No more typing reviews! Try our Samantha, our new voice AI agent.

Security Onion vs Sumo Logic Security comparison

 

Comparison Buyer's Guide

Executive SummaryUpdated on Oct 9, 2024

Review summaries and opinions

We asked business professionals to review the solutions they use. Here are some excerpts of what they said:
 

Categories and Ranking

Security Onion
Ranking in Log Management
25th
Average Rating
7.2
Reviews Sentiment
7.1
Number of Reviews
4
Ranking in other categories
No ranking in other categories
Sumo Logic Security
Ranking in Log Management
21st
Average Rating
8.2
Reviews Sentiment
7.0
Number of Reviews
25
Ranking in other categories
Security Information and Event Management (SIEM) (21st), Security Orchestration Automation and Response (SOAR) (14th)
 

Mindshare comparison

As of July 2026, in the Log Management category, the mindshare of Security Onion is 1.9%, down from 5.0% compared to the previous year. The mindshare of Sumo Logic Security is 1.3%, up from 0.4% compared to the previous year. It is calculated based on PeerSpot user engagement data.
Log Management Mindshare Distribution
ProductMindshare (%)
Sumo Logic Security1.3%
Security Onion1.9%
Other96.8%
Log Management
 

Featured Reviews

HJ
Manager at teshama
Centralized threat monitoring has improved visibility but demands complex setup and configuration
The best features Security Onion offers include acting as the intrusion detection system in my organization and helping me to address traffic, logs, and events happening within the organization. Since Security Onion is an open-source system that integrates with tools like Suricata and Zeek with the ELK stack, it enables threat detection and response capabilities, delivering high-level security measures at a cost, making it suitable for businesses of varying skill levels. These integrations with Suricata and Zeek have greatly impacted our workflow and our team's effectiveness by helping us address issues such as identifying intrusions, evaluating threats, and overseeing log files. This tool is very cost-effective, making it suitable for any size of organization wanting to use it.
MR
Senior Security Analyst at City Electric Supply Company
Security insights have enabled faster incident response and streamlined cross-team collaboration
To improve Sumo Logic Security, I would appreciate the tool being easier to use from a search perspective. For example, we have a few teams that want to use the tool itself, but they are not as savvy when it comes to creating searches from the core platform. I understand that Mobot has come out and is in the works, and it really does assist non-savvy users when it comes to querying the platform. As far as that is concerned, I wish that could be improved a bit more, but I do know that that is in the works. I would add that I wish for improved documentation. For example, we are using Sumo Playbooks and automation integrations along with that, but I have found that there has been a lack of documentation, very little to none at all when it comes to that. With regards to automation integrations as well, there are very few details included in them. I would also appreciate the AWS automation integrations to be more secure because currently, they are using access keys, which involves a user rather than roles, which is the security best practice recommended by AWS. I chose eight out of ten because to make it a nine or ten, I would lean heavily on the documentation. A lot of the times when we get around to configuring things such as playbooks or trying to understand playbooks, what I found was that documentation sometimes is not up to date or documentation is lacking. There are instances also where some security best practices are not being followed. So, if we are able to set up an integration that is not only secure, following security best practices, and has complete documentation, I believe it would alleviate the issue of having to go back and forth with support to check the documentation and things of that nature. My impression of the built-in threat intelligence feature in Sumo Logic Security is that it is comprehensive, but I would say that it could do a little bit better. For example, we have the TAXI feeds, which is STIX and TAXI integrated into the core platform, but the issue I am running into is that I am able to use that feed into a CSE alert; however, I am not able to see the contents of that feed. If I integrate CISA, which we do have integrated, I cannot see what IOCs are in that feed in the core platform, and I hope that is the case because, in order for us to better tune our alerts, we need to be able to see what is in the contents of that threat intelligence feed.

