No more typing reviews! Try our Samantha, our new voice AI agent.

Elastic Security vs Microsoft Purview Audit comparison

 

Comparison Buyer's Guide

Executive SummaryUpdated on Oct 9, 2024

Review summaries and opinions

We asked business professionals to review the solutions they use. Here are some excerpts of what they said:
 

Categories and Ranking

Elastic Security
Ranking in Log Management
11th
Average Rating
7.8
Reviews Sentiment
6.8
Number of Reviews
66
Ranking in other categories
Security Information and Event Management (SIEM) (7th), Endpoint Detection and Response (EDR) (15th), Security Orchestration Automation and Response (SOAR) (10th), Extended Detection and Response (XDR) (12th)
Microsoft Purview Audit
Ranking in Log Management
35th
Average Rating
8.2
Reviews Sentiment
5.1
Number of Reviews
4
Ranking in other categories
Microsoft Security Suite (31st)
 

Mindshare comparison

As of July 2026, in the Log Management category, the mindshare of Elastic Security is 3.4%, up from 3.0% compared to the previous year. The mindshare of Microsoft Purview Audit is 1.1%, up from 0.4% compared to the previous year. It is calculated based on PeerSpot user engagement data.
Log Management Mindshare Distribution
ProductMindshare (%)
Elastic Security3.4%
Microsoft Purview Audit1.1%
Other95.5%
Log Management
 

Featured Reviews

Laurentiu Popescu - PeerSpot reviewer
Chief Product Officer at ClusterPower
Has improved threat detection with deep log analysis and streamlined investigation workflows
The most useful features I find in Elastic Security are the forensic ones that allow us to carry deeper analysis into the logs for in-depth investigations, and the dashboards, with the reporting dashboard being quite user-friendly. Elastic Security is quite good at identifying threats, as it is part of the deep investigation tool that I mentioned before. Unless we need to look further into a certain log, we can carry out a deeper analysis and forensics on those particular logs. I can assess the impact of Elastic Security's real-time data analysis on our threat response efficiency as working pretty good. We are looking for real-time analysis because we have a continuous inflow of logs from different sources: from our cloud, from Active Directory, from our network. So it works pretty well.
OK
Cloud Solution Engineer at a computer software company with 51-200 employees
Integrated auditing has strengthened data retention and improved incident investigations
I have seen areas for improvement, specifically in Microsoft Purview Audit or in general about Microsoft. I have had a situation with documentation. I had a customer who wanted to create alerts and they had Microsoft 365 Business Premium. In the documentation, it was noted that this license is enough for creating alerts. When we tried to make them, we noticed they cannot do it with Microsoft 365 E3 because the customer had limited features to manage alerts. The customer had to buy E3. We created Microsoft support requests, and they confirmed that the documentation displayed not the real situation and they have been going to update documentation. The same situation occurred now with implementing Microsoft Purview Audit in the last autumn. eDiscovery was combined with search and content search, and the documentation was not clear at the beginning. It was a little difficult to describe to customers that now it is a part of eDiscovery. Content search is a very simple functionality, while eDiscovery is a little difficult. I am not entirely sure why Microsoft is going in the way of combining these services because they are the same. However, for a customer who has never seen these services, it is difficult to understand quickly. The same situation occurs with litigation holds and some other holds. For any mail, I am trying to keep data. For example, emails are held for a year or two years, ten years, it does not matter. It is difficult to understand where to find this data and where these emails are being held. I need to use eDiscovery to find out all deleted data that was kept somewhere in some hidden folders of the mailbox. Regular customers and regular administrators know that on-premises Exchange, for example, allows them to find the data in some repository and review the list of kept data. However, with this hold, we do not have any functionality to review the list of kept data. It is difficult to understand for customers how to work with this. I had a case where I spent three or four hours working deeply with a customer to explain how to work with eDiscovery, why Content Search is not there when it was before, what is an eDiscovery case, and why we are talking about all of this just to review a list of kept emails. This is difficult.

Quotes from Members

We asked business professionals to review the solutions they use. Here are some excerpts of what they said:
 

Pros

"This solution enables us to monitor application performance from Elasticsearch and we can predict some behaviors for applications using ELK."
"The solution is compatible with the cloud-native environment and they can adapt to it faster."
"The intelligence of the system has been very impressive; it's pretty accurate and gives you good details to create an intelligence report and present that to your C-level management."
"Just the ability to do a lot more than just up-down is nice, which a lot of people take for granted."
"The most valuable feature is the speed, as it responds in a very short time."
"It's simple and easy to use."
"I think that it's a good solution for a SIEM."
"This is definitely a product that I recommend using."
"We're easily saving at least one hour per day using this solution."
"The overall user experience with Microsoft Purview Audit is of higher quality than when it was branded as Compliance Center, and Microsoft consistently updates and evolves functionalities and the overall experience."
"The platform has significantly enhanced our operational insight into the overall Microsoft 365 environment."
"The main Microsoft feature is that it offers common integration of services, of data, of identity, meaning user accounts, user access, and privileged access."
 

