Competitors

Area Energy Logserver Elastic Stack Open Distro Splunk
Licensing Ability to buy perpetual license with professional support or subscription Only subscription Apache 2.0 Only subscription
Licensed objects Only Data nodes Data nodes + Master nodes
!!! Elastic is turning into resource based license
-> JVM based !!!
None GB of data per day
Licensed features All features included Gold features / Premium features None Standard / Premium features
Vendor support No limits for service requests.
Directly assigned consultants/engineers.
100% oriented on customer individual needs.
No separation on different license plans
Limits for number of service requests. General Git issues.
No individual approach
Premium plan only for 500GB+/day lincese Support depending on license plan Direct contact available only for Premium clients No install support from professional services
Individual approach for each customer Customer have real impact on end product.
Building unique functionalities on customer request or with a customer team.
Dedicated solution for customer’s architecture.
Consultancy for complex deployments.
Always individual approach for customer.
Strict development.
Limited to tools already released.
No changes for individual clients needs
Limited to tools already released No deployment support. Strict development Limited to tools already released No change for individual clients needs
Version 6.x now, 7.x available in Feb 2020 7.x 7.x Splunk 8
Update procedure Easy update for software Complexity of data transposition depends on changes in Elasticsearch Full support for update procedure Stable releases No support for update procedure Community instructions No support Only paid professional services
Issue and bug solving Dedicated engineer for fixing issue Live vendor communication with customer Work to understand issue and help with developing fix. Git issues No support Direct Access to Advanced Support Team only for Premium support plan
Direct contact with vendor Direct continuous contact with EMCA engineers. The possibility of on-site work. Vendor engineers are not involved in the process of implementing the customers system. Git/Forum communication only. No support regarding implementation Only paid professional services or for Premium support plan
Feature comparison
Default parsing rules Available Not available Not available Available
Technology Dashboards Available Not available Not available Available with addons
Alerting rules Available Not available Not available Not available
Risk management Available Not available Not available Not available
Playbooks Available Not available Not available Not available
Blacklist Out of the box Needs implementation Needs implementation Needs implementation or Extra license for SIEM app
Incident management Out of the box Not available Not available Extra license for SIEM app
Reporting feature Available Available Not available Available
User Management, RBAC Local, AD, Radius, SSO Local, AD, Radius, SSO Local, AD, SSO Local, AD, SSO
AD Bind password encryption Yes No No No
Internal audit Available Available Available Available
Object permission Available Basic Not available Available
Clustering setup Easy Easy Easy Advanced
SIEM features Strong with Wazuh integration Strong with Wazuh integration Strong with Wazuh integration Complicated and needs another license
Netflow support Out of the box Needs implementation Needs implementation Needs implementation
Central Agent Management Fully supported Basic feature, only for configuration tags Not available Fully supported
Vendor lock Easy change to open source or different provider Easy change to open source or different provider Easy change to open source or different provider Full vendor lock risk with additional aggressive pricing.