We performed a comparison between Elastic Security and ThreatConnect Threat Intelligence Platform (TIP) based on real PeerSpot user reviews.
Find out what your peers are saying about Microsoft, Palo Alto Networks, Splunk and others in Security Orchestration Automation and Response (SOAR)."The ability of all these solutions to work together natively is essential. We have an Azure subscription, including Log Analytics. This feature automatically acts as one of the security baselines and detects recommendations because it also integrates with Defender. We can pull the sysadmin logs from Azure. It's all seamless and native."
"If you know how to do KQL (kusto query language) queries, which are how you query the log data inside Sentinel, the information is pretty rich. You can get down to a good level of detail regarding event information or notifications."
"Sentinel improved how we investigate incidents. We can create watchlists and update them to align with the latest threat intelligence. The information Microsoft provides enables us to understand thoroughly and improve as we go along. It allows us to provide monthly reports to our clients on their security posture."
"The AI and ML of Azure Sentinel are valuable. We can use machine learning models at the tenant level and within Office 365 and Microsoft stack. We don't need to depend upon any other connectors. It automatically provisions the native Microsoft products."
"You can fine-tune the SOAR and you'll be charged only when your playbooks are triggered. That is the beauty of the solution because the SOAR is the costliest component in the market today... but with Sentinel it is upside-down: the SOAR is the lowest-hanging fruit. It's the least costly and it delivers more value to the customer."
"Sentinel also enables you to ingest data from your entire ecosystem and not just from the Microsoft ecosystem. It can receive data from third-party vendors' products such firewalls, network devices, and antivirus solutions. It's not only a Microsoft solution, it's for everything."
"The most valuable features are its threat handling and detection. It's a powerful tool because it's based on machine learning and on the behavior of malware."
"The most valuable feature is the UEBA. It's very easy for a security operations analyst. It has a one-touch analysis where you can search for a particular entity, and you can get a complete overview of that entity or user."
"The indexes allow you to get your results quickly. The filtering and log passing is the advantage of Logstash."
"The solution is compatible with the cloud-native environment and they can adapt to it faster."
"It can handle millions of loads at a time, and you can always use the filters to find exactly what you are looking for and detect errors in every log message you are searching for, basically."
"What customers found most valuable in Elastic Security feature-wise is the search capability, in particular, the way of writing the search query and the speed of searching for results."
"The solution is quite stable. The performance has been good."
"ELK documentation is very good, so never needed to contact technical support."
"It's very stable and reliable."
"The performance is good and it is faster than IBM QRadar."
"ThreatConnect has a highly user-friendly interface."
"The product automatically generated a threat score based on the maliciousness of an IP."
"It's a solid platform and is stable enough. It is not complicated and is easy to use."
"The most valuable features are ease of use and the ability to customize it."
More ThreatConnect Threat Intelligence Platform (TIP) Pros →
"If we want to use more features, we have to pay more. There are multiple solutions on the cloud itself, but the pricing model package isn't consistent, which is confusing to clients."
"There are certain delays. For example, if an alert has been rated on Microsoft Defender for Endpoint, it might take up to an hour for that alert to reach Sentinel. This should ideally take no more than one or two seconds."
"Microsoft Sentinel should provide an alternative query language to KQL for users who lack KQL expertise."
"If I see an alert and I want to drill down and get more details about the alert, it's not just one click. In other SIEM tools, you just have to click the IP address of the entity and they give you the complete picture. In Sentinel, you have to write queries or use saved queries to get details."
"Sentinel could improve its ticketing and management. A few customers I have worked with liked to take the data created in Sentinel. You can make some basic efforts around that, but the customers wanted to push it to a third-party system so they could set up a proper ticketing management system, like ServiceNow, Jira, etc."
"Its documentation is not so simple. It is easy for somebody who is Microsoft certified or more closely attached to Microsoft solutions. It is not easy for those who are working on open-source platforms. There isn't a central point where everything is documented, and there is no specific training or certification."
"The product can be improved by reducing the cost to use AI machine learning."
"There is a wider thing called Jupyter Notebooks, which is around the automation side of things. It would be good if there are playbooks that you can utilize without having to have the developer experience to do it in-house. Microsoft could provide more playbooks or more Jupyter Notebooks around MITRE ATT&CK Framework."
"Improvements in Elastic Security could include refining and normalizing queries to make them more user-friendly, enhancing the user experience with better documentation, and addressing any latency issues."
"The tool needs to integrate with legacy servers. Big companies can have legacy servers that may not always be updated."
"If you compare this with CrowdStrike or Carbon Black, they can improve."
"This type of monitoring is not very mature just yet. We need more real-time information in a way that's easier to manage."
"The process of designing dashboards is a little cumbersome in Kibana. Unless you are an expert, you will not be able to use it. The process should be pretty straightforward. The authentication feature is what we are looking for. We would love to have a central authentication system in the open-source edition without the need for a license or an enterprise license. If they can give at least a simple authentication system within a company. In a large organization, authentication is very essential for security because logs can contain a lot of confidential data. Therefore, an authentication feature for who accesses it should be there."
"The training that is offered for Elastic is in need of improvement because there is no depth to it."
"Email notification should be done the same way as Logentries does it."
"We'd like better premium support."
"Integration is an area that could use some improvement."
"It would be good to have more feeds and more integrated sources for enrichment."
"I couldn’t get any training videos online when I was working with the tool."
"They should make it a little bit easier to generate events and share them with the community"
More ThreatConnect Threat Intelligence Platform (TIP) Cons →
More ThreatConnect Threat Intelligence Platform (TIP) Pricing and Cost Advice →
Elastic Security is ranked 6th in Security Orchestration Automation and Response (SOAR) with 59 reviews while ThreatConnect Threat Intelligence Platform (TIP) is ranked 19th in Security Orchestration Automation and Response (SOAR) with 4 reviews. Elastic Security is rated 7.6, while ThreatConnect Threat Intelligence Platform (TIP) is rated 8.0. The top reviewer of Elastic Security writes "A stable and scalable tool that provides visibility along with the consolidation of logs to its users". On the other hand, the top reviewer of ThreatConnect Threat Intelligence Platform (TIP) writes "The tool could be integrated into any environment, but it was expensive, and the deployment process was complex". Elastic Security is most compared with Wazuh, Splunk Enterprise Security, IBM Security QRadar, Microsoft Defender for Endpoint and CrowdStrike Falcon, whereas ThreatConnect Threat Intelligence Platform (TIP) is most compared with Anomali ThreatStream, Recorded Future, ThreatQ, Palo Alto Networks Cortex XSOAR and Anomali Match.
See our list of best Security Orchestration Automation and Response (SOAR) vendors.
We monitor all Security Orchestration Automation and Response (SOAR) reviews to prevent fraudulent reviews and keep review quality high. We do not post reviews by company employees or direct competitors. We validate each review for authenticity via cross-reference with LinkedIn, and personal follow-up with the reviewer when necessary.
