I am familiar with Falcon LogScale from CrowdStrike because I have heard about it, and we also have a special department with colleagues whose expertise is CrowdStrike and the products.

I cannot answer whether Falcon LogScale is a reasonable price as I do not know.

I would have to check with the projects to determine the typical use cases of Falcon LogScale.

My job is to bring the specialists and the customer together regarding Falcon LogScale, and most of the time, I am not involved in those meetings. However, I know that my colleagues always involve CrowdStrike in these projects, so we do not do it alone. We do it together with the vendor.

My customers also use the search and visualization features of Falcon LogScale. I am an account manager, so I have an overall view of my customers, but I do not know every product and every project in detail because it is impossible.

I do not know if I use Falcon LogScale's query language and dashboards personally, but my customers use it. However, I do not know what exactly they are using.

Regarding security, I work with many different vendors, and my customers are mostly banks and insurances.

That is a difficult question regarding Falcon LogScale. That is really a question for the professionals, and I am not a professional, so I do not know.

I have been working with Falcon LogScale for about five years.

I have only heard the best about CrowdStrike's support. My customer never complains, so I am happy if the customer does not complain.

I am using vendor assistance during implementation.

The implementation path is always very long. My customers are all very regulated, and in Germany, we have very strict regulations. That is always an obstacle because there is so much paperwork that needs to be filled out. The path from discussing security to implementing something is always a very long process.

I am referring to the documentation part, and with DORA, the Digital Operational Resilience Act, customers have many questions regarding vendors. They ask if it is an American company, if it is a European company, and where their data is located. It is always a very long process.

I work as a security consultant for customers. I am currently working on multiple solutions including Trend Micro, CrowdStrike, and Microsoft. I have over 14 years of overall experience, but I would reduce around four years from that period since I was working in a BPO. After those four years, I have been working with a different company as a consultant, so I would say I have 10 plus years of experience in this field.

From Falcon LogScale, NG SIM is very useful. Apart from that, exposure management is very useful. I have been working a lot with identity protection, which is also very useful. SQL is also very efficient and fast as a query language. The dashboard is customizable, which is a very good feature they have provided, and we have a single portal that gives all the features together.

I have not worked on that particular part, but regarding improvement, KQL seems to be quite complicated and we have to brush up on that if we want to become an expert on it. KQL is a bit challenging for us. When we talk about Microsoft, KQL is simpler when compared to SQL. However, SQL is faster and quite efficient, but the language is a bit tough, maybe because it is new. I have just been working with it for the past two years. If I have more exposure in the coming years, it will become an easier option for me.

KQL should be simplified, which would be a better thing. The documentation should not only be private but should be made public. Though we are partners and have access to those documents, sometimes I conduct testing on my own and have to log into a partner account or customer account to access those documents. That has to be improved. SQL has to be improved as well. When it comes to the overall Falcon LogScale console, it could be easier if it were made more attractive. For example, if something is shown on the dashboard with simplified icons and text, it would be a great option if there were some colors or larger icons. One drawback I have seen with Falcon LogScale is that there is something that cannot be customized. There is an account detection that seems to be a systematic account, and if we want to change it from a systematic account to a user account when it is detecting a system account, that seems to be a problem for us.

I have been using this solution for two years.

Falcon LogScale gives a clear view of what exactly has happened from the beginning. When we compare those with different log sources, we conclude that we know exactly what has to be done and what has happened. That is a bright option that Falcon LogScale has granted us.

The plus point with Falcon LogScale is that we do not have to decide what exactly we need since all has been decided and defined in Falcon LogScale. It picks up everything and all the aggregates from different sources. If there is a critical incident with an associated IP, associated user, endpoints, or whatever factor it is supposed to associate, it associates it by default and makes our life easier, making the SOC life easier.

We have an email system and a support link in Falcon LogScale console itself. This is the same as it goes with other solutions like Microsoft, Trend Micro, and Splunk. It is easier and the same for all the services. I have raised multiple queries, and we have been using Falcon Complete and Falcon Admin as well. In both cases, I have not seen any delay or any issues when it comes to supporting us. Recently I came across a particular log source that was not getting ingested using the event hub for Microsoft. We had three to four calls, and finally we got it sorted. We have been getting updates on a regular basis. There was no such day that we have not seen an update. We got into two or three sessions and we were able to fix it. I would rate customer service as 8.5 out of 10.

The initial setup is quite good. I have compared multiple solutions like Microsoft and Trend Micro. Falcon LogScale seems to be a better option with better visibility when it comes to the dashboard and the kill chain process, including the attack surface. I would not say it is quite easier, but we have complete documentation available. If we follow that documentation quite carefully, it is very straightforward. They have clearly explained how to proceed and deploy it, so I would not say it is easier, but it is very well-defined.

Pricing is good because we have everything. When we talk about the logs that we are ingesting in Falcon LogScale, it is ingesting only the logs that are required, not the unnecessary logs. The index feature is inbuilt, the parser is inbuilt, and everything is inbuilt. I believe when it comes to log ingestion, it is comparatively low compared to any other services like Microsoft, Trend Micro, or Splunk.

As far as I know, I have been working only with Falcon LogScale and I have not had the opportunity to explore some other log scales. But currently, in the market and in the business, Falcon LogScale seems to be a better option than any other workspace or any other log source for log management.

