Elastic Agent
ElasticReviews from AWS customer
0 AWS reviews
-
5 star0
-
4 star0
-
3 star0
-
2 star0
-
1 star0
External reviews
23 reviews
from
External reviews are not included in the AWS star rating for the product.
Blazing-Fast KQL/ES|QL and Unified Telemetry with Elastic Defend
What do you like best about the product?
The standout feature of Elastic Security is the speed and flexibility of KQL and ES|QL. In high-stakes threat hunts, being able to pivot through massive datasets with near-instant results is critical. The native integration of Elastic Defend is a close second; having endpoint telemetry and SIEM logs in a single schema (ECS) eliminates the "translation tax" usually required when mapping disparate data sources. While the AI Assistant is a great efficiency booster for generating complex queries, the true value lies in the platform’s customizability.
What do you dislike about the product?
One of the primary challenges with Elastic Security is the heavy administrative overhead required to maintain a healthy environment. Unlike "set-and-forget" SaaS solutions, Elastic requires constant "care and feeding" of ingest pipelines, index lifecycle management (ILM), and shard mapping. If the mapping isn't perfect, you run into mapping explosions or unparsed fields that can render critical logs invisible during a hunt. This complexity often turns a Threat Analyst into a part-time Data Engineer just to ensure the data is searchable.
Another significant pain point is the steep learning curve of the newer query languages. While ES|QL is powerful, the transition from KQL or Lucene creates a temporary efficiency gap for the team. Additionally, the licensing and resource consumption can be unpredictable; since pricing is based on compute and storage (RAM/CPU) rather than just data volume or seats, a poorly written query by a junior analyst or a sudden spike in log volume can lead to performance degradation or unexpected scaling costs that are difficult to budget for in a large-scale SOC.
Finally, the native SOAR capabilities still feel somewhat immature compared to dedicated platforms. While basic automated actions exist, building complex, multi-step response playbooks—especially those involving third-party integrations outside the Elastic ecosystem—can be clunky and often requires external tools to achieve true automation. For a high-tier DFIR workflow, the built-in case management also lacks some of the deeper forensic documentation features needed for evidence chain-of-custody, forcing us to rely on external platforms for formal reporting.
Another significant pain point is the steep learning curve of the newer query languages. While ES|QL is powerful, the transition from KQL or Lucene creates a temporary efficiency gap for the team. Additionally, the licensing and resource consumption can be unpredictable; since pricing is based on compute and storage (RAM/CPU) rather than just data volume or seats, a poorly written query by a junior analyst or a sudden spike in log volume can lead to performance degradation or unexpected scaling costs that are difficult to budget for in a large-scale SOC.
Finally, the native SOAR capabilities still feel somewhat immature compared to dedicated platforms. While basic automated actions exist, building complex, multi-step response playbooks—especially those involving third-party integrations outside the Elastic ecosystem—can be clunky and often requires external tools to achieve true automation. For a high-tier DFIR workflow, the built-in case management also lacks some of the deeper forensic documentation features needed for evidence chain-of-custody, forcing us to rely on external platforms for formal reporting.
What problems is the product solving and how is that benefiting you?
Elastic Security effectively solves the problem of data siloization and "the translation tax." In traditional environments, analysts often have to jump between EDR consoles for endpoint artifacts and a separate SIEM for network logs, manually correlating timestamps and hostnames. Elastic consolidates this via the Elastic Common Schema (ECS), providing a unified view of the entire attack surface. For me, this has been a game-changer during complex investigations—such as the recent UNC3886 threat hunt—because it allows me to pivot from a suspicious process tree directly to related network connections or cloud audit logs without losing context or wasting time normalizing data manually.
The platform also addresses the issue of investigative latency through its high-performance search capabilities and the introduction of ES|QL. By solving the bottleneck of slow query returns on massive historical datasets, Elastic allows me to perform iterative "what-if" hunting at scale. This benefits me by significantly reducing our Mean Time to Detect (MTTD); I can test a hypothesis against months of telemetry in seconds rather than hours. This speed, combined with Automated Response Actions like host isolation, empowers me to transition instantly from discovery to containment, which is critical when dealing with advanced persistent threats that move laterally with high velocity.
Finally, Elastic helps bridge the analytical resource gap with its AI-driven assistants and pre-built detection rules mapped to the MITRE ATT&CK framework. By automating the "low-level" detection of known TTPs, the platform solves the problem of alert fatigue, freeing up my time to focus on high-tier DFIR work and strategic threat modeling. This benefits my career and the organization by shifting our posture from basic log monitoring to a sophisticated, hunt-centric operation where we are looking for the "unknown unknowns" rather than just triaging endless commodity malware alerts.
The platform also addresses the issue of investigative latency through its high-performance search capabilities and the introduction of ES|QL. By solving the bottleneck of slow query returns on massive historical datasets, Elastic allows me to perform iterative "what-if" hunting at scale. This benefits me by significantly reducing our Mean Time to Detect (MTTD); I can test a hypothesis against months of telemetry in seconds rather than hours. This speed, combined with Automated Response Actions like host isolation, empowers me to transition instantly from discovery to containment, which is critical when dealing with advanced persistent threats that move laterally with high velocity.
