My main use case for Falcon LogScale is using it as a SIEM to collect logs. I collect all firewall logs and Active Directory logs through Falcon LogScale as a SIEM for collecting logs.
CrowdStrike Falcon LogScale: Log Management
CrowdStrikeExternal reviews
18 reviews
from
and
External reviews are not included in the AWS star rating for the product.
Improved log visibility has simplified troubleshooting across firewall and directory events
What is our primary use case?
What is most valuable?
Falcon LogScale offers excellent features, with scalability being the most notable. The search speed stands out to me as particularly good. Falcon LogScale has positively impacted my organization by providing visibility of the logs, making it easier for us to troubleshoot any issues. The visibility makes troubleshooting easier overall because you can see the logs.
What needs improvement?
I do not see any improvements needed for Falcon LogScale at this time.
For how long have I used the solution?
I have been using Falcon LogScale for one year.
What do I think about the stability of the solution?
Falcon LogScale is stable.
What do I think about the scalability of the solution?
Falcon LogScale's scalability is straightforward; you simply connect it to different log resources and that is all that is required.
How are customer service and support?
Falcon LogScale's customer support is great. I would describe my experience with their customer support as responsive and helpful. I would rate the customer support a 10 on a scale of one to 10.
How would you rate customer service and support?
Positive
Which solution did I use previously and why did I switch?
I did not previously use a different solution before Falcon LogScale.
What's my experience with pricing, setup cost, and licensing?
My experience with pricing, setup cost, and licensing is that it is straightforward, and the cost is quite low.
Which other solutions did I evaluate?
Before choosing Falcon LogScale, I did not evaluate other options.
What other advice do I have?
My advice to others looking into using Falcon LogScale is that it is easy to use and very efficient. I would rate this review a 9 out of 10.
Which deployment model are you using for this solution?
Hybrid Cloud
If public cloud, private cloud, or hybrid cloud, which cloud provider do you use?
AI-powered fast search and data retention boosts efficiency and reduces storage costs
What is our primary use case?
Initially, the log was for log management. We store our logs for achieving compliance and log retention for longer periods. This function, LogScale, is now a platform where we can do correlation as well. It has become a next-generation SIM.
How has it helped my organization?
The solution definitely saves us time because it has a Google-like search. We can pull out log information in seconds, whereas traditional solutions would take hours or days. Additionally, the compression ratio is very high, which means our storage costs are minimal.
What is most valuable?
The fast search and index-free data retention are very valuable. The platform now works on an AI and ML-based engine, and we can analyze anything that is stored.
What needs improvement?
The integration could improve. Easy parser writing should be an option to ingest log in a human-readable format for unsupported devices. For visibility perspective, the dashboard should be more user-friendly. It should visualize what is happening in the complete ingestion, showing how many log sources there are, data volumes, and use cases or correlation rules triggered based on AI and ML analytics.
For how long have I used the solution?
We have used LogScale for approximately one and a half years.
What do I think about the stability of the solution?
Stability is good. I would rate it nine out of ten.
What do I think about the scalability of the solution?
Currently, scalability needs improvement in the visualization and representation of LogScale. The integration needs to be dimensioned.
How are customer service and support?
CrowdStrike support is good, but in some cases, it takes time to resolve on-premises solutions. I would rate the support seven out of ten.
How would you rate customer service and support?
Neutral
Which solution did I use previously and why did I switch?
There are no previous solutions mentioned.
How was the initial setup?
If the user wants to install it in their infrastructure on-premises, it's complex. If they are using a cloud as a SaaS service, it is easy.
What's my experience with pricing, setup cost, and licensing?
The pricing is average. I would rate it six or seven out of ten.
Which other solutions did I evaluate?
What other advice do I have?
LogScale can be used across all company segments.
I'd rate the solution eight out of ten.
Fast search results, transformative data analysis, and easy to set up
What is our primary use case?
How has it helped my organization?
