TrustRadius

Graylog vs. NetWitness Cloud SIEM

Overview
ProductRatingMost Used ByProduct SummaryStarting Price
Graylog
Score 8.7 out of 10
N/A
Graylog, headquartered in Houston, offers their eponymous platform for centralized log management that helps users find meaning in data faster so as to take action immediately. Graylog is available via Enterprise and Cloud plans, but also has a Small Business Plan, and an Open (free) plan with limited features.N/A
NetWitness Cloud SIEM
Score 6.1 out of 10
N/A
NetWitness Cloud SIEM delivers log management, retention, and analytics services in a simplified cloud form. It aims t o eliminate traditional deployment and administration requirements with a simple throughput-based licensing model, to make high-quality SIEM quick and easy to acquire without sacrificing capability or power.N/A
Pricing
GraylogNetWitness Cloud SIEM
Editions & Modules
No answers on this topic
No answers on this topic
Offerings
Pricing Offerings
GraylogNetWitness Cloud SIEM
Free Trial
NoNo
Free/Freemium Version
YesNo
Premium Consulting/Integration Services
NoNo
Entry-level Setup FeeNo setup feeNo setup fee
Additional Details
More Pricing Information
Community Pulse
GraylogNetWitness Cloud SIEM
Top Pros
Top Cons
Features
GraylogNetWitness Cloud SIEM
Security Information and Event Management (SIEM)
Comparison of Security Information and Event Management (SIEM) features of Product A and Product B
Graylog
-
Ratings
NetWitness Cloud SIEM
7.6
1 Ratings
3% below category average
Centralized event and log data collection00 Ratings8.01 Ratings
Correlation00 Ratings10.01 Ratings
Event and log normalization/management00 Ratings8.01 Ratings
Deployment flexibility00 Ratings10.01 Ratings
Integration with Identity and Access Management Tools00 Ratings7.01 Ratings
Custom dashboards and workspaces00 Ratings6.01 Ratings
Host and network-based intrusion detection00 Ratings4.01 Ratings
Best Alternatives
GraylogNetWitness Cloud SIEM
Small Businesses
SolarWinds Papertrail
SolarWinds Papertrail
Score 8.8 out of 10
AlienVault USM
AlienVault USM
Score 8.0 out of 10
Medium-sized Companies
SolarWinds Papertrail
SolarWinds Papertrail
Score 8.8 out of 10
Splunk Enterprise
Splunk Enterprise
Score 8.4 out of 10
Enterprises
Splunk Log Observer
Splunk Log Observer
Score 8.6 out of 10
Splunk Enterprise
Splunk Enterprise
Score 8.4 out of 10
All AlternativesView all alternativesView all alternatives
User Ratings
GraylogNetWitness Cloud SIEM
Likelihood to Recommend
7.8
(7 ratings)
7.0
(1 ratings)
Support Rating
3.6
(3 ratings)
-
(0 ratings)
User Testimonials
GraylogNetWitness Cloud SIEM
Likelihood to Recommend
Graylog
For small companies, Graylog is the best solution possible. It's easy to configure and "just works." Above everything else, it's free. The only thing I hold against it is the fact that it's Linux-based. [This] makes sense because Elasticsearch is Linux-based. But Linux adds a layer of complexity that we don't need for something basic as a logging server. I'm pretty sure that we would have had a logging server years earlier if I had to convince quite a few decision-making people to go ahead with it anyway.
Verified User
Anonymous
Read full review
RSA Security
It is really a robust platform that can be heavily customized to suit requirements. Good for advanced hunting and forensics. Robust automation features.
Verified User
Anonymous
Read full review
Pros
Graylog
  • Graylog does a great job of its core function: log aggregation, retention, and searching.
  • Graylog has a very flexible configuration. The backend for storage is Elasticsearch and MongoDB is used to store the configuration. You have to option to make your configuration as simple as possible by storing everything on one box, or you can scale everything out horizontally by using a cluster of Elasticsearch nodes and MongoDB servers with several Graylog servers pointed to all the necessary nodes.
  • Graylog does a good job of abstracting away a fair portion of Elasticsearch index management (sharding, creation, deletion, rotation, etc).
Verified User
Anonymous
Read full review
RSA Security
  • Log collection and parsing.
  • Packet collection and parsing.
  • Enhanched analytics and alerting.
  • Robust integration.
Verified User
Anonymous
Read full review
Cons
Graylog
  • Support for more log sources
  • Event alerts/emails - Some cases where unable to separate data from multiple clients, and no easy fix
  • API - Limits results to 10,000 and can cause server to lockup on queries that exceed the limit
Verified User
Anonymous
Read full review
RSA Security
  • Lacking out of the box best practice templates etc. It relies heavily on customization.
  • Lack of up to date threat feeds.
  • Difficult to learn and use initially.
Verified User
Anonymous
Read full review
Support Rating
Graylog
Community support does not give simple straightforward answers; simply search up Graylog Issues and look at some of the responses on the forums. The documentation is your only hope if you are on the free version, as you can NOT purchase only support. The few times I have worked with Graylog Enterprise support they were great though.
Verified User
Anonymous
Read full review
RSA Security
No answers on this topic
Alternatives Considered
Graylog
In terms of log aggregation, the free product fully stacks up with the competitors listed. Full control over the data ingests for flexible configuration. Graylog even better on that front than AlienVault USM because you cannot configure the variable mapping. We haven't used the threat exchange stuff or correlation. But with regex searches, we have created function dashboards that show threat theater pictures of our network based on logs from our firewall.
JC
Jeremy Cejka
Principal Systems Engineer
Read full review
RSA Security
Best in Class for us, and was a good choice since we already are using a lot of other RSA products(DLP, Archer etc.)
Verified User
Anonymous
Read full review
Return on Investment
Graylog
  • Graylog is just less expensive than some other options which meant it fit into our budget otherwise we might not be able to justify a higher cost.
  • Being able to track issues that we normally couldn't track using other tools is a bonus to help us know of any issues we have and can fix before an outage or failure that could potentially cost money.
  • We have had to spend more time than I would like to understand and customize Graylog which has taken time away from other tasks and projects.
Verified User
Anonymous
Read full review
RSA Security
  • Hard to calculate ROI since it is not revenue based.
  • It is a expensive solution, bit very capable.
Verified User
Anonymous
Read full review
ScreenShots