We just raised a $30M Series A: Read our story

Which SIEM for small and medium-sized companies do you consider the most economical?


Hi community,

Which SIEM for small/medium-sized companies do you consider the most economical?

Splunk, Security Onion, UTMStack, other? What do you like about it vs other ones?

ITCS user
312 Answers

author avatar
ExpertModeratorReal User

Personally, the way I have analyzed is depending on the requirement of the organization and size of logs to be analyzed I have used the tools mentioned below for Small and medium-sized enterprises. Also, I do check for the below-mentioned minimum criteria:

-Real-Time Monitoring and Alerting.
-User Activity Monitoring.
-Use Case Investigations.
-Threat Detection Across the Environment.
-Long-Term Event Storage.



-AlienVault USM



author avatarGiusel

@Shibu Babuchandran UTMStack is a free Next-Gen SIEM and compliance platform that includes all the essential cybersecurity services, flatting the learning curve and reducing cybersecurity costs to small and medium-sized enterprises. Also, it includes all those features that you mention before. 

author avatarEvgeny Belenky
Community Manager

@Giusel please avoid "sales/marketing" pitches towards the IT Central Station community. 
In addition, the tool isn't free but has a free community edition only. Am I wrong? Let's operate with technical facts. Thanks for respecting our Guidelines (please see section "Help Others").

author avatarGiusel

@Evgeny Belenky UTMStack delivers a free version all the time if the enterprises decide it. 
This version contains all the UTMStack functions, but the log retention is for 30 days, and Support is community-based in the user community.

author avatarEvgeny Belenky
Community Manager

@Giusel thank you for your response!

Also, I suggest making it clear to the community: the company is a vendor (for profit). One of the options offered by the company is the Community edition and it's free.

The next question that I would like to ask you along with other community professionals, is whether having the log retention for 30 days is sufficient enough and makes sense for an enterprise. What is the best practice?

author avatarGiusel

@Evgeny Belenky Log retention for 30 days is usually enough for most small and medium-sized businesses looking for threat management and detection capabilities. 

One popular example of this is Alienvault OSSIM which also has 30 days of retention. 

More than 30 days is usually required when organizations are looking for compliance certifications like HIPAA or GLBA. In this case, they can archive this by backing up the logs older than 30 days from the UTMStack server. 

The only real differentiation between the enterprise and community versions are the automated management and archiving of logs older than 30 days and the support provided, but you can actually accomplish the same things with the free edition with some legwork smile :)

author avatarDavid Swift
Top 5Real User

@Shibu Babuchandran Splunk gets expensive as your size grows. It's the St. Bernard puppy.  
ELK Metron, Greylog are the common entry log collectors if you have a minimal budget. But I would suggest small organizations should look to partner with an MSSP for managed SOC/SIEM services and Incident Response to supplement staffing.

author avatarGiusel

@David Swift, I agree with you. However, suppose small and medium-sized businesses want to acquire SIEM products to manage vulnerabilities, compliance, log management, correlation, dark web monitoring, etc. In that case, UTMStack can be a cost-effective solution. What do you think?

author avatarSteffen Hornung
Top 5LeaderboardReal User

@Evgeny Belenky It is quite clear to me. Dont know if you noticed @Giusel ​'s Vendor Badge and it is in her profile too.Community Guidelines are good but I found your approach quite harsh.Even their pricing page mentions the community version which not all vendors do so. Most hide that on another domain to net get a cheap idea...Whats included seems rather sensible for the price. No feature-cut, just the log retention and support constraints is very well for the price paid on the community version. Dont know if the monthly updates is an obstacle compared to the dailies on Enterprise.

author avatarEvgeny Belenky
Community Manager

@Steffen Hornung thank you for your feedback! 
One of the community goals is to make sure there is no "vendor-biased" content as our members trust this community. The Vendor label is one of the ways to be explicit about it. Another one is moderation (we've been constantly doing this). 

If it is clear to you and, hopefully, to all other community members, we're achieving this goal. Thanks again for your contribution and this valuable feedback!

author avatar
Top 5LeaderboardReal User

ELK, graylog, OSSIM and Apache Metron (or another Hadoop-like open implementation).  

author avatar
Community Manager

Hi @HimanshuTejwani, @Steffen Klein, @Balamurali Vellalath and @reviewer1467852. Please share your professional opinion with the community.


Find out what your peers are saying about Splunk, IBM, Devo and others in Security Information and Event Management (SIEM). Updated: October 2021.
554,382 professionals have used our research since 2012.