We performed a comparison between Elastic Security and Google Chronicle Suite based on real PeerSpot user reviews.
Find out in this report how the two Security Information and Event Management (SIEM) solutions compare in terms of features, pricing, service and support, easy of deployment, and ROI."The most valuable feature is the performance because unlike legacy SIEMs that were on-premises, it does not require as much maintenance."
"The SOAR playbooks are Sentinel's most valuable feature. It gives you a unified toolset for detecting, investigating, and responding to incidents. That's what clearly differentiates Sentinels from its competitors. It's cloud-native, offering end-to-end coverage with more than 120 connectors. All types of data logs can be poured into the system so analysis can happen. That end-to-end visibility gives it the advantage."
"It is easy to implement (turn on) - does need a skilled analyst to develop queries and playbooks."
"The data connectors that Microsoft Sentinel provides are easy to integrate when we work with a Microsoft agent."
"The product can integrate with any device."
"Investigations are something really remarkable. We can drill down right to the raw logs by running different queries and getting those on the console itself."
"The most valuable feature is the alert notifications, which are categorized by severity levels: informational, low, medium, and high."
"The connectivity and analytics are great."
"The solution has a good community surrounding it for lots of helpful documentation for troubleshooting purposes."
"The most valuable feature is the ability to collect authentication information from service providers."
"I like that it's a SIEM platform. I like that I can sell Elastic Security quickly. Elastic Security has a large community that can support users."
"It is the best open-source product for people working in SO, managing and analyzing logs."
"Elastic is straightforward, easy to integrate, and highly customizable."
"Elastic Security is very customizable, and the dashboards are very easy to build."
"Just the ability to do a lot more than just up-down is nice, which a lot of people take for granted."
"It's not very complicated to install Elastic."
"The log folder is fairly simple."
"What sets Chronicle apart from other solutions is its emphasis on threat hunting rather than solely serving as a monitoring tool."
"Google Chronicle Suite provides useful APIs."
"The product's most valuable feature is threat hunting. We can detect the threats directly from the console from the past data as well."
"The tool's most valuable feature is the search option, allowing easy navigation."
"The support team is responsive."
"The platform's most valuable features are multiple connectors and data output flexibility regarding dashboards and user experience."
"Google Chronicle Suite is a highly scalable solution with good search capabilities."
"We do have in-built or out-of-the-box metrics that are shown on the dashboard, but it doesn't give the kind of metrics that we need from our environment whereby we need to check the meantime to detect and meantime to resolve an incident. I have to do it manually. I have to pull all the logs or all the alerts that are fed into Sentinel over a certain period. We do this on a monthly basis, so I go into Microsoft Sentinel and pull all the alerts or incidents we closed over a period of thirty days."
"Sentinel's reporting is complex and can be more user-friendly."
"They need to work with other security vendors. For example, we replaced our email gateway with Symantec, but we couldn't collect these logs with Azure Sentinel. Instead of collecting these logs with Azure Sentinel, we are collecting them on Qradar. We couldn't do it with Sentinel, which is a problem for us."
"Not all information shows up in Sentinel. Sometimes there are items provided in 365 and if you looked in Sentinel you would not see them and therefore think they do not exist. There can be discrepancies between Microsoft tools."
"The data connectors for third-party tools could be improved, as some aren't available in Sentinel. They need to be available in the data connector panel."
"I would like to see more AI used in processes."
"Sentinel should be improved with more connectors. At the moment, it only covers a few vendors. If I remember correctly, only 100 products are supported natively in Sentinel, although you can connect them with syslog. But Microsoft should increase the number of native connectors to get logs into Sentinel."
"Sentinel still has some anomalies. For example, sometimes when we write a query for log analysis with KQL, it doesn't give us the data in a proper way... Also, the fields or columns could be improved. Sometimes, it is not giving the desired results and there is a blank field."
"We're using the open-source edition, for now, I think maybe they can allow their OLED plugin to be open source, as at the moment it is commercialised."
"I would like more ways to manage permissions and restrict access to certain users."
"Elastic Security has a steep learning curve, so it takes some time to tune it and set it up for your environment. There are some costs associated with logging things that don't have value. So you need to be cautious to only log things that make sense and keep them around for as long as you need. You shouldn't hold onto things just because you think you might need them."
"Sometimes, the solution isn't the easiest to use."
"The interface could be more user friendly because it is sometimes hard to deal with."
"Upgrades currently released as stacks when it should be a plugin or an extension to save removal and reinstallation."
"If the documentation were improved and made more clear for beginners, or even professionals, then we would be more attracted to this solution."
"If you compare this with CrowdStrike or Carbon Black, they can improve."
"In terms of improvement, the UI can be a bit challenging for beginners."
"The tool needs to improve tasking packages. Its GUI needs to be improved. The product needs to include time-based filtration. We can only see the alert detection timeline now."
"The solution's graphical user interface (GUI) should be more user-friendly."
"The tool is complicated for a first-time user. It should also include newer APIs."
"The product's default dashboard feature has a few limitations regarding availability."
"The tool is a little bit difficult to use compared to Microsoft Sentinel."
"A few areas are difficult to understand for someone who has less experience using the product."
"The configuration is not optimal."
Elastic Security is ranked 5th in Security Information and Event Management (SIEM) with 59 reviews while Google Chronicle Suite is ranked 28th in Security Information and Event Management (SIEM) with 8 reviews. Elastic Security is rated 7.6, while Google Chronicle Suite is rated 7.8. The top reviewer of Elastic Security writes "A stable and scalable tool that provides visibility along with the consolidation of logs to its users". On the other hand, the top reviewer of Google Chronicle Suite writes "Swiftly navigates and analyzes extensive datasets without significant delays ". Elastic Security is most compared with Wazuh, Splunk Enterprise Security, IBM Security QRadar, Microsoft Defender for Endpoint and CrowdStrike Falcon, whereas Google Chronicle Suite is most compared with Splunk Enterprise Security, AWS Security Hub, Sentinel, IBM Security QRadar and Rapid7 InsightIDR. See our Elastic Security vs. Google Chronicle Suite report.
See our list of best Security Information and Event Management (SIEM) vendors.
We monitor all Security Information and Event Management (SIEM) reviews to prevent fraudulent reviews and keep review quality high. We do not post reviews by company employees or direct competitors. We validate each review for authenticity via cross-reference with LinkedIn, and personal follow-up with the reviewer when necessary.