Finally, Elastic helps bridge the analytical resource gap with its AI-driven assistants and pre-built detection rules mapped to the MITRE ATT&CK framework. By automating the "low-level" detection of known TTPs, the platform solves the problem of alert fatigue, freeing up my time to focus on high-tier DFIR work and strategic threat modeling. This benefits my career and the organization by shifting our posture from basic log monitoring to a sophisticated, hunt-centric operation where we are looking for the "unknown unknowns" rather than just triaging endless commodity malware alerts.
Great Authentication Flexibility, but Anonymous Login Needs Manual Disabling
What do you like best about the product?
Elastic xpack secqurity is great for connecting with multipule domain controller or various authentication methord
What do you dislike about the product?
its still have some drawback like anonymous login ,sepratly need to disable otherwise it will be vernable
What problems is the product solving and how is that benefiting you?
Access control you can have role based access , even you can control fileds level access using kibana role manager
Essential for Our Linux Security
What do you like best about the product?
I really appreciate that Elastic Security provides great insight into our system. We can perform good analyses because we run a SOC without direct access to the machines, and for that, the defend function is very useful. Also, the initial installation of Elastic Security was very simple and straightforward. All in all, I am very satisfied and would definitely give Elastic Security a score of 10 as a recommendation to a friend or colleague.
What do you dislike about the product?
Inventory of the machine which patches are installed
What problems is the product solving and how is that benefiting you?
I use Elastic Security to monitor our Linux environment, which provides EDR and log analysis of network and processes. It offers insight into the system, allowing us to perform a good analysis even without direct access to machines.
I would highly recommend it
What do you like best about the product?
New features and updates. Security in Cloud sharing
What do you dislike about the product?
No major Cons to report at this moment .
What problems is the product solving and how is that benefiting you?
Improve cloud security posture
Elastic security review
What do you like best about the product?
Elastic security provides key analytics of various hosts in a distributed architecture. It helps diagnose any anomalies or threats, allowing you to act fast and minimize potential loss.
What do you dislike about the product?
It could be pricier, so you might want to choose the appropriate hosts where the threat is more such as those in the edge layer of your network.
What problems is the product solving and how is that benefiting you?
Elastic security provides quick insights and analytics on the hosts in your network and alerts you in case any action is required to keep your hosts secure.
Very Reliable. Easy set up. Good Security
What do you like best about the product?
Very reliable software to protect sensitive data. Easy to setup as well!
What do you dislike about the product?
Nothing really. Occasion loop depending on the network. Sometimes requires a clearing of cache and cookies to workaround the loop
What problems is the product solving and how is that benefiting you?
Protecting sensitive emails regarding software builds. Conversations internally
Fast and easiest SIEM solution for small companies and startups
What do you like best about the product?
ELK is the best solution if you are a startup or a small company. it's blazingly fast and cost effective.
What do you dislike about the product?
Creating notifications out of the box can be a challenge to begin with, the watchers can be simplified.
What problems is the product solving and how is that benefiting you?
Threat hunting, SIEM solution for SOC team
Fully functional Logs Suite
What do you like best about the product?
Logstash provide a fully logs collection, the best configuration is use them with Kibana and Elastic Search as an Elk suite
What do you dislike about the product?
Not so easy to set up, necessary a specialized partner
What problems is the product solving and how is that benefiting you?
Log compliance and monitoring
Recommendations to others considering the product:
Consider to get helped by a expert partner
I used Logstash as a Filter to aggregate the data coming from Beats,
What do you like best about the product?
Logstash provide so many plugins and also work as a Filter which is used to collect the data and than filter in the same way in which we want. Also Logstash is an open source tool so it also solve the costing problem.
What do you dislike about the product?
Till now everything is good , I like it very much.
What problems is the product solving and how is that benefiting you?
I used logstash to create pipelines which gave me filtered data coming from Beats. And than it also provide me an output section where I can mention my output to be transfered there for example Elastic Search .
Performance of logstash is very good also as it is open source tool which is cost effective for me.
Performance of logstash is very good also as it is open source tool which is cost effective for me.
Simple to configure. Works realiably. Simplest tool in ETL
What do you like best about the product?
The simplicity of defining the configuration for an ETL job and numerous plugins available.
What do you dislike about the product?
Not so friendly way to scale the tool for huge amounts of input.
What problems is the product solving and how is that benefiting you?
Extract Transform Load workloads especially for access logs.
Recommendations to others considering the product:
Definitely, try it out. It's the best tool for small to medium workloads.
Default grok patterns can be quite tricky. Suggestion: use CSV filter if feasible.
Default grok patterns can be quite tricky. Suggestion: use CSV filter if feasible.
showing 11 - 20