The traditional SIEM could not cope with the indexing algorithm, but with Falcon LogScale, we can get the result within a few seconds when we search for a keyword.
What is most valuable?
One of the key features is the fast search functionality, enabling us to get results within a few seconds.
What needs improvement?
So far, there are no features in need of improvement. The price could be lower.
For how long have I used the solution?
I've been working with LogScale for about half a year.
What do I think about the stability of the solution?
There don't appear to be any complexities with stability. The rating for stability is nine out of ten.
What do I think about the scalability of the solution?
I rated scalability as eight. It has the ability to scale well.
How are customer service and support?
Customer service is rated nine out of ten. So far, so good.
How would you rate customer service and support?
Positive
How was the initial setup?
The setup process was simple. We managed to get it done within a day.
What's my experience with pricing, setup cost, and licensing?
The pricing could be lower.
Which other solutions did I evaluate?
The main competitor on the market is Splunk.
What other advice do I have?
I'd rate the solution eight out of ten.
A highly commendable and robust solution offering powerful features and comprehensive log data management
What is our primary use case?
As an MSSP company, we work with various products and tools, including Falcon EDR and Falcon LogScale by CrowdStrike. We handle the configurations, integrations, and other tasks related to these tools on our tenant. We also create dashboards, perform quarantines, and use it for log management and fast data access.
How has it helped my organization?
It allows us to efficiently manage and store our data. Its compression and archiving features not only reduce storage costs but also minimize the infrastructure resources needed for data backup. Since we have multiple security solutions in place, it allows us to streamline data handling. We can selectively send security-related events to the SIEM while directing other non-security events from various tools to Falcon LogScale. This flexibility ensures that we have access to all the data we need when required, and we can easily export this data from it as necessary, optimizing our data management and making it readily available for analysis or other purposes.
What is most valuable?
It has an impressive data retention capability, allowing you to collect and store data for up to a year. Also, its data retrieval speed is remarkable, taking just a fraction of a second to access the information you need. This combination of extensive data retention and quick data retrieval sets it apart from other log management tools I've worked with in the past. It offers the capability to view live log ingestion directly from the console which means you can seamlessly manage live log data ingestion alongside accessing and analyzing older data from the past.
What needs improvement?
There are some overlapping features found in multiple tools.
For how long have I used the solution?
We have been using it for a year now.
What do I think about the stability of the solution?
The solution remains stable without any notable issues. It performs exceptionally well when dealing with substantial data ingestion. Retrieving data from one or two months ago is virtually instantaneous.
What do I think about the scalability of the solution?
As a relatively small organization, we haven't had the chance to deploy and scale it yet. Our daily data ingestion is relatively modest, typically around fifteen to twenty GB and we don't have subsidiary branches where we can replicate the same LogScale environment for further scaling. However, we are open to exploring potential opportunities for expansion in the future.
How are customer service and support?
Around six months ago, we engaged in a workshop with one of CrowdStrike's Subject Matter Experts. During this session, they provided us with an overview of their products, explaining how they function, their capabilities, and the new features that had been added.
How would you rate customer service and support?
Positive
Which solution did I use previously and why did I switch?
I've had experience working with Global Chronicle, Sumo Logic, and Splunk, including an Indian tool. In comparison to these solutions, Falcon LogScale appears to be a well-rounded and efficient solution. It excels in certain areas where others fall short, making it a strong choice for log management in my experience.
How was the initial setup?
The initial set up is straightforward, and its operation is easily comprehensible. You can swiftly deploy it on your own without much complexity.
What about the implementation team?
For on-premises deployment, you'll require a dedicated server with specific backend requirements and you'll need to obtain the OVFA from CrowdStrike LogScale. While we haven't had the chance to perform an on-premises deployment, based on my knowledge and the available documentation, the process is estimated to take around thirty to forty-five minutes to complete.
What other advice do I have?