Quotes from Members

We asked business professionals to review the solutions they use. Here are some excerpts of what they said:
 

Pros

"The most valuable feature of Security Onion for security monitoring is its ability to find infected ports."
"We use Security Onion for internal vulnerability assessment."
"Security Onion has positively impacted my organization by greatly improving our security posture, making alert triage easier to handle, simplifying the analysis of threats, and decreasing the cost of threat analysis and detection."
"Security Onion is the most mature solution in the market."
"We have used it many times to find a root cause of a live issue, then fix the problem in the applications."
"We use it to ingest Windows domain controller logs. We use this to monitor if anyone is placed in particular administration groups that potentially shouldn't be. It helps us keep track of people."
"For many of our services, we use Sumo Logic to track errors and send notifications to our Slack channel, if there are issues. Then, we have our support people monitoring this, and they can react quickly."
"Compared to other tools, I prefer the UI much better as it categorizes data very well for me."
"Scalability has been good for our needs. We haven't run into any scaling issues in regards to size so far."
"The Log Analytics platform is the most effective. If we cannot find the data in other tools, like email security or NDR, we can fetch those logs in the Log Analytics platform of Sumo Logic."
"The most valuable features of Sumo Logic Security are the rules, use cases, and ease of use. Additionally, the integration is straightforward and good GUI."
"The troubleshooting part of Sumo Logic has solved a lot, e.g., if there is any downtime on the website, so we have reduced our downtime by a lot with Sumo Logic because we can easily troubleshoot issues."
 

Cons

"For Security Onion, setting up and configuring the system can be quite challenging for newcomers due to the need for a grasp of networking and security concepts."
"The initial setup of the solution is a little bit difficult."
"The product is not easy to learn."
"Security Onion's user interface could be improved."
"The correlation rules and log mapping are not as mature compared to other SIM tools like Splunk."
"I would like better UI-driven functionality to create alerts and reports. Now, we have to understand the syntax, so it is a little difficult for someone to pick it up without using the manuals. If there was more of a graphical user interface, it would be beneficial."
"A more transparent roadmap as to what Sumo Logic Security is trying to achieve would be beneficial. Sumo often gives information in three-month cycles, which makes it hard for planning purposes."
"If you want to up your subscription through the AWS Marketplace, it can be difficult. You can't just go back to the AWS Marketplace, and say, "I want a bigger one now." You have to contact the sales team, then they do it on the back-end. This could definitely be improved."
"The pricing is a little high, but for the features that we receive from Sumo Logic, it suits the price."
"In my opinion, this solution has a steep learning curve and requires practice if users to be able to use this tool very efficiently."
"A lot of the times when we get around to configuring things such as playbooks or trying to understand playbooks, what I found was that documentation sometimes is not up to date or documentation is lacking."
"I would like to see improvement in the user experience when configuring things, ingesting logs, and creating ports."
 

Pricing and Cost Advice

"Security Onion is an open-source solution."
"It is an open-source solution."
"Security Onion is a free solution."
"The license pricing model is based on the events that are processed through the solution."
"The pricing is good. It's not an issue for us."
"If we went to ELK Stack, which is open source, it would have been less costly, but it would have required more development from our side."
"I don't pay the bill. I've heard the AWS Marketplace pricing is high, but I like the value."
"The product is costly."
"We chose to go through the AWS Marketplace because it makes it a lot easier when we bill our customers. Rather than having to get multiple different sources of information then correlate a monthly bill for our customers, it is just included in the AWS usage charges."
"Purchasing the solution through the AWS Marketplace is very easy."
"The pricing is a little high, but for the features that we receive from Sumo Logic, it suits the price. For some small organizations, the price might be a little high."
report
Use our free recommendation engine to learn which Log Management solutions are best for your needs.
902,988 professionals have used our research since 2012.
 

Top Industries

By visitors reading reviews
University
12%
Comms Service Provider
11%
Government
10%
Computer Software Company
7%
Manufacturing Company
12%
Financial Services Firm
11%
Outsourcing Company
10%
Computer Software Company
7%
 

Company Size

By reviewers
Large Enterprise
Midsize Enterprise
Small Business
No data available
By reviewers
Company SizeCount
Small Business7
Midsize Enterprise4
Large Enterprise16
 

Questions from the Community

Ask a question
Earn 20 points
What is your experience regarding pricing and costs for Sumo Logic Security?
I would say that the pricing for Sumo Logic Security is in the medium part of the market. If you go to the well-known vendors such as Azure Sentinel or other tools like Splunk, you are going to fin...
What needs improvement with Sumo Logic Security?
I would say there are a few more things that Sumo Logic Security can improve on. It is not the tool; it is a technical part. From the app point of view, I would say when we need to include a few la...
 

Overview

Find out what your peers are saying about Security Onion vs. Sumo Logic Security and other solutions. Updated: June 2026.
902,988 professionals have used our research since 2012.