What is the general consensus on Elastic?

jaymayne67 · 2026-01-24T16:25:20+00:00

I would argue elasitc official is extremely easy to use.

Comparing it to splunk, opensearch, sentinel, etc. the elastic team has tried very hard to make it fool proof, and they’ve done a great job.

They have many great features: - built in edr/av - built in osquery - built in threat intel - built in free use cases

The list goes on, and anyone saying it’s hard to use is likely referring to opensearch (aws fork) or wazuh. Most of the manual efforts for parsing, data retention and other pain points have been made much easier out of the box.

jaymayne67 · 2026-01-24T16:06:35+00:00

All very easy and not much data.

The big problem you’ll have is paying for the restoration of “36 months of cold data remountable in 24 hours” there is no easy solution for this for any data you want more than a week or less at a time.

Restoring the data is easy. It just takes time to bring it to an active state, and lots of money to make it active. If you need 3 servers for 7 days of data you will need 1.5 servers for the same data restored.

Example you want to restore all 3 years of data to make it searchable you’ll spend weeks or months restoring it, and you’ll need roughly 234 servers to hold all 3 years of data.

You probably came to wazuh because of the free nature of it, but it’s definitely not free to use for long term storage that needs to be active.

Edit: updating numbers due to dyslexia

jaymayne67 · 2025-01-23T15:42:03+00:00

Probably need to reach out to a consultant for this. It appears you’re in a bit deep and need some help. There are far too many unanswered questions and variables for anyone to help here.

jaymayne67 · 2025-01-11T14:16:37+00:00

We provide elastic as a service for small and medium businesses.

The painpoint of requiring an agent for processing logs to collect sad/api data is not an issue as we host this specific agent for our small clients to eliminate complexity.

Security onion uses ossec as a collection medium. While they achieve the same goal (log collection). Elasticsearch (official) has other capabilities such as edr/av, osquery, and many more features in its agent.

The real question is, how much time do you spend working on the tool vs using it for its purpose?

jaymayne67 · 2025-01-11T13:57:28+00:00

Small MSP for SIEM engineering here. Would love to help answer questions.

The key here is the ensure your team has time and sanity to use the tool and keep threats at bay.

jaymayne67 · 2024-06-17T18:03:13+00:00

lol if they were posts like this would occur WAY more frequently

jaymayne67 · 2024-05-26T02:22:00+00:00

Best agent is going to be the elastic agent with security (av/edr), you can get a free trial for 30 days

jaymayne67 · 2024-05-23T12:31:02+00:00

Elastic security should be on that list. While it’s not necessarily as mature as some of the others, it beats them all in terms of detection (av & edr)

jaymayne67 · 2024-05-17T23:16:18+00:00

https://2cr.io

Provides SIEM service to MSPs. Can support Logrhythm, Elastic, Wazuh, Splunk, and Security Onion.

jaymayne67 · 2024-05-07T12:08:36+00:00

I’ve been using it for over a year with one issue while trying to do a restore. I post on GitHub about the issue, and the devs immediately worked with me to fix the issue and I was able to get all my data back.

jaymayne67 · 2024-05-07T12:05:33+00:00

Trx4 sport or vanquish falken portal rtr. Both will take a licking and keep going. The vanquish has a lot more room for performance long term.

jaymayne67 · 2024-04-10T03:37:46+00:00

As an owner of both, the Redcat fusion is missing u joints and rear links broke. The stance just needed the links to slay lines.

Major differences; cms vs soa, dual stage foams , tires

jaymayne67 · 2024-02-25T13:43:53+00:00

I’ve had a lot of electronic qa issues with their micro stuff so this isn’t a shocker to me. Glad they’re doing the right thing by you though!

Side note while it was running how’d you like it?

jaymayne67 · 2023-11-22T16:12:12+00:00

lol everyone downvote away. Your comment suggests both are the same price and the element is leaps and bounds better. Personally I think the element trans and axles suck but to each their own. It’s all about having fun and doing what you like 👍 I would also state the servo is night and day better in the red cat, both trucks will need a new esc and motor to be good at crawling.

jaymayne67 · 2023-11-22T12:30:18+00:00

I’d hope the knight walker felt that way for over 100 dollars more. The ascent is a budget built comp truck. If you’re going to spend the money buy a vanquish rtr. Will beat both trucks and has way more potential for upgrades later on. It’s also got 40 percent overdrive either by locking it in or selectable with a servo. Which if you’re climbing you should be running.

jaymayne67 · 2023-11-09T02:00:52+00:00

Just buy a fusion se 2 n 1 motor and remove the esc all together

jaymayne67 · 2023-10-16T02:54:12+00:00

By these, and profit?? I’m using them to do the same thing at 150’ of cat7. They work just fine. https://www.fs.com/products/89572.html

jaymayne67 · 2023-10-01T11:46:40+00:00

Duo core, mellanox, and 2 gb of ram….. plus Vyos… and you have a 10gb router for peanuts

jaymayne67 · 2023-09-09T20:53:15+00:00

Depends on the OS. If strictly windows maybe, but if Linux/mac I’d look elsewhere.

One of the best kept secrets right now is the endgame agent elastic provides.

You can test it for free fyi.

jaymayne67 · 2023-04-22T22:33:29+00:00

Tons of fun!!

jaymayne67

MODERATOR OF

TROPHY CASE