free report covering Splunk, Elastic, Fortinet, and other competitors of Graylog. Updated: December 2020.
456,719 professionals have used our research since 2012.

Read reviews of Graylog competitors and alternatives

Jordan Mauriello
SVP of Managed Security at Critical Start
MSP
Sep 30, 2020
Having the ability to do real-time analytics drives down attacker dwell time

What is our primary use case?

We use Devo as a SIEM solution for our customers to detect and respond to things happening in their environment. We are a service provider who uses Devo to provide services to our customers. We are integrating from a source solution externally. We don't exclusively work inside of Devo. We kind of work in our source solution, pivoting in and back out.

Pros and Cons

  • "The ability to have high performance, high-speed search capability is incredibly important for us. When it comes to doing security analysis, you don't want to be doing is sitting around waiting to get data back while an attacker is sitting on a network, actively attacking it. You need to be able to answer questions quickly. If I see an indicator of attack, I need to be able to rapidly pivot and find data, then analyze it and find more data to answer more questions. You need to be able to do that quickly. If I'm sitting around just waiting to get my first response, then it ends up moving too slow to keep up with the attacker. Devo's speed and performance allows us to query in real-time and keep up with what is actually happening on the network, then respond effectively to events."
  • "There is room for improvement in the ability to parse different log types. The breadth of overall log parsers that exists right now is an area that they could improve. Natively, there's more that could be done by Devo then what it can and can't understand from a parsing perspective."

What other advice do I have?

No SIEM deployment is ever going to be easy. You want to attack it in order of priorities for what use cases matter to your business, not just log sources. We are not using the Activeboards as much as some of the things that are probably newer features in the solution, like their SecOps module, which allows us not to have to use as many Activeboards, as there is a lot of prebuilt content. That's very effective for us, and it already exists in there. The Activeboards are easy to understand and flexible. However, we are not using them quite as much as maybe other people are. We are probably…
CharlesNetshivhera
Senior DevOps Engineer at a financial services firm with 10,001+ employees
Real User
Top 5
Dec 9, 2020
It is quite comprehensive and you're able to do a lot of tasks

What is our primary use case?

It is currently deployed as a single instance, but we are currently looking at clusters. We are using it for a logging solution. I'm a developer and act as a server engineer for DevOps Engineers. It's used by developers and mobile developers. It could be used by quite a few different teams.

Pros and Cons

  • "The indexes allow you to get your results quickly. The filtering and log passing is the advantage of Logstash."
  • "We're using the open-source edition, for now, I think maybe they can allow their OLED plugin to be open source, as at the moment it is commercialised."

What other advice do I have?

Do a POC first. They should compare solutions and also look at different log formats they're trying to ingest. See how it really fits with the use case. This goes for ELK and Graylog. You can trial the enterprise version. In terms of lessons learned it does need some time and resources. It also needs adequate planning. You need to follow the documentation clearly and properly. I would give this solution 8 out of 10.
Get our free report covering Splunk, Elastic, Fortinet, and other competitors of Graylog. Updated: December 2020.
456,719 professionals have used our research since 2012.