We performed a comparison between Graylog Security and Microsoft Defender XDR based on real PeerSpot user reviews.
Find out what your peers are saying about Splunk, Microsoft, Wazuh and others in Security Information and Event Management (SIEM)."We use the solution to collect logs."
"The tool aggregates logs. We can see the logs in one place."
"Scanning, vulnerability reporting, and the dashboard are the most valuable features."
"My clients like Defender's file integrity monitoring. They're monitoring Windows and Linux system files."
"The EDR and the way it automatically responds to ransomware and other attacks are valuable features."
"The best feature is probably the alert generation. When I do a security reset, the other session triggers instantly from the Defender console, and I can work on it. The policies are three times, but they are also ready to install it."
"The unified view of the threat landscape on a central dashboard is the most valuable feature."
"We can automate routine tasks and write scripts to carry out difficult tasks, which makes things easier for us."
"The integration with other Microsoft solutions is the most valuable feature."
"The summarization of emails is a valuable feature."
"Graylog Security needs to incorporate security scorecards."
"There are a few technical issues with Defender XDR that can be improved. Sometimes, the endpoint devices are not reporting properly to the Defender 365 portal. When you're getting all the information from the Microsoft portal, the devices are sometimes not in sync. We have hundreds of endpoint devices, some needing to be onboarded again."
"The advanced threat-hunting capabilities are phenomenal, and the security copilot enhances that, but some data elements could be better or have more context inside of the advanced tables themselves. The schemas feel a little limited to what they're building into the product. It's probably just a maturity thing. I imagine we'll see the features I want in the next year."
"Defender also lacks automated detection and response. You need to resolve issues manually. You can manage multiple Microsoft security products from a single portal, and all your security recommendations are in one place. It's easy to understand and manage. However, I wouldn't say Defender is a single pane of glass. You still need to switch between all of the available Microsoft tools. You can see all the alerts in one panel, but you can't automate remediation."
"365 Defender has multiple subsets, including Defender for Cloud Apps. When integrating Defender for Cloud Apps with apps on third-party cloud platforms like AWS or GCP, there are limitations on our ability to control user activities. If Microsoft added more control over third-party products, that would be a game-changer and help us quite a lot."
"Automated playbooks and automated dashboards would be preferable to the way the data is currently being presented."
"In the future, it would be beneficial for Microsoft to consider making the product more user-friendly or simplified for those who are interested in using it. Currently, it requires a high level of technical expertise, making it challenging for beginners or less experienced individuals."
"The licensing is a nightmare and has room for improvement."
"The support team is not competent or responsive."
Graylog Security is ranked 34th in Security Information and Event Management (SIEM) with 2 reviews while Microsoft Defender XDR is ranked 5th in Extended Detection and Response (XDR) with 80 reviews. Graylog Security is rated 8.6, while Microsoft Defender XDR is rated 8.4. The top reviewer of Graylog Security writes "Helps to collect logs and pricing is cheap ". On the other hand, the top reviewer of Microsoft Defender XDR writes "Includes four services and four products, which can help organizations a lot". Graylog Security is most compared with Wazuh, whereas Microsoft Defender XDR is most compared with CrowdStrike Falcon, Microsoft Defender for Cloud, Microsoft Purview Compliance Manager, Wazuh and Trend Vision One.
We monitor all Security Information and Event Management (SIEM) reviews to prevent fraudulent reviews and keep review quality high. We do not post reviews by company employees or direct competitors. We validate each review for authenticity via cross-reference with LinkedIn, and personal follow-up with the reviewer when necessary.
