We performed a comparison between Elastic Security and Snare based on real PeerSpot user reviews.
Find out in this report how the two Log Management solutions compare in terms of features, pricing, service and support, easy of deployment, and ROI."The most valuable feature is the alert notifications, which are categorized by severity levels: informational, low, medium, and high."
"The initial setup is very simple and straightforward."
"The solution has features that helped improve the security posture of our clients. It provides the ability to correlate a large variety of log sources very cost-effectively, especially for Microsoft sources."
"Sentinel's most important feature is the ability to centralize all the logs in one place. There's no need to search multiple systems for information."
"The log analysis is excellent; it can predict what can or will happen regarding use patterns and vulnerabilities."
"One of the most valuable features is that it creates a kind of a single pane of glass for organizations that already use Microsoft software. So, when they have things like Microsoft 365, it is very easy for them to kind of plug in or enroll those endpoints into the Azure Sentinel service."
"I like the KQL query. It simplifies getting data from the table and seeing the logs. All you need to know are the table names. It's quite easy to build use cases by using KQL."
"The most valuable features in my experience are the UEBA, LDAP, the threat scheduler, and integration with third-party straight perform like the MISP."
"The most valuable features of the solution are the prevention methods and the incident alerts."
"What customers found most valuable in Elastic Security feature-wise is the search capability, in particular, the way of writing the search query and the speed of searching for results."
"Elastic Security is a highly flexible platform that can be implemented anywhere."
"It is the best open-source product for people working in SO, managing and analyzing logs."
"Enables monitoring of application performance and the ability to predict behaviors."
"The performance is good and it is faster than IBM QRadar."
"The most valuable feature is the search function, which allows me to go directly to the target to see the specific line a customer is searching for."
"We like Elastic Security because it's a REST API-based solution. That's the primary reason we use it."
"The best thing about Snare is its format and consistency."
"Snare has good agents, especially for Windows."
"The most valuable feature of Snare is flexibility or the ability to filter all things you don't want and don't have security value."
"Improvement-wise, I would like to see more integration with third-party solutions or old-school antivirus products that have some kind of logging capability. I wouldn't mind having that exposed within Sentinel. We do have situations where certain companies have bought licensing or have made an investment in a product, and that product will be there for the next two or three years. To be able to view information from those legacy products would be great. We can then better leverage the Sentinel solution and its capabilities."
"The KQL query does not function effectively with Windows 11 machines, and in the majority of machine-based investigations, KQL queries are essential for organizing the data during investigations."
"For certain vendors, some of the data that Microsoft Sentinel captures is redacted due to privacy reasons."
"The following would be a challenge for any product in the market, but we have some in-house apps in our environment... our apps were built with different parameters and the APIs for them are not present in Sentinel. We are working with Microsoft to build those custom APIs that we require. That is currently in progress."
"Some of the data connectors are outdated, at least the ones that utilize Linux machines for log forwarding. I believe that Microsoft is already working on improving this."
"The on-prem log sources still require a lot of development."
"We do see continuous improvement all the time, however, I haven't got a specific feature that is lacking or not well designed."
"The built-in SOAR is not really good out-of-the-box. The SOAR relies on logic apps and you almost need to have some kind of developer background to be able to make these logic apps. Most security people cannot develop anything..."
"Technical support could respond faster."
"They don't provide user authentication and authorisation features (Shield) as a part of their open-source version."
"Upgrades currently released as stacks when it should be a plugin or an extension to save removal and reinstallation."
"Sometimes, the solution isn't the easiest to use."
"Elastic Security could improve the documentation. It would help if they were more simple and clean."
"With Elastic Security, the challenge arises from the fact that there is a learning curve in relation to queries and understanding the query language provided to extract usable data."
"We'd like better premium support."
"In terms of what could be improved with Elastic, in some use cases, especially on the advanced level, they are not ready made, so you'll have to write some scripts."
"The solution is now developing a SIEM-like feature on Snare Central Server, but it's not complete yet."
"Snare should modernize its GUI a little bit."
"Users will initially find it difficult to identify the event types and installation in Snare."
Elastic Security is ranked 5th in Log Management with 59 reviews while Snare is ranked 41st in Log Management with 3 reviews. Elastic Security is rated 7.6, while Snare is rated 8.0. The top reviewer of Elastic Security writes "A stable and scalable tool that provides visibility along with the consolidation of logs to its users". On the other hand, the top reviewer of Snare writes "A highly scalable solution that is easy to manage and super easy to set up". Elastic Security is most compared with Wazuh, Splunk Enterprise Security, IBM Security QRadar, Microsoft Defender for Endpoint and CrowdStrike Falcon, whereas Snare is most compared with Splunk Enterprise Security, syslog-ng, SolarWinds Kiwi Syslog Server and LogRhythm SIEM. See our Elastic Security vs. Snare report.
See our list of best Log Management vendors and best Security Information and Event Management (SIEM) vendors.
We monitor all Log Management reviews to prevent fraudulent reviews and keep review quality high. We do not post reviews by company employees or direct competitors. We validate each review for authenticity via cross-reference with LinkedIn, and personal follow-up with the reviewer when necessary.