We performed a comparison between Elastic Security and SolarWinds Security Event Manager based on real PeerSpot user reviews.
Find out in this report how the two Security Information and Event Management (SIEM) solutions compare in terms of features, pricing, service and support, easy of deployment, and ROI."Log aggregation and data connectors are the most valuable features."
"Sentinel improved how we investigate incidents. We can create watchlists and update them to align with the latest threat intelligence. The information Microsoft provides enables us to understand thoroughly and improve as we go along. It allows us to provide monthly reports to our clients on their security posture."
"The analytics has a lot of advantages because there are 300 default use cases for rules and we can modify them per our environment. We can create other rules as well. Analytics is a useful feature."
"Free ingestion for Azure logs (with E5 licence)"
"The best functionality that you can get from Azure Sentinel is the SOAR capability. So, you can estimate any type of activity, such as when an alert was triggered or an incident was found."
"The most valuable features in my experience are the UEBA, LDAP, the threat scheduler, and integration with third-party straight perform like the MISP."
"The UI-based analytics are excellent."
"It's easy to use. It's a very good product. It can easily ingest data from anywhere. It has an easily understandable language to perform actions."
"The feature that we have found the most valuable is scalability."
"The most valuable feature for me is Discover."
"It is an extremely stable solution. Stability-wise, I rate the solution a ten out of ten."
"It's not very complicated to install Elastic."
"The most valuable feature is the ability to collect authentication information from service providers."
"The most valuable features are the speed, detail, and visualization. It has the latest standards."
"It's a good platform and the very best in the current market. We looked at the Forester report from December 2022 where it was said to be a leader."
"The most valuable features of Elastic Security are it is open-source and provides a high level of security."
"It has in-depth monitoring capabilities and an easy way for setting up dashboards. I can expand in various areas, or I can reduce areas. It supports different types of breakdowns, filters, and rules. It is very simple for an out-of-the-box type of product. It doesn't take a lot of time to figure it out, which is unlike some of the solutions that I have looked at. It meets all the aspects."
"It's easy to build rules and actions based on the logs and event types we collect with the software."
"The most valuable feature is the reporting."
"The solution helps you monitor database instances, application instances, other customer application things, Linux servers, IBM servers, and Oracle servers."
"It performs network behavior monitoring, log monitoring, and disaster recovery monitoring."
"The most valuable feature is the ease of use for the end user."
"This tool is simple to use."
"Some of the rules are most valuable because you can be notified about various things, such as spyware or things that are going on in the internal network."
"Microsoft Sentinel should provide an alternative query language to KQL for users who lack KQL expertise."
"They can work on the EDR side of things... Every time we need to onboard these kinds of machines into the EDR, we need to do it with the help of Intune, to sync up the devices, and do the configuration. I'm looking for something on the EDR side that will reduce this kind of work."
"Documentation is the main thing that could be improved. In terms of product usage, the documentation is pretty good, but I'd like a lot more documentation on Kusto Query Language."
"The playbook development environment is not as rich as it should be. There are multiple occasions when we face problems while creating the playbook."
"Improvement-wise, I would like to see more integration with third-party solutions or old-school antivirus products that have some kind of logging capability. I wouldn't mind having that exposed within Sentinel. We do have situations where certain companies have bought licensing or have made an investment in a product, and that product will be there for the next two or three years. To be able to view information from those legacy products would be great. We can then better leverage the Sentinel solution and its capabilities."
"I think the number one area of improvement for Sentinel would be the cost."
"Some of the data connectors are outdated, at least the ones that utilize Linux machines for log forwarding. I believe that Microsoft is already working on improving this."
"We'd like to see more connectors."
"The tool should improve its scalability."
"Better integration with third-party APMs would be really good."
"The solution needs to be more reactive to investigations. We need to be able to detect and prevent any attacks before it can damage our infrastructure. Currently, this solution doesn't offer that."
"It would be better if Elastic Security had less storage for data. My customers do not like this. Other vendors have local support in different countries, but Elastic Security doesn't. I would like to have Operational Technology (OT) security in the next release."
"The interface could be more user friendly because it is sometimes hard to deal with."
"The price of this product could be improved, especially the additional costs. I would also like to see better-quality graphics."
"There should be a simulation environment to check whether my Elastic implementation is functioning perfectly fine. Other solutions have their own Android and iOS applications that I can install on my mobile so that I am continuously connected to the SIEM."
"The solution's query building is not that intuitive compared to other solutions."
"One of the drawbacks of being so flexible is that it is also a fairly complicated software application to install, configure, and maintain."
"I would like to have a more customizable dashboard."
"I would like to be able to dig deeper into the visibility of events or incidents to determine whether they are malicious, such as by doing behavior analysis."
"It won't tell you when your backups are failing, but it will give you hints when your database is running on full recovery."
"The product should improve the ease with which you can create event alerts. They are not as hard now but you need to have an easier way."
"I don't think SolarWinds is scalable enough. It is somewhat limited when I need to deploy it across multiple environments in a distributed architecture."
"The reporting could be more robust. It can be a lot more granular and that will make it a lot more useful in comparison to how it is incorporated at the moment."
"It is a very technical program. They can simplify it so that it isn't so hard to deal with."
More SolarWinds Security Event Manager Pricing and Cost Advice →
Elastic Security is ranked 5th in Security Information and Event Management (SIEM) with 59 reviews while SolarWinds Security Event Manager is ranked 20th in Security Information and Event Management (SIEM) with 24 reviews. Elastic Security is rated 7.6, while SolarWinds Security Event Manager is rated 7.8. The top reviewer of Elastic Security writes "A stable and scalable tool that provides visibility along with the consolidation of logs to its users". On the other hand, the top reviewer of SolarWinds Security Event Manager writes "A comprehensive network security with robust technical capabilities, effective threat response, and centralized management". Elastic Security is most compared with Wazuh, Splunk Enterprise Security, IBM Security QRadar, Microsoft Defender for Endpoint and CrowdStrike Falcon, whereas SolarWinds Security Event Manager is most compared with ManageEngine Log360, Splunk Enterprise Security, Wazuh and IBM Security QRadar. See our Elastic Security vs. SolarWinds Security Event Manager report.
See our list of best Security Information and Event Management (SIEM) vendors.
We monitor all Security Information and Event Management (SIEM) reviews to prevent fraudulent reviews and keep review quality high. We do not post reviews by company employees or direct competitors. We validate each review for authenticity via cross-reference with LinkedIn, and personal follow-up with the reviewer when necessary.
