Security Engineer at a manufacturing company with 11-50 employees
Real User
Top 20
2024-11-08T09:34:55Z
Nov 8, 2024
Elastic Stack needs more features similar to other SIEM tools such as Sentinel or the ability to create automations. Additionally, it should facilitate easier manual integration.
Senior Consultant at HGS - Hinduja Global Solutions
Real User
Top 5
2024-08-09T12:26:00Z
Aug 9, 2024
There could be better documentation. They should improve to capture more data because we have to migrate to another vendor called Wazuh, which provides a full-fledged capability compared to Elastic.
Engineering at a security firm with 10,001+ employees
Real User
Top 20
2024-05-28T15:23:00Z
May 28, 2024
Improving integration capabilities, especially with authentication systems, firewalls, and security controls, is a crucial area for improvement in Elastic Stack. Additionally, enhancing functionality to handle large Yara queries more efficiently would be beneficial, as many EDR solutions can run such queries faster than Elastic Stack's current limitations.
Improvements are needed in the solution in areas like SOAR and TIP, where there are certain shortcomings. When it comes to Elastic Stack, it doesn't matter if the product is mature or professional, like the other vendors in the market who offer TIP tools. Elastic Stack needs to have some features similar to the other tools that offer SOAR and TIP functionalities. From an improvement perspective, Elastic Stack's support team should have more people with expertise, and the response time should be minimized. There are no SOC analysts available at Elastic Stack's support team's end to resolve big or major issues. Small issues in the product can be resolved quickly by going to the availability of an online community from Elastic Stack's end, which is friendly and useful. The product lacks automation capabilities, making it an area where improvements are required. The product should also be able to integrate with multiple tools that offer TIP functionalities.
The main issue related to Elastic Stack is in the area of its licensing. The licenses of the product have changed, and the community-driven open-source fork of Elasticsearch has created a lot of issues in terms of compatibility between the products, which is not nice. The aforementioned areas are to be considered for improvement in the product.
From what I have heard about the solution from other sources, I know that there were some issues with pushing data from other sources to Elastic Stack, making it the solution's only shortcoming that needs improvement. When people try to move the data from another source to Elastic Stack for visualization, they face challenges when connecting to Elastic Stack from such different sources. The aforementioned details can be considered for improvement in the solution.
The implementation of dashboards in the solution needs to be made easier. Last year, I implemented dashboards with the help of Docker's compose file, and I had some issues with the ports and configuration since it was kind of complex to implement with Docker. The product's dashboard and maintenance are two areas that need improvement.
Elastic Stack is a comprehensive tool for log management, observability, indexing, and security, widely adopted for managing logs, alert creation, SIEM, SOC, and threat analysis. It integrates with CloudStrike and Endpoint Security, enhancing search capabilities and Application Performance Monitoring.Elastic Stack offers powerful solutions for logging, data storage, and visualization with Kibana. It allows MSSPs to efficiently manage security and assists companies with data analysis. It's...
Elastic Stack needs more features similar to other SIEM tools such as Sentinel or the ability to create automations. Additionally, it should facilitate easier manual integration.
There could be better documentation. They should improve to capture more data because we have to migrate to another vendor called Wazuh, which provides a full-fledged capability compared to Elastic.
Improving integration capabilities, especially with authentication systems, firewalls, and security controls, is a crucial area for improvement in Elastic Stack. Additionally, enhancing functionality to handle large Yara queries more efficiently would be beneficial, as many EDR solutions can run such queries faster than Elastic Stack's current limitations.
The tool's pricing can be improved.
Improvements are needed in the solution in areas like SOAR and TIP, where there are certain shortcomings. When it comes to Elastic Stack, it doesn't matter if the product is mature or professional, like the other vendors in the market who offer TIP tools. Elastic Stack needs to have some features similar to the other tools that offer SOAR and TIP functionalities. From an improvement perspective, Elastic Stack's support team should have more people with expertise, and the response time should be minimized. There are no SOC analysts available at Elastic Stack's support team's end to resolve big or major issues. Small issues in the product can be resolved quickly by going to the availability of an online community from Elastic Stack's end, which is friendly and useful. The product lacks automation capabilities, making it an area where improvements are required. The product should also be able to integrate with multiple tools that offer TIP functionalities.
The main issue related to Elastic Stack is in the area of its licensing. The licenses of the product have changed, and the community-driven open-source fork of Elasticsearch has created a lot of issues in terms of compatibility between the products, which is not nice. The aforementioned areas are to be considered for improvement in the product.
It lacks a clear NDR (Network Detection and Response) feature. If Elastic could enhance this aspect, it would significantly boost its capabilities.
Elastic Stack should work on their dashboards and integration process.
From what I have heard about the solution from other sources, I know that there were some issues with pushing data from other sources to Elastic Stack, making it the solution's only shortcoming that needs improvement. When people try to move the data from another source to Elastic Stack for visualization, they face challenges when connecting to Elastic Stack from such different sources. The aforementioned details can be considered for improvement in the solution.
The implementation of dashboards in the solution needs to be made easier. Last year, I implemented dashboards with the help of Docker's compose file, and I had some issues with the ports and configuration since it was kind of complex to implement with Docker. The product's dashboard and maintenance are two areas that need improvement.