Easy to set up with a helpful community and a good dashboard tutor
What is our primary use case?
We primarily use the solution to have a correlation on all the Windows event logs. We use it more for forensic purposes now. We are looking for something which will be a more proactive product for us and be able to detect any threats and take automatic action.
Pros and Cons
"The solution has a good community surrounding it for lots of helpful documentation for troubleshooting purposes."
"The solution needs to be more reactive to investigations. We need to be able to detect and prevent any attacks before it can damage our infrastructure. Currently, this solution doesn't offer that."
What other advice do I have?
We're ELK customers. Mostly I'm a specialist on the infrastructure of the solution. The solution is perfect as long as you are using it for forensics. In terms of threat detection, it could be better. There could be another product that is more appropriate for that aspect. I'd rate the solution eight out of ten.