We just raised a $30M Series A: Read our story
2020-04-28T08:50:45Z

What needs improvement with Elastic SIEM?

12

Please share with the community what you think needs improvement with Elastic SIEM.

What are its weaknesses? What would you like to see changed in a future version?

ITCS user
Guest
66 Answers

author avatar
Top 5Real User

There should be a simulation environment to check whether my Elastic implementation is functioning perfectly fine. Other competitors provide a simulation environment so that I can simulate an IT attack and see how my solution is reacting or giving me alerts. I have not found any such feature in Elastic. Other solutions have their own Android and iOS applications that I can install on my mobile so that I am continuously connected to the SIEM. This is something missing in Elastic. There is no mobile app. Its documentation should be a bit better. I have to spend at least a couple of hours to find the solution for a simple thing. The documentation should be more precise and much better than what their counterparts are offering. When we buy Elastic, training is not included for free with Elastic. We have to pay extra for the training. They should include training in the price.

2021-05-21T09:52:37Z
author avatar
Top 5Real User

The biggest challenge has been related to the implementation. It's a very complex product which, without a lot of knowledge or a lot of training, it's very difficult to get into and make use of. They try and make a lot of the general features very simple to access; a lot of the dashboards are very simple to use and so forth, but a lot of the refined capabilities take serious skills. They're not necessarily the easiest to implement.

2020-10-01T09:58:00Z
author avatar
Top 5Real User

There are sensors called beats that have to be installed on all of the client machines, and there are seven or eight of them. As it is now, each beat needs to be configured separately, which can be quite hectic if my client has 1000+ machines. It would take a considerable period of time for us to complete the installation. They have begun working on this in the form of agents, which is a centralized management tool wherein all beats will be installed in a single stroke. The training that is offered for Elastic is in need of improvement because there is no depth to it. It hardly takes 15 or 20 minutes to complete a training session that they say will take two hours to finish. Clearly, something is missing. If a new engineer wants to work with Elastic then it is really very hard for them to understand the technology.

2020-07-29T07:45:59Z
author avatar
Top 10Real User

The signature security needs improvement. If you compare this with CrowdStrike or Carbon Black, they can improve.

2020-05-18T07:50:00Z
author avatar
Top 5LeaderboardReal User

The interface could be more user friendly because it is sometimes hard to deal with. The initial setup can be made easier.

2020-04-28T08:50:48Z
author avatar
Top 10Real User

This solution is very hard to implement. It is not a simple product but rather, it has many features and we need to understand all of them. For example, there is the analytics, the parser, and the visualizer, and setting them all up is a little bit complex. In the next release of this product, I would like to see SOAR automation features, similar to what Splunk Phantom has.

2020-04-28T08:50:45Z
Learn what your peers think about Elastic SIEM. Get advice and tips from experienced pros sharing their opinions. Updated: October 2021.
541,708 professionals have used our research since 2012.