Just as it says, I am looking for honest reviews of Chronicle Security as a whole. The product itself and a straightforward answer on how they do pricing based on total users in an organization. Good faith user count estimates? Count of user names in logs?

My company is a MSSP looking to replace a popular legacy SIEM (you can probably guess). We use our own proprietary reporting and incident/case aggregation tool on top on whatever security products we manage and our customers have access to those. In particular, we would like a tool or combination of tools that can act as a datalake for ultra fast searching and more than a month of searchable data. We also need the capability to easily do IOC alerting and creating custom detections. We also would like the ability to give the customer accounts on the backend DataLake/SIEM we decide on.

So far, Chronicle fits the description the best, however I haven’t heard from any sales representative after multiple requests the past few weeks. I’m surprised, I’d expect sales to be on top of new customers or potential partners. Chronicle honestly looks like a fantastic security product.

Some of you will probably ask if we have tried various other SIEMs/XDRs, so I will list what we will try and what doesn’t quite fit what we need as an MSSP.

Various Elastic SIEMs. We use one for some other customers, and aren’t interested in expanding beyond what exists due to the new Elastic License restrictions. We’ve also experienced abnormal failures with the product. Many seem to be only 1 month hot searchable data.

Rapid7 InsightIDR: We are interested in doing a POC.

Splunk: Too expensive, overrated imo.

Sentinel: I personally love it, but our customers don’t have an only Azure ecosystem, and have heard it is on the expensive side (I don’t have a quite myself)

Palo Alto Cortex DataLake + XDR: We are interested in POCing and getting estimates.

FortiSiEM: Initially we liked the MSSP capabilities, however we have found that rule tuning will fail for unknown reasons.

Share This Discussion

Leave a Comment

Note: By filling this form and submitting your commen, you acknowledge, agree and comply with our terms of service. In addition you acknowledge that you are willingly sharing your email address with AiOWikis and you might receive notification emails from AiOWikis for comment notifications. AiOWiksi guarantees that your email address WILL NOT be used for advertisement or email marketting purposes.

This site uses Akismet to reduce spam. Learn how your comment data is processed.