I would suggest that, based on your organization's log management needs, if you're already using an SIEM solution, you can complement it with Falcon LogScale for extended data ingestion and storage. It provides flexibility, allowing you to customize data retention based on your specific requirements and organizational compliance standards. You can tailor data ingestion to send security-related alerts to the SIEM while storing other logs for future use. Its capacity to handle vast amounts of data ingestion and provide lightning-fast query capabilities is a significant advantage. I would rate it nine out of ten.
A good tool but not recognized in the Cybersecurity domain anymore.
What do you like best about the product?
It possessed substantial power and incorporated regular expression (regex) support to elevate its capabilities for searching, hunting, and troubleshooting.
What do you dislike about the product?
Doesn't appear to be a widely recognized or commonly known term or tool in the realm of cybersecurity or technology.
What problems is the product solving and how is that benefiting you?
We're highly satisfied with Logscale as it significantly improves search performance, enabling us to handle larger data sets more efficiently. While Logscale currently offers fewer integrations compared to Splunk, this is changing over time. Another advantage is the option to develop custom apps when necessary. We chose the Logscale Complete Route for our transition.
Humio gives me the convenience to ingest our 1 TB of log volume on each node
What do you like best about the product?
Humio provides superb data aggregation reports thanks to its well-rounded observability framework. Its relatively easy to explore, iterate and understand all our logs and also offers excellent compatibility for our hybrid cloud deployments. We can easily pinpoint security concerns in any environment and it makes it simple to perform RCA.
What do you dislike about the product?
There's a dependency on ingest listeners while working with our Syslog data in Humio platform. Without these, Humio SaaS won't be able to accept logs from Syslog. Apart from this, we didn't encounter any hurdles while working with the Humio platform for container solutions.
What problems is the product solving and how is that benefiting you?
Container visualization is beneficial for our security team using Humio we can easily observe health check routines, capacity thresholds and drifts from the expected outcomes. The compression algorithm effectively optimizes available data size in clusters and the ratio between disks & CPU resources. We are able to manage about 1 TB of ingest log volume per day on each node which is helpful for our production setup of clustered version as per our client's specifications. Its comprehensive border security features encompass all structured & unstructured data, making it easy to analyze and correlate data in our hybrid cloud infrastructure.
Good tool for looging
What do you like best about the product?
Like the parsing tool, it's really useful when it comes to debug some errors.
What do you dislike about the product?
Hard to say, but maybe the one thing is to make some prompts when you type the application name or just some other params.
What problems is the product solving and how is that benefiting you?
Solving related logging and especially when it comes to parsing our logs to find out particular problems.
Amazingly fast and superb documentation
What do you like best about the product?
The easy integration with existing systems using raw syslog or elastic bulk ingest api and their Grafana plugin. And of course the price. Very cheap compared to other enterprise similar products.
What do you dislike about the product?
While there is a very good and comprehensive online documentation for the entire product, it is also a lot to read up on just to be able to do somewhat basic searches and alerting. But once you get a hang of it, it is no problem at all.
No pre-made parsers for syslog data, so you will most likely have to make a few parsers that breaks the log data down into individual searchable fields yourself.
No pre-made parsers for syslog data, so you will most likely have to make a few parsers that breaks the log data down into individual searchable fields yourself.
What problems is the product solving and how is that benefiting you?
We are in the process of moving all of out logging to Humio, and are already using it for alerting and in operations.
Solid Service for monitoring production applications
What do you like best about the product?
Humio provides quick access to our system logs. Quick to get up and running as a user
What do you dislike about the product?
Lack of customisation, in particular, custom views for log where some fields are more relevant than others
What problems is the product solving and how is that benefiting you?
Faster more reliable access to logging systems.
Great Service!
What do you like best about the product?
Their query language is pretty solid and the data ingest performance is much more consistent than competing services.
What do you dislike about the product?
The interface is sometimes a bit confusing, but it's understandable due to the complexity.
What problems is the product solving and how is that benefiting you?
We are able to handle large amounts of data much more efficiently than we could with previous systems.
showing 1 - 10