We performed a comparison between Google Chronicle Suite and Logz.io based on real PeerSpot user reviews.
Find out in this report how the two Security Information and Event Management (SIEM) solutions compare in terms of features, pricing, service and support, easy of deployment, and ROI."The native integration of the Microsoft security solution has been essential because it helps reduce some false positives, especially with some of the impossible travel rules that may be configured in Microsoft 365. For some organizations, that might be benign because they're using VPNs, etc."
"It is easy to implement (turn on) - does need a skilled analyst to develop queries and playbooks."
"Microsoft Sentinel comes preloaded with templates for teaching and analytics rules."
"The AI and ML of Azure Sentinel are valuable. We can use machine learning models at the tenant level and within Office 365 and Microsoft stack. We don't need to depend upon any other connectors. It automatically provisions the native Microsoft products."
"Investigations are something really remarkable. We can drill down right to the raw logs by running different queries and getting those on the console itself."
"The automation rules and playbooks are the most useful that I've seen. A number of other places segregate the automation and playbook as separate tools, whereas Microsoft is a SIEM and SOAR tool in one."
"There are some very powerful features to Sentinel, such as the integration of various connectors. We have a lot of departments that use both IaaS and SaaS services, including M365 as well as Azure services. The ability to leverage connectors into these environments allows for large-scale data injection."
"It's pretty powerful and its performance is pretty good."
"What sets Chronicle apart from other solutions is its emphasis on threat hunting rather than solely serving as a monitoring tool."
"The platform's most valuable features are multiple connectors and data output flexibility regarding dashboards and user experience."
"Google Chronicle Suite is a highly scalable solution with good search capabilities."
"The log folder is fairly simple."
"The tool's most valuable feature is the search option, allowing easy navigation."
"The product's most valuable feature is threat hunting. We can detect the threats directly from the console from the past data as well."
"The support team is responsive."
"Google Chronicle Suite provides useful APIs."
"We use the product for log collection and monitoring."
"The tool is simple to setup where it is just plug and play. The tool is reliable and we never had any performance issues."
"We use the tool to track the dev and production environment."
"It is massively useful and great for testing. We can just go, find logs, and attach them easily. It has a very quick lookup. Whereas, before we would have to go, dig around, and find the server that the logs were connected to, then go to the server, download the log, and attach it. Now, we can just go straight to this solution, type in the log ID and server ID, and obtain the information that we want."
"InsightOne is the main reason why we use LogMeIn. This is mostly because of log data that we are pushing tools and logs in general."
"The query mechanism for response codes and application health is valuable."
"The visualizations in Kibana are the most valuable feature. It's much more convenient to have a visualization of logs. We can see status really clearly and very fast, with just a couple of clicks."
"The other nice thing about Logz.io is their team. When it comes to onboarding, their support is incredibly proactive. They bring the brand experience from a customer services perspective because their team is always there to help you refine filters and tweak dashboards. That is really a useful thing to have. Their engagement is really supportive."
"Sometimes, it is hard for us to estimate the costs of Microsoft Sentinel."
"They need to work with other security vendors. For example, we replaced our email gateway with Symantec, but we couldn't collect these logs with Azure Sentinel. Instead of collecting these logs with Azure Sentinel, we are collecting them on Qradar. We couldn't do it with Sentinel, which is a problem for us."
"I would like Sentinel to have more out-of-the-box analytics rules. There are already more than 400 rules, but they could add more industry-specific ones. For example, you could have sets of out-of-the-box rules for banking, financial sector, insurance, automotive, etc., so it's easier for people to use it out of the box. Structuring the rules according to industry might help us."
"If Azure Sentinel had the ability to ingest Azure services from different tenants into another tenant that was hosting Azure Sentinel, and not lose any metadata, that would be a huge benefit to a lot of companies."
"They should integrate it with many other software-as-a-service providers and make connectors available so that you don't have to do any sort of log normalization."
"Currently, the watchlist feature is being utilized, and although there have been improvements, it is still not fully optimized."
"It could have a better API to be able to automate many things more extensively and get more extensive data and more expensive deployment possibilities. It can gain some points on the automation part and the integration part. The API is very limited, and I would like to see it extended a bit more."
"Microsoft should improve Sentinel, considering that from the legacy systems, it cannot collect logs."
"The product's default dashboard feature has a few limitations regarding availability."
"The solution's graphical user interface (GUI) should be more user-friendly."
"The configuration is not optimal."
"The tool is a little bit difficult to use compared to Microsoft Sentinel."
"In terms of improvement, the UI can be a bit challenging for beginners."
"The tool is complicated for a first-time user. It should also include newer APIs."
"A few areas are difficult to understand for someone who has less experience using the product."
"The tool needs to improve tasking packages. Its GUI needs to be improved. The product needs to include time-based filtration. We can only see the alert detection timeline now."
"I would like granularity on alerting so we can get tentative alerts and major alerts, then break it down between the two."
"The solution needs to improve its data retention. It should be greater than seven days. The product needs to improve its documentation as well."
"The solution needs to expand its access control and make it accessible through API."
"When it comes to reducing our troubleshooting time, it depends. When there are no bugs in Logz.io, it reduces troubleshooting by 5 to 10 percent. When there are bugs, it increases our troubleshooting time by 200 percent or more."
"Capacity planning could be a little bit of a struggle."
"I would like them to improve how they manage releases. Some of our integrations integrate specifically with set versions. Logz.io occasionally releases an update that might break that integration. On one occasion, we found out a little bit too late, then we had to roll it back."
"The product needs improvement from a filtering perspective."
"The price can be cheaper and they should have better monitoring."
Google Chronicle Suite is ranked 28th in Security Information and Event Management (SIEM) with 8 reviews while Logz.io is ranked 27th in Security Information and Event Management (SIEM) with 8 reviews. Google Chronicle Suite is rated 7.8, while Logz.io is rated 8.2. The top reviewer of Google Chronicle Suite writes "Swiftly navigates and analyzes extensive datasets without significant delays ". On the other hand, the top reviewer of Logz.io writes "The solution is a consistent logging platform that provides excellent query mechanisms". Google Chronicle Suite is most compared with Splunk Enterprise Security, AWS Security Hub, Sentinel, IBM Security QRadar and Elastic Security, whereas Logz.io is most compared with Datadog, Wazuh, Coralogix, Splunk Enterprise Security and Grafana Loki. See our Google Chronicle Suite vs. Logz.io report.
See our list of best Security Information and Event Management (SIEM) vendors.
We monitor all Security Information and Event Management (SIEM) reviews to prevent fraudulent reviews and keep review quality high. We do not post reviews by company employees or direct competitors. We validate each review for authenticity via cross-reference with LinkedIn, and personal follow-up with the reviewer when necessary.