Elasticsearch is an enterprise search tool from Elastic in Mountain View, California.
$16
per month
Microsoft Sentinel
Score 8.6 out of 10
N/A
Microsoft Sentinel (formerly Azure Sentinel) is designed as a birds-eye view across the enterprise. It is presented as a security information and event management (SIEM) solution for proactive threat detection, investigation, and response.
Elasticsearch has a steep learning curve, but it is the best in terms of customization and use cases it can cover most of the business needs. The other tools might be easier to integrate with and start seeing results, but you will end up having issues when you need customized …
Elasticsearch is relatedly cheaper the splunk. Opensearch is good and we migrated some data into it but the critical data stays in elasticsearch as it has formal support.
They all have their specific pros and cons. Elastic was actually initially brought in to provide less expensive functionality to Splunk, and Splunk use cases. Grafana was brought in to provide less expensive visualizations compared to Splunk and Elastic...I would recommend …
Elasticsearch is the most well-known and supported free data platform that we identified. We are taking advantage of community knowledge and practices. In terms of flexibility and breadth of use cases no other competitor came close to Elasticsearch. We've tried Solr in the past …
Elasticsearch brings the capacity to grow data ingest and provides 24/7 visibility into critical services across IT and Business teams. With Elasticsarch, specialized support teams can easily view all the relevant information by using real-time dashboards, and can immediately …
Elasticsearch and Solr are both based on Lucene, but the user community for Elasticsearch is much stronger, and setting up a cluster is easier. Splunk is very well suited for Log indexing and searching but is not nearly as flexible as Elasticsearch. Couchbase is a great NoSQL …
Search and analytics capabilities of Elasticsearch are superior to its competitors. Being open source, it is a cheaper and faster solution than other competitors. Installation is straightforward and it can be potentially deployed anywhere and everywhere! There is no need for …
Faster, better, more efficient. There was no comparison in Elasticsearch vs LEM. AlienVault was decent but too expensive for what it does compared to Elastic. The only competitor I'd consider as in the same ballpark in the SIEM world is Splunk. Save yourself the money and get a …
I think Elasticseach works less great compared to Splunk. Mainly the way the Splunk search head works is vastly superior to the way the Elasticsearch query language works. Furthermore, the Splunk architecture is in my opinion easier to roll out and scale-up. Splunk also has a …
Elasticsearch is very well packed in a broad set of features, ranging from customization capabilities to security and add-ons, and also comes with a great visualization tool named Kibana. Most of the competitors are strong in some of these areas, but I know of no other that's …
Almost no one uses Solr anymore--most have migrated to Elasticsearch. I've never tried it myself but I heard Solr is much more difficult to configure and because it doesn't use a REST API, it locks you into Java and XML. XML--ick! Lucene: Elasticsearch is built using Lucene …
From my perspective, there is nothing currently on the marker better than Datadog, but unfortunately, that's a pricey product, Elasticsearch deliver us part of Datadog functionalities being cheaper. Fluentd as a service (provided by the company behind Fluentd) looks like a …
Previously, we used Microsoft SQL Server's full-text search. Elasticsearch is faster and that includes searching and indexing and re-indexing the catalog of products.
With Elasticsearch you can integrate a lot of data sources. It can act as a small DataLake where you can put different kinds of data and extract important insights. With Splunk, additional to elevated costs of licensing and hardware, you need to have expert engineers to address …
All database systems have things they are good at, and things they aren't as good at. Riak/SOLR is great as a K/V store, but SOLR cannot handle requests as fast as ElasticSearch. In fact, SOLR is the reason we had to migrate to ElasticSearch. Redis is great at SET operations …
ES does not compete with the above packages but compliments them. By automating and mining logs, you are able to get a sense of the business process, marketing data or whatever else you need to capture and mine. The potential energy stored within Elasticsearch makes it a great …
Elasticsearch is the most powerful and easy to use platform in this market. It's open source which makes enhancements very possible and also makes customization something that is commonplace. We're able to create custom modules to pull data from both log and config files, which …
As far as we are concerned, Elasticsearch is the gold standard and we have barely evaluated any alternatives. You could consider it an alternative to a relational or NoSQL database, so in cases where those suffice, you don't need Elasticsearch. But if you want powerful …
When we first evaluated Elasticsearch, we compared it with alternatives like traditional RDBMS products (Postgres, MySQL) as well as other noSQL solutions like Cassandra & MongoDB. For our use case, Elasticsearch delivered on two fronts. First, we got a world-class search …
We decided to go with Microsoft Sentinel because it works really well with Microsoft tools we are already using. Microsoft Sentinel's intelligent features detect and resolve problems more quickly than Sumo Logic. It also allows us to pay for what we use and grow as we need. …
Well, primarily we use different stuff like CrowdStrike. We use different sign-on features. We primarily use those different products because we support a wider ecosystem.