Cons

"The price of this product could be improved, especially the additional costs. I would also like to see better-quality graphics."
"In terms of what could be improved with Elastic, in some use cases, especially on the advanced level, they are not ready made, so you'll have to write some scripts."
"Installation is a little bit overwhelming, so improvements on the installation site could make it easier."
"The solution needs to be more reactive to investigations. We need to be able to detect and prevent any attacks before it can damage our infrastructure. Currently, this solution doesn't offer that."
"The tool needs to integrate with legacy servers. Big companies can have legacy servers that may not always be updated."
"If the documentation were improved and made more clear for beginners, or even professionals, then we would be more attracted to this solution."
"I think maybe on the last exercise part, I think the index rotation can be improved. It's something that they need to work on."
"Elastic sometimes does not correctly identify threats or anomalies. It might not classify an issue as malicious or critical accurately."
"We do have a Denial of Access happening."
"Areas for product improvement include enhancing customization options and integrating more comprehensive compliance features."
"I had a case where I spent three or four hours working deeply with a customer to explain how to work with eDiscovery, why Content Search is not there when it was before, what is an eDiscovery case, and why we are talking about all of this just to review a list of kept emails."
"We are still in the early stages of leveraging Microsoft Purview Audit. Currently, it's primarily used for the audit function."
 

Pricing and Cost Advice

"Its price is fine. Its licensing works on a yearly basis. We have to renew the license every year. I also have a good experience with Darktrace. When we buy Darktrace, we get training free of cost, which is not there in Elastic. We have to pay extra for training. There is certainly room for improvement."
"Compared to other tools, Elastic Security is a cheaper solution."
"When compared to other products, the price is average or on the low side."
"We use the open-source version, so there is no charge for this solution."
"This is an open-source product, so there are no costs."
"The licensing cost of Elastic Security is based on the daily ingestion rate. I can't recall the exact figure, but for 10GB of log action daily, it would cost around $20,000."
"The product offers an amazing pricing structure. Price-wise, the product is very competitive."
"I find it better than Splunk in terms of cost-effectiveness. For cost-effectiveness, I would rate it a nine out of 10."
Information not available
report
Use our free recommendation engine to learn which Log Management solutions are best for your needs.
902,988 professionals have used our research since 2012.
 

Top Industries

By visitors reading reviews
Comms Service Provider
9%
Financial Services Firm
9%
Government
8%
Manufacturing Company
8%
Financial Services Firm
13%
Computer Software Company
11%
Construction Company
8%
Comms Service Provider
7%
 

Company Size

By reviewers
Large Enterprise
Midsize Enterprise
Small Business
By reviewers
Company SizeCount
Small Business40
Midsize Enterprise12
Large Enterprise15
No data available
 

Questions from the Community

Datadog vs ELK: which one is good in terms of performance, cost and efficiency?
With Datadog, we have near-live visibility across our entire platform. We have seen APM metrics impacted several times lately using the dashboards we have created with Datadog; they are very good c...
What is your experience regarding pricing and costs for Elastic Security?
I am satisfied with the pricing, setup cost, and licensing cost. It is a pure 10.
What needs improvement with Elastic Security?
I do not have any specific recommendations for improvements in Elastic Security, but I feel that the AI module should get more mature. These machine learning algorithms become better with time; as ...
What is your experience regarding pricing and costs for Microsoft Purview Audit?
It is not so expensive in comparison with other products, but I can tell you about an example.
What needs improvement with Microsoft Purview Audit?
I have seen areas for improvement, specifically in Microsoft Purview Audit or in general about Microsoft. I have had a situation with documentation. I had a customer who wanted to create alerts and...
What is your primary use case for Microsoft Purview Audit?
I work with Defender for IoT by chance because I see that we have enough reviews for Defender for Office 365 today, and we need reviews for some Azure products. I work with Azure products such as L...
 

Also Known As

Elastic SIEM, ELK Logstash
No data available
 

Overview

 

Sample Customers

Texas A&M, U.S. Air Force, NuScale Power, Martin's Point Health Care
Information Not Available
Find out what your peers are saying about Elastic Security vs. Microsoft Purview Audit and other solutions. Updated: June 2026.
902,988 professionals have used our research since 2012.