No more typing reviews! Try our Samantha, our new voice AI agent.

Devo vs Rapid7 InsightIDR comparison

 

Comparison Buyer's Guide

Executive SummaryUpdated on Sep 18, 2024

Review summaries and opinions

We asked business professionals to review the solutions they use. Here are some excerpts of what they said:
 

Categories and Ranking

Devo
Ranking in Security Information and Event Management (SIEM)
27th
Average Rating
8.4
Reviews Sentiment
6.6
Number of Reviews
25
Ranking in other categories
Log Management (27th), IT Operations Analytics (7th), AIOps (19th)
Rapid7 InsightIDR
Ranking in Security Information and Event Management (SIEM)
25th
Average Rating
8.4
Reviews Sentiment
7.0
Number of Reviews
32
Ranking in other categories
User Entity Behavior Analytics (UEBA) (11th), Endpoint Detection and Response (EDR) (47th), Threat Deception Platforms (6th), Extended Detection and Response (XDR) (28th)
 

Mindshare comparison

As of July 2026, in the Security Information and Event Management (SIEM) category, the mindshare of Devo is 1.2%, up from 1.1% compared to the previous year. The mindshare of Rapid7 InsightIDR is 2.2%, down from 2.6% compared to the previous year. It is calculated based on PeerSpot user engagement data.
Security Information and Event Management (SIEM) Mindshare Distribution
ProductMindshare (%)
Rapid7 InsightIDR2.2%
Devo1.2%
Other96.6%
Security Information and Event Management (SIEM)
 

Featured Reviews

FR
Strategic Account Executive at a computer software company with 51-200 employees
Has improved investigative workflows with interactive dashboards and simplified data correlation
The data analytics cloud component focuses on real-time analytics, which is very impressive. The SIEM collects and correlates logs data from different sources and can integrate with ServiceNow, hardware asset management, and software asset management. The security orchestration, automation, and response (SOAR) is another valuable feature. The security data platform serves as the foundation of Devo. Regarding advanced query capabilities, Devo offers several models including query logs, visual query builder, language integrated query, and SQL, with SQL being the most frequently used querying data capability. The single pane of glass that Devo offers is the SOC. The tools in Devo's active ports are for investigating, not just viewing data. They are more interactive than other market solutions. The drill-down reports capabilities allow analysts to click on any element in a widget. When they see a spike in a line chart for a failed login, which could be a true or false attempt, they can click that spike, and a table widget on the same active board instantly populates with raw logs of data for those specific failed logins. This is particularly important for enterprise companies with numerous endpoints and users. The dynamic filtering of inputs significantly reduces the time cybersecurity analysts spend trying to figure out failed logins and identifying false positives.
SohailHyder - PeerSpot reviewer
Head Of Cyber Security at Super Secure
Has supported compliance needs for mid-sized organizations but lacks customization and advanced integration
If we pitch Rapid7 InsightIDR against solutions such as SIEMs from Splunk or LogRhythm, it is not as customizable as a SIEM solution is. This is where it can improve if we keep in front the feature sets of a complete SIEM solution. Most common in the market is QRadar, but it is depleting now. It has been taken over by some other products such as Splunk and LogRhythm. If we compare these things with Rapid7 InsightIDR, then there are definitely some gaps that need to be filled. Data retention is also one concern because Rapid7 InsightIDR is cloud-based and operates on a subscription model. Whatever data you want to retain, it has to be paid for separately or it has a cost. Other solutions that are on-premises can have their own infrastructure or they provide some data retention for a month or in some capacity-wise, they provide that solution to them which makes them more attractive.

Quotes from Members

We asked business professionals to review the solutions they use. Here are some excerpts of what they said:
 

