Anomali vs Elastic Security comparison

Anomali and Elastic are both solutions in the Security Information and Event Management (SIEM) category. Anomali is