|Area||Energy Logserver||Elastic Stack||Open Distro||Splunk|
|Licensing||Ability to buy perpetual license with professional support or subscription||Only subscription||Apache 2.0||Only subscription|
|Licensed objects||Only Data nodes||Data nodes + Master nodes
!!! Elastic is turning into resource based license
-> JVM based !!!
|None||GB of data per day|
|Licensed features||All features included||Gold features / Premium features||None||Standard / Premium features|
|Vendor support||No limits for service requests.
Directly assigned consultants/engineers.
100% oriented on customer individual needs.
No separation on different license plans
|Limits for number of service requests.||General Git issues.
No individual approach
|Premium plan only for 500GB+/day lincese Support depending on license plan Direct contact available only for Premium clients No install support from professional services|
|Individual approach for each customer||Customer have real impact on end product.
Building unique functionalities on customer request or with a customer team.
Dedicated solution for customer’s architecture.
Consultancy for complex deployments.
Always individual approach for customer.
Limited to tools already released.
No changes for individual clients needs
|Limited to tools already released No deployment support.||Strict development Limited to tools already released No change for individual clients needs|
|Version||6.x now, 7.x available in Feb 2020||7.x||7.x||Splunk 8|
|Update procedure||Easy update for software Complexity of data transposition depends on changes in Elasticsearch Full support for update procedure Stable releases||No support for update procedure Community instructions||No support||Only paid professional services|
|Issue and bug solving||Dedicated engineer for fixing issue Live vendor communication with customer Work to understand issue and help with developing fix.||Git issues No support||Direct Access to Advanced Support Team only for Premium support plan|
|Direct contact with vendor||Direct continuous contact with EMCA engineers. The possibility of on-site work.||Vendor engineers are not involved in the process of implementing the customers system.||Git/Forum communication only. No support regarding implementation||Only paid professional services or for Premium support plan|
|Default parsing rules||Available||Not available||Not available||Available|
|Technology Dashboards||Available||Not available||Not available||Available with addons|
|Alerting rules||Available||Not available||Not available||Not available|
|Risk management||Available||Not available||Not available||Not available|
|Playbooks||Available||Not available||Not available||Not available|
|Blacklist||Out of the box||Needs implementation||Needs implementation||Needs implementation or Extra license for SIEM app|
|Incident management||Out of the box||Not available||Not available||Extra license for SIEM app|
|Reporting feature||Available||Available||Not available||Available|
|User Management, RBAC||Local, AD, Radius, SSO||Local, AD, Radius, SSO||Local, AD, SSO||Local, AD, SSO|
|AD Bind password encryption||Yes||No||No||No|
|Object permission||Available||Basic||Not available||Available|
|SIEM features||Strong with Wazuh integration||Strong with Wazuh integration||Strong with Wazuh integration||Complicated and needs another license|
|Netflow support||Out of the box||Needs implementation||Needs implementation||Needs implementation|
|Central Agent Management||Fully supported||Basic feature, only for configuration tags||Not available||Fully supported|
|Vendor lock||Easy change to open source or different provider||Easy change to open source or different provider||Easy change to open source or different provider||Full vendor lock risk with additional aggressive pricing.|