Pros

"The most valuable feature is definitely the ability that Devo has to ingest data. From the previous SIEM that I came from and helped my company administer, it really was the type of system where data was parsed on ingest. This meant that if you didn't build the parser efficiently or correctly, sometimes that would bring the system to its knees. You'd have a backlog of processing the logs as it was ingesting them."
"The thing that Devo does better than other solutions is to give me the ability to write queries that look at multiple data sources and run fast. Most SIEMs don't do that. And I can do that by creating entity-based queries. Let's say I have a table which has Okta, a table which has G Suite, a table which has endpoint telemetry, and I have a table which has DNS telemetry. I can write a query that says, 'Join all these things together on IP, and where the IP matches in all these tables, return to me that subset of data, within these time windows.' I can break it down that way."
"Devo has a really good website for creating custom configurations."
"Being able to build and modify dashboards on the fly with Activeboards streamlines my analyst time because my analysts aren't doing it across spreadsheets or five different tools to try to build a timeline out themselves. They can just ingest it all, build a timeline out across all the logging, and all the different information sources in one dashboard. So, it's a huge time saver. It also has the accuracy of being able to look at all those data sources in one view. The log analysis, which would take 40 hours, we can probably get through it in about five to eight hours using Devo."
"The most powerful feature is the way the data is stored and extracted. The data is always stored in its original format and you can normalize the data after it has been stored."
"More than anything, we have seen ROI in the amount of time saved during investigations."
"One of the biggest features of the UI is that you see the actual code of what you're doing in the graphical user interface, in a little window on the side. Whatever you're doing, you see the code, what's happening. And you can really quickly switch between using the GUI and using the code. That's really useful."
"Devo's speed and performance allows us to query in real-time and keep up with what is actually happening on the network, then respond effectively to events."
"Rapid7 InsightIDR is budget-friendly and has a good market position because not everybody can afford to go for LogRhythm or Splunk or QRadar."
"InsightIDR helps us investigate an environment to discover information about incidents."
"The solution provides satisfying native integration features"
"I definitely recommend Rapid7 InsightIDR."
"The solution is easy to use, and the interface is intuitive."
"The solution is very intuitive, it's easy to set up, is absolutely stable, and has a lot of integration with other security products."
"The most valuable features have to do with ease-of-use, as it is easy to check the events, investigate suspicious activities, and do forensic analysis, and the web interface is great — very useful and user-friendly."
"InsightIDR has allowed us to find potential security issues that we did not know existed, and get remediation quickly."
 

Cons

"They can improve their AI capabilities"
"There's room for improvement within the GUI. There is also some room for improvement within the native parsers they support. But I can say that about pretty much any solution in this space."
"The cost is a little higher compared to other tools such as DataDog or Elasticsearch, so they could work on reducing costs."
"One major area for improvement for Devo... is to provide more capabilities around pre-built monitoring. They're working on integrations with different types of systems, but that integration needs to go beyond just onboarding to the platform. It needs to include applications, out-of-the-box, that immediately help people to start monitoring their systems. Such applications would include dashboards and alerts, and then people could customize them for their own needs so that they aren't starting from a blank slate."
"Technical support could be better."
"Where Devo has room for improvement is the data ingestion and parsing. We tend to have to work with the Devo support team to bring on and ingest new sources of data."
"There is room for improvement in the ability to parse different log types. I would go as far as to say the product is deficient in its ability to parse multiple, different log types, including logs from major vendors that are supported by competitors. Additionally, the time that it takes to turn around a supported parser for customers and common log source types, which are generally accepted standards in the industry, is not acceptable. This has impacted customer onboarding and customer relationships for us on multiple fronts."
"There are some issues from an availability and functionality standpoint, meaning the tool is somewhat slow. There were some slow response periods over the past six to nine months, though it has yet to impact us terribly as we are a relatively small shop. We've noticed it, however, so Devo could improve the responsiveness."
"Currently, it lacks the functionalities provided by Rapid7's User Behavior Analytics (UBA)."
"The ability to tune the collector for custom logs would greatly help."
"I'd like to see a mobile application included and some feature related to the generality of segregation for internal users that access the application."
"It would be useful to import threat intelligence in YARA format along with known incorrect email addresses.​"
"It takes time for the product's support team to resolve issues, making it an area of concern where improvements are required."
"Rapid7 InsightIDR is not intuitive to search for logs. It should be more user-friendly and improve the dashboards. We should be able to use ready-made templates instead of having to build one."
"One of the things that could be better is digital forensics. It is there, but it can be better. They could provide more on the endpoint detection level."
"One thing that springs to mind is easier API integration with ITSMs. We are evaluating a new ITSM and I would like to have InsightIDR create a ticket when an attack is identified, and the ticket would be closed in InsightIDR when the ITSM resolution is completed. This would take out the "single point of failure" we currently have, if the email recipient is somehow absent, in recording the risk appetite for the incident and the actions taken to mitigate or not."
 

