Loading product reviews...
5.0 out of 5.0 (1 ratings)

Reviews Distribution

5 Stars
4 Stars
3 Stars
2 Stars
1 Star
We don't have any qualitative reviews for this vendor yet


View other vendors in this market
We have aggregated ratings data on Graylog but all of our reviewers have opted out of sharing their qualitative review feedback. In certain cases we allow reviewers to withhold their qualitative review feedback from public view, in order to protect their confidentiality.
  • 5 out of 5.0, Reviewed

    Product(s): Graylog

    Graylog - A Splunk-like SIEM with real potential.

    Overall Comment

    Product is quick to implement and extend existing log collection capabilities. Not a closed system, so was simple to adapt.

    What one piece of advice would you give other prospective customers?

    Focus more on getting the logs into the system than compliance. Without user buy-in, collecting certain application logs was a non-starter. Granting users access into their own logs from one central location was key in the deployment.

    What do you like most about the product or service?

    Log visualization, cost, speed of improvements to the software.

    What do you dislike most about the product?

    Lack of canned extractors to support specific application (Oracle Database, OIM, Cisco ASA, etc) logs.

    What one thing do you wish the vendor did differently?

    Multi-datacenter capabilities are there, but I was not satisfied with the deployment strategies for doing so, which led to separate deployments for separate datacenters.

    If you could start over, what would your organization do differently?

    Initial purchase proved viability of log collection and will likely extend budget further for SIEM tools.

    Product capabilities - overall comment

    Graylog is very comparable to tools like Splunk at a much lower TCO. While there are many capabilities that are less refined, the price point reflects that. The most useful capability I've found so far has been the alerting, which has been helpful everywhere from having application owners given the ability to generate alerts on application failures (LDAP timeouts, etc) to security incidents (failed logins, successful logins, etc). Being able to plot these on a graph is exceptional and something that opened a lot of eyes to a true SIEM in our environment.

    Service & support - overall comment

    Use of support has been minimal, but is available. Every time I've had to contact support, they've been quick with responses and helpful.

    Integration & Deployment - Overall comment

    Was able to quickly integrate with AD for user authentication and authorization. Unfortunately, the only way to restrict access was to create new streams and grant access to users stream by stream. This is inefficient and does not scale well with hundreds of streams. Hopefully a role-based access control option is available in the future (Grant access to stream to role, assign users to roles or pull roles from AD).

    4 of 4 peer(s) found this review helpful.


Ratings Overview

1 2 3 4 5
Section
1

Evaluation & Contracting

Overall rating of product evaluation and contract negotiation

(1)
4.0

Timely and complete response to product questions

(1)
5.0

Pricing and contract flexibility (pricing and terms)

(1)
5.0
1 2 3 4 5
Section
1

Integration & Deployment

Overall rating of integration and deployment

(1)
3.0

How long did your deployment take?

0 - 3 months (<3)


Availability of quality 3rd-party resources (integrators, service providers, etc.)

(1)
4.0

Quality and availability of end-user training

(1)
2.0

Ease of deployment

(1)
5.0
1 2 3 4 5
Section
1

Service & Support

Did you purchase a support package from the vendor?

No


Timeliness of vendor's response

(1)
5.0

Quality of technical support

(1)
4.0

Quality of peer user community

(1)
5.0
1 2 3 4 5
Section
1

Product Capabilities

Overall rating of product capabilities

(1)
4.0

Real-Time Monitoring

(1)
5.0

Threat Intelligence

(1)
2.0

Data and User Monitoring

(1)
4.0

Application Monitoring

(1)
3.0

Analytics

(1)
5.0

Log Management and Reporting

(1)
4.0

Deployment/Support Simplicity

(1)
5.0
1 2 3 4 5
Section
1

Additional Context

What was the nature of your involvement?

Application Lead

Maintenance and Support

Rollout and Install

Technical Assessment

Vendor/Product Selection


Why did you purchase a Security Information Event Management solution?

Enable/improve log collection, reporting and retention capabilities

Enable/improve security event alerting, investigation

Enable/improve tracking access to and activities related to databases, applications

Meet customer or business partner expectations about your security monitoring program

Reduce costs for threat management operations


What other vendors were considered?

AlienVault

Splunk


What were the key factors that drove your decision for selecting the vendor?

Overall cost

Pre-existing relationships

Product roadmap and future vision

Strong technical/product support

Strong user community


In which region(s) did your deployment take place?