I'm on the hunt for a new SIEM solution as we're currently using Defender XDR and Sentinel. I've been looking into options like Huntress and Ninja One, but I'm curious if anyone has other recommendations. Ideally, the solution should be compatible with Kaseya products.
5 Answers
Splunk is a heavy hitter, especially if you don’t need a managed SOC. If you’re looking for that full MDR experience, Arctic Wolf is good but don’t expect too much beyond the basics. I had a bad experience with Critical Start—terrible support!
Huntress comes highly recommended, but just a heads up, their SIEM aspect was a bit raw last I checked—definitely not ready for prime time. They do offer log aggregation which might be useful, but not much for in-house management like what you’d get with Sentinel.
Ninja One is actually an RMM, not a SIEM, so you might want to check out Arctic Wolf instead. I’ve been very satisfied with their service, especially for larger networks.
I've been using Graylog and it has been fantastic! It's great for alerting and logging, plus the dashboards are pretty easy to set up. You might find it useful for your needs as well.
If keeping costs low is a priority, I’d suggest checking out Cribl first. They're not a complete SIEM but have some great log management features. Gravwell is also a newer contender that's worth a look.
I looked into Cribl too and was impressed, but I don't think they offer full SIEM functionalities yet.
Totally agree! Their SIEM features feel more like log aggregation rather than a full-fledged SIEM. If you want in-depth analytics and custom dashboards, you might want to keep looking.