Pricing and Cost Advice

"It's very competitive. That was also a primary draw for us. Some of the licensing models with solutions like Splunk and Sentinel were attractive upfront, but there were so many micro-charges and services we would've had to add on to make them what we wanted. We had to include things like SOAR and extended capabilities, whereas all those capabilities are completely included with the Devo platform. I haven't seen any additional fee."
"I rate the pricing a four on a scale of one to ten, where one is cheap, and ten is expensive."
"The way Devo prices things is based on the amount of data, and I wish the tiers had more granularity. Maybe at this point they do, but when we first negotiated with them, there were only three or four tiers."
"[Devo was] in the ballpark with at least a couple of the other front-runners that we were looking at. Devo is a good value and, given the quality of the product, I would expect to pay more."
"Be cautious of metadata inclusion for log types in pricing, as there are some "gotchas" with that."
"We have an OEM agreement with Devo. It is very similar to the standard licensing agreement because we are charged in the same way as any other customer, e.g., we use the backroom."
"Devo is definitely cheaper than Splunk. There's no doubt about that. The value from Devo is good. It's definitely more valuable to me than QRadar or LogRhythm or any of the old, traditional SIEMs."
"I like the pricing very much. They keep it simple. It is a single price based on data ingested, and they do it on an average. If you get a spike of data that flows in, they will not stick it to you or charge you for that. They are very fair about that."
"It is on a yearly basis. For our own company, for about 250 users, it was 16,000 euros a year."
"It is a reasonably priced solution."
"Rapid7 InsightIDR's pricing is reasonable but we have challenges with the Minimum Order Quantity. It is not reasonable for customers who have less than one hundred devices. If they can reduce Minimum Order Quantity, it is good. You have to pay around 5000-6000 dollars per year for the product. The pricing includes maintenance and support costs."
"Licensing is straightforward. If, for some reason, you don’t meet the minimum licensing requirements, there is a third-party managed service that can help."
"The team is very willing to work with companies. My suggestion is to call the Rapid7 sales department and see how they can help.​"
"Rapid7 InsightIDR is priced very well and is cost-effective."
"I rate Rapid7 InsightIDR's price a four on a scale of one to ten, where one is cheap, and ten is expensive."
"The solution has a mid-range price point in the market"
report
Use our free recommendation engine to learn which Security Information and Event Management (SIEM) solutions are best for your needs.
903,118 professionals have used our research since 2012.
 

Top Industries

By visitors reading reviews
Financial Services Firm
14%
Construction Company
10%
Manufacturing Company
8%
Computer Software Company
7%
Manufacturing Company
9%
Financial Services Firm
9%
Computer Software Company
8%
Comms Service Provider
7%
 

Company Size

By reviewers
Large Enterprise
Midsize Enterprise
Small Business
By reviewers
Company SizeCount
Small Business9
Midsize Enterprise5
Large Enterprise12
By reviewers
Company SizeCount
Small Business21
Midsize Enterprise5
Large Enterprise6
 

Questions from the Community

What is your experience regarding pricing and costs for Devo?
Pricing generally depends on the scale, data ingestion requirements, and integrations for what the enterprise monitoring needs. I have not been part of the procurement process, so I am not aware of...
What needs improvement with Devo?
One improvement area for Devo could be simplifying some configuration and improving the onboarding for new analysts because it is quite complex for fresher or new analysts who are handling Devo.UI ...
What is your primary use case for Devo?
Devo serves as our centralized log monitoring, threat investigation, alert monitoring, and security analytics platform. We use it to collect logs from multiple systems so we can correlate the event...
What SOC product do you recommend?
For tools I’d recommend: -SIEM- LogRhythm -SOAR- Palo Alto XSOAR Doing commercial w/o both (or at least an XDR) is asking to miss details that are critical, and ending up a statistic. Also, rememb...
What needs improvement with Rapid7 InsightIDR?
If we pitch Rapid7 InsightIDR against solutions such as SIEMs from Splunk or LogRhythm, it is not as customizable as a SIEM solution is. This is where it can improve if we keep in front the feature...
What is your primary use case for Rapid7 InsightIDR?
I am working with Rapid7 InsightOps and Rapid7 InsightIDR because the requirement is as such from the customer side, particularly the banks. Whatever the requirement is, these are the products that...
 

Also Known As

No data available
InsightIDR
 

Overview

 

Sample Customers

United States Air Force, Rubrik, SentinelOne, Critical Start, NHL, Panda Security, Telefonica, CaixaBank, OpenText, IGT, OneMain Financial, SurveyMonkey, FanDuel, H&R Block, Ulta Beauty, Manulife, Moneylion, Chime Bank, Magna International, American Express Global Business Travel
Liberty Wines, Pioneer Telephone, Visier
Find out what your peers are saying about Devo vs. Rapid7 InsightIDR and other solutions. Updated: June 2026.
903,118 professionals have used our research since 2012.