When it comes to Falcon LogScale, it is better compared to Microsoft. When we talk about scaling it from one to ten, I would give it somewhere around nine, especially in terms of retention. It is completely aligned with compliance and audit, so I do not see any trouble there. I would note that not only Falcon LogScale but also Microsoft and Trend Micro are okay with compliance and audit. I would rate everyone on the same scale for compliance. Overall, I would rate this solution an 8 out of 10.

Initially, the log was for log management. We store our logs for achieving compliance and log retention for longer periods. This function, LogScale, is now a platform where we can do correlation as well. It has become a next-generation SIM.

The solution definitely saves us time because it has a Google-like search. We can pull out log information in seconds, whereas traditional solutions would take hours or days. Additionally, the compression ratio is very high, which means our storage costs are minimal.

The fast search and index-free data retention are very valuable. The platform now works on an AI and ML-based engine, and we can analyze anything that is stored.

The integration could improve. Easy parser writing should be an option to ingest log in a human-readable format for unsupported devices. For visibility perspective, the dashboard should be more user-friendly. It should visualize what is happening in the complete ingestion, showing how many log sources there are, data volumes, and use cases or correlation rules triggered based on AI and ML analytics.

We have used LogScale for approximately one and a half years.

Stability is good. I would rate it nine out of ten.

Currently, scalability needs improvement in the visualization and representation of LogScale. The integration needs to be dimensioned.

CrowdStrike support is good, but in some cases, it takes time to resolve on-premises solutions. I would rate the support seven out of ten.

There are no previous solutions mentioned.

If the user wants to install it in their infrastructure on-premises, it's complex. If they are using a cloud as a SaaS service, it is easy.

The pricing is average. I would rate it six or seven out of ten.

In the India market, OpenText is the direct competitor for log management and SIM products. IBM's QRadar is also mentioned.

LogScale can be used across all company segments.

I'd rate the solution eight out of ten.

This is a next-generation SIEM solution. It's used for fast search results compared to traditional SIEM solutions that take much longer due to the huge volume of data.

The traditional SIEM could not cope with the indexing algorithm, but with Falcon LogScale, we can get the result within a few seconds when we search for a keyword.

One of the key features is the fast search functionality, enabling us to get results within a few seconds.

So far, there are no features in need of improvement. The price could be lower.

I've been working with LogScale for about half a year.

There don't appear to be any complexities with stability. The rating for stability is nine out of ten.

I rated scalability as eight. It has the ability to scale well.

Customer service is rated nine out of ten. So far, so good.

The setup process was simple. We managed to get it done within a day.

The pricing could be lower.

The main competitor on the market is Splunk.

I'd rate the solution eight out of ten.

As an MSSP company, we work with various products and tools, including Falcon EDR and Falcon LogScale by CrowdStrike. We handle the configurations, integrations, and other tasks related to these tools on our tenant. We also create dashboards, perform quarantines, and use it for log management and fast data access.

It allows us to efficiently manage and store our data. Its compression and archiving features not only reduce storage costs but also minimize the infrastructure resources needed for data backup. Since we have multiple security solutions in place, it allows us to streamline data handling. We can selectively send security-related events to the SIEM while directing other non-security events from various tools to Falcon LogScale. This flexibility ensures that we have access to all the data we need when required, and we can easily export this data from it as necessary, optimizing our data management and making it readily available for analysis or other purposes.

It has an impressive data retention capability, allowing you to collect and store data for up to a year. Also, its data retrieval speed is remarkable, taking just a fraction of a second to access the information you need. This combination of extensive data retention and quick data retrieval sets it apart from other log management tools I've worked with in the past. It offers the capability to view live log ingestion directly from the console which means you can seamlessly manage live log data ingestion alongside accessing and analyzing older data from the past.

There are some overlapping features found in multiple tools.

We have been using it for a year now.

The solution remains stable without any notable issues. It performs exceptionally well when dealing with substantial data ingestion. Retrieving data from one or two months ago is virtually instantaneous.

As a relatively small organization, we haven't had the chance to deploy and scale it yet. Our daily data ingestion is relatively modest, typically around fifteen to twenty GB and we don't have subsidiary branches where we can replicate the same LogScale environment for further scaling. However, we are open to exploring potential opportunities for expansion in the future.

Around six months ago, we engaged in a workshop with one of CrowdStrike's Subject Matter Experts. During this session, they provided us with an overview of their products, explaining how they function, their capabilities, and the new features that had been added.

I've had experience working with Global Chronicle, Sumo Logic, and Splunk, including an Indian tool. In comparison to these solutions, Falcon LogScale appears to be a well-rounded and efficient solution. It excels in certain areas where others fall short, making it a strong choice for log management in my experience.

The initial set up is straightforward, and its operation is easily comprehensible. You can swiftly deploy it on your own without much complexity.

For on-premises deployment, you'll require a dedicated server with specific backend requirements and you'll need to obtain the OVFA from CrowdStrike LogScale. While we haven't had the chance to perform an on-premises deployment, based on my knowledge and the available documentation, the process is estimated to take around thirty to forty-five minutes to complete.

I would suggest that, based on your organization's log management needs, if you're already using an SIEM solution, you can complement it with Falcon LogScale for extended data ingestion and storage. It provides flexibility, allowing you to customize data retention based on your specific requirements and organizational compliance standards. You can tailor data ingestion to send security-related alerts to the SIEM while storing other logs for future use. Its capacity to handle vast amounts of data ingestion and provide lightning-fast query capabilities is a significant advantage. I would rate it nine out of ten.