Splunk, Google, SecOps. I look at how it stacks up based on the fact that it's the primary solution that we sell. So I think it stacks up really well. Why do we select it? Well, we selected it primarily because we're a very large Microsoft partner. The technology is very good …
Well before there was Microsoft Sentinel, you had other competing products like ArcSight or Splunk, et cetera. I think they have their own qualities, but the Microsoft integration story is really why we're using it.
We use intune to protect endpoints and we pull logs from all the endpoints through the intune connector into the Microsoft Sentinel SIEM and that way we can run rules on those logs to find anomalies.
Elastic seems to have a much better interface for log search and is able to filter out noise. Microsoft Sentinel also appears to generate a lot of false positives.
Elastic is some carbon for various use cases. So because Elastic is a very, very wrong history in the market. So Sentinel is very recent for products from my understanding.
Prior to using Sentinel, we were using Splunk specifically Splunk Enterprise Security and Splunk Cloud, so their on-prem and their cloud-based products. We switched originally for cost reasons, specifically cost control, but I have found that the ability to create reports, the …
Based on the overall infrastructure configuration that we have and also after analysing various solutions provided by Microsoft Sentinel, we came to a conclusion that the Microsoft Sentinel is the best option for us to help us in overall threat detection on our custom servers, …
I use most of the Sims that are out there, but RSAs, old Sim Log, logic, elastic, a lot of them. Sumo, we checked out Sumo too. We're a Microsoft shop and live almost entirely on top of a Microsoft ecosystem. We are considering other Microsoft security products to integrate …
As mentioned, the product was part of the purchase of several Microsoft Suites that we did earlier last year and with 200 licenses included, we can exclude those from the other SIEM and SOAR product, it just work well with the Microsoft's environment that we partially have Is …
The key advantage of using Sentinel lies in Microsoft already being a renowned name in cloud services. Hence, the Collection of data at the cloud scale across all users, devices, applications, and infrastructure, both on-premises and especially in the MS Cloud, is super easy. …
ArcSight is an on-prem solution that has a different approach than Sentinel.
In a basis this product is more complex to maintain and deploy. The query functionality in Sentinel is more powerful and easier to maintain. ArcSight has a much slower performance and an interface that …
We don't need to maintain a third-party SaaS solution or spend any time integrating it since Microsoft Sentinel is the ideal option to give a single point of attack detection and alert monitoring.
Microsoft Sentinel really goes the extra mile when it comes to an SIEM that slowly improves toward a proper SOAR, this may be the best selling point of the entire solution. Highly scalable, cloud-based, and nearly perfect when dealing with Microsoft-based infrastructures, …
Most of those have been out in the industry for a longer time, so they have a lot more user friendliness to them. So I'd say it's in the mix. It's just not as high as it should be or I would expect it to be.
Previous to Azure Sentinel, we were using the McAfee SIM and it just wasn't keeping up with the times and that was the choice of moving to Azure Sentinel.
Elasticsearch is really well suited for searching text (Natural Language Processing) and you can fine tune the searches and scoring very well. I like the ability to find Significant Terms in the Index, where you can find aggregations that are really relevant to a specific search. It also allows for queries to lead to new queries via aggregations which is great for navigating your data. It is less suited to doing more complex aggregations where slices of data are required to be processing using guassian normalizations. And doing searches which join different documents is very very hard, and requires serious thought on how to denormalize data.
We use it because when a user sees the suspicious activity on his account, Microsoft Sentinel gives alerts to the user's system and the admin system as well. When a user of one of our systems clicked a spam email, that email was trying to install a virus on our server, but Microsoft Sentinel gave an alert to the user and admin both, so that is why our team was able to fix that issue with Microsoft Sentinel very fast. However, it will not be the best option for you if your team is utilizing every feature but you are on a tight budget.
It is a good tool for threat detection and analysis of the threats. We are using this tool for real time threat detection on our employee machines as well as some servers.
It provides various options for collecting data sources by leveraging multiple sources using data connectors. This helps us in gathering data from multiple sources such as our servers as well as our employee machines.
One good thing about this tool is automated incident response thereby increasing the security of servers.
