We want to deploy Elastic SIEM and do know what to choose Enterprise or Free?
What the difference in implementation or perfomance for Security?
I read docs, they mention Machine Learning, External Alerting and searchable snapshots...
Could you share if you had troubles in deploying or else with Elastic SIEM
besides what you mentioned, you also won't have LDAP or SSO support.
If you want to share collected data with other teams, then also creating roles and granting permissions is limited.
To overcome the external alerting limitation, Elastalert2 needs a bit of setup, but might be a way out.
Apache, Apache Lucene, Apache Hadoop, Hadoop, HDFS and the yellow elephant
logo are trademarks of the
Apache Software Foundation
in the United States and/or other countries.