Improvements are needed in the solution in areas like SOAR and TIP, where there are certain shortcomings. When it comes to Elastic Stack, it doesn't matter if the product is mature or professional, like the other vendors in the market who offer TIP tools. Elastic Stack needs to have some features similar to the other tools that offer SOAR and TIP functionalities. From an improvement perspective, Elastic Stack's support team should have more people with expertise, and the response time should be minimized. There are no SOC analysts available at Elastic Stack's support team's end to resolve big or major issues. Small issues in the product can be resolved quickly by going to the availability of an online community from Elastic Stack's end, which is friendly and useful. The product lacks automation capabilities, making it an area where improvements are required. The product should also be able to integrate with multiple tools that offer TIP functionalities.
The main issue related to Elastic Stack is in the area of its licensing. The licenses of the product have changed, and the community-driven open-source fork of Elasticsearch has created a lot of issues in terms of compatibility between the products, which is not nice. The aforementioned areas are to be considered for improvement in the product.
From what I have heard about the solution from other sources, I know that there were some issues with pushing data from other sources to Elastic Stack, making it the solution's only shortcoming that needs improvement. When people try to move the data from another source to Elastic Stack for visualization, they face challenges when connecting to Elastic Stack from such different sources. The aforementioned details can be considered for improvement in the solution.
The implementation of dashboards in the solution needs to be made easier. Last year, I implemented dashboards with the help of Docker's compose file, and I had some issues with the ports and configuration since it was kind of complex to implement with Docker. The product's dashboard and maintenance are two areas that need improvement.
It's comprised of Elasticsearch, Kibana, Beats, and Logstash (also known as the ELK Stack) and more. Reliably and securely take data from any source, in any format, then search, analyze, and visualize.
Built on a foundation of free and open, Elasticsearch and Kibana pave the way for diverse use cases that start with logging and span as far as your imagination takes you. Elastic features like machine learning, security, and reporting compound that value — and since they’re made for Elastic,...
The tool's pricing can be improved.
Improvements are needed in the solution in areas like SOAR and TIP, where there are certain shortcomings. When it comes to Elastic Stack, it doesn't matter if the product is mature or professional, like the other vendors in the market who offer TIP tools. Elastic Stack needs to have some features similar to the other tools that offer SOAR and TIP functionalities. From an improvement perspective, Elastic Stack's support team should have more people with expertise, and the response time should be minimized. There are no SOC analysts available at Elastic Stack's support team's end to resolve big or major issues. Small issues in the product can be resolved quickly by going to the availability of an online community from Elastic Stack's end, which is friendly and useful. The product lacks automation capabilities, making it an area where improvements are required. The product should also be able to integrate with multiple tools that offer TIP functionalities.
The main issue related to Elastic Stack is in the area of its licensing. The licenses of the product have changed, and the community-driven open-source fork of Elasticsearch has created a lot of issues in terms of compatibility between the products, which is not nice. The aforementioned areas are to be considered for improvement in the product.
It lacks a clear NDR (Network Detection and Response) feature. If Elastic could enhance this aspect, it would significantly boost its capabilities.
Elastic Stack should work on their dashboards and integration process.
From what I have heard about the solution from other sources, I know that there were some issues with pushing data from other sources to Elastic Stack, making it the solution's only shortcoming that needs improvement. When people try to move the data from another source to Elastic Stack for visualization, they face challenges when connecting to Elastic Stack from such different sources. The aforementioned details can be considered for improvement in the solution.
The implementation of dashboards in the solution needs to be made easier. Last year, I implemented dashboards with the help of Docker's compose file, and I had some issues with the ports and configuration since it was kind of complex to implement with Docker. The product's dashboard and maintenance are two areas that need improvement.