Setting Java memory thresholds can be a pain for those not accustomed to things like Eden Space & Old Generation which can lead to over allocation, or more likely, under allocation. Apache Solr had a similar issue. It would be nice if the program would take an extra step and dogfood it's own advice by analyzing the system & processes to return a solid recommendation for that configuration. The proper configuration information is outlined in the documentation, it would be nice if that was automated.
The only health check that ElasticSearch reports back is a "red" status without any real solid information about what is going on, though its usually memory thresholds or disk I/O. I am currently on ElasticSearch 1.5 so that may have changed for newer versions. When the status goes "red", I as the administrator of the software, feel like I lose control of whats going on which should rarely happen. Something more verbose would eliminate that.
This is more of a critique of the ElasticStack in general. The whole top to bottom stack is starting to get feature creep with things that are better suited in other software and increasing the barrier for entry for people to get started with setting up a robust logging infrastructure. ElasticSearch as a storage search engine, is pretty streamlined, but I can see that the tools that comprise the ELK Stack are going to require a certification with constant study at some point. During major release for Logstash a while back, it literally took a month to learn a new language because Elastic completely changed the syntax. For a medium sized organization of only a couple of admins, that is a pretty high bar where time is money. They really should work on refining/automating the tools & search engine they have, instead of shoehorning/changing things on to an already rock solid foundation.
It takes some time to learn how to use and install it properly, and it does not connect effectively with external PaaS systems such as Salesforce CRM, Salesforce Commerce Cloud, and so on.
Microsoft can simplify the display of the logs to make them easier to study, and the user interface occasionally delays, which can also be enhanced.
To get started with Elasticsearch, you don't have to get very involved in configuring what really is an incredibly complex system under the hood. You simply install the package, run the service, and you're immediately able to begin using it. You don't need to learn any sort of query language to add data to Elasticsearch or perform some basic searching. If you're used to any sort of RESTful API, getting started with Elasticsearch is a breeze. If you've never interacted with a RESTful API directly, the journey may be a little more bumpy. Overall, though, it's incredibly simple to use for what it's doing under the covers.
The Microsoft Azure Sentinel solution is very good and even better if you use Azure. It's easy to implement and learn how to use the tool with an intuitive and simple interface. New updates are happening to always bring new news and improve the experience and usability. The solution brings reliability as it is from a very reliable manufacturer.
We've only used it as an opensource tooling. We did not purchase any additional support to roll out the elasticsearch software. When rolling out the application on our platform we've used the documentation which was available online. During our test phases we did not experience any bugs or issues so we did not rely on support at all.
Elasticsearch is the most well-known and supported free data platform that we identified. We are taking advantage of community knowledge and practices. In terms of flexibility and breadth of use cases no other competitor came close to Elasticsearch. We've tried Solr in the past be we encountered issues which were deal-breaking for us. MongoDB - it just did not pass our evaluation parameters as a main data platform. We still use it for smaller purposes, though.
Microsoft Sentinel excels in cloud-native scalability, Microsoft ecosystem integration, and AI-driven threat detection with UEBA and Fusion rules, offering faster deployment and lower costs (48% cheaper per Forrester) than Splunk, QRadar, Exabeam, SentinelOne, Securonix, and Wazuh. It lags in third-party integrations and syslog parsing. Organizations choose Microsoft Sentinel for its cost-effectiveness, automation, and Microsoft synergy, especially in Azure-heavy environments, though Splunk and Exabeam lead in flexibility and UEBA, respectively.
I am not in finance and I suspect even if I was this would be hard to measure. But for sure, Elasticsearch has enabled us to have the most flexible data model in the industry for our customer's data, and in doing so we have attracted many many technical customers and got much of their $$$.
One problem with Elasticsearch is that because it runs on the JVM, there can be some stop-the-world JVM garbage collections happening that can take down nodes and reduce indexing speed. The solution for that tends to be "let's just upgrade the CPU on that machine". And before you know it you are paying $$$ because this'll happen with 40+ machines.
On the other hand, I do think that ES is more efficient than other systems and so it requires fewer nodes to keep it highly tolerant and available, so we probably saved some money that way.
As any cybersecurity product, this has to be more with risk to avoid loss in case of a ransomware that more than relate to a productivity increase. Maybe the impact could be that instead of having people that are checking 24/7 the dashboard, you could implement Sentinel and have less people checking that or people with less expertise. So the saving will be a minor but will be a saving in the cost of your team.