Likelihood to Recommend Elasticsearch is a really scalable solution that can fit a lot of needs, but the bigger and/or those needs become, the more understanding & infrastructure you will need for your instance to be running correctly. Elasticsearch is not problem-free - you can get yourself in a lot of trouble if you are not following good practices and/or if are not managing the cluster correctly. Licensing is a big decision point here as Elasticsearch is a middleware component - be sure to read the licensing agreement of the version you want to try before you commit to it. Same goes for long-term support - be sure to keep yourself in the know for this aspect you may end up stuck with an unpatched version for years.
Read full review XSOAR is well suited for phishing detection and response. Phishing alerts are as much of a problem today as they were decades ago. This is because: ●Attackers Can leverage automation to launch high-quantity phishing attacks with the click of a button. ●Spear Phishing attacks are sophisticated and sometimes indistinguishable from real emails, resulting in compromise through human error. ●Security Teams aren’t able to follow set processes while responding to phishing alerts. They must coordinate across email inboxes, threat intel, NGFW, ticketing, and other tools. Each tool has different consoles, data conventions, and contexts, making it difficult for security teams to fill in the gaps while minimizing errors. XSOAR is less suited for analyzing traffic.
Read full review Pros As I mentioned before, Elasticsearch's flexible data model is unparalleled. You can nest fields as deeply as you want, have as many fields as you want, but whatever you want in those fields (as long as it stays the same type), and all of it will be searchable and you don't need to even declare a schema beforehand! Elastic, the company behind Elasticsearch, is super strong financially and they have a great team of devs and product managers working on Elasticsearch. When I first started using ES 3 years ago, I was 90% impressed and knew it would be a good fit. 3 years later, I am 200% impressed and blown away by how far it has come and gotten even better. If there are features that are missing or you don't think it's fast enough right now, I bet it'll be suitable next year because the team behind it is so dang fast! Elasticsearch is really, really stable. It takes a lot to bring down a cluster. It's self-balancing algorithms, leader-election system, self-healing properties are state of the art. We've never seen network failures or hard-drive corruption or CPU bugs bring down an ES cluster. Read full review Automation with immediate security responses. Comprehensive phishing protection and increased email protection. Analysis and reporting feature. Intuitive and easy-to-view panels. Alerts by email and sms of incidents for the administration. Centralized monitoring. Read full review Cons Joining data requires duplicate de-normalized documents that make parent child relationships. It is hard and requires a lot of synchronizations Tracking errors in the data in the logs can be hard, and sometimes recurring errors blow up the error logs Schema changes require complete reindexing of an index Read full review The XSOAR bot creates a lot of noise on the summary page of any XSOAR incident. Although the filter is available to reduce the view, by default this should not be visible cluttering the whole scenario. The interface has too much data on a single pane. I would love to have many buttons to just click and do stuff. Also, I would love to have search areas more interactive and easier to navigate. Read full review Likelihood to Renew We're pretty heavily invested in ElasticSearch at this point, and there aren't any obvious negatives that would make us reconsider this decision.
Read full review It has proven to be far to valuable and effective to consider getting rid of it. Until something better comes along, this is staying in our product stack.
Read full review Usability To get started with Elasticsearch, you don't have to get very involved in configuring what really is an incredibly complex system under the hood. You simply install the package, run the service, and you're immediately able to begin using it. You don't need to learn any sort of query language to add data to Elasticsearch or perform some basic searching. If you're used to any sort of RESTful API, getting started with Elasticsearch is a breeze. If you've never interacted with a RESTful API directly, the journey may be a little more bumpy. Overall, though, it's incredibly simple to use for what it's doing under the covers.
Read full review Support Rating We've only used it as an opensource tooling. We did not purchase any additional support to roll out the elasticsearch software. When rolling out the application on our platform we've used the documentation which was available online. During our test phases we did not experience any bugs or issues so we did not rely on support at all.
Read full review Implementation Rating Do not mix data and master roles. Dedicate at least 3 nodes just for Master
Read full review It was much easier than we all anticipated.
Read full review Alternatives Considered As far as we are concerned, Elasticsearch is the gold standard and we have barely evaluated any alternatives. You could consider it an alternative to a relational or NoSQL database, so in cases where those suffice, you don't need Elasticsearch. But if you want powerful text-based search capabilities across large data sets, Elasticsearch is the way to go.
Read full review The quantity of integrations with security solutions is highest in Palo Alto Solution. The capacity to identify anomalous events is much better in Palo Alto Networks Cortex XSOAR. The flexibility of increased storage area is better as well. The dashboard is very intuitive about showing the most important incidents and how to resolve them.
Read full review Return on Investment We have had great luck with implementing Elasticsearch for our search and analytics use cases. While the operational burden is not minimal, operating a cluster of servers, using a custom query language, writing Elasticsearch-specific bulk insert code, the performance and the relative operational ease of Elasticsearch are unparalleled. We've easily saved hundreds of thousands of dollars implementing Elasticsearch vs. RDBMS vs. other no-SQL solutions for our specific set of problems. Read full review Demisto has Eased malware analysis and threat hunting With Demisto, it is simple to create playbooks and scripts This is helped automate policy configurations on our PA firewalls through Panorama Read full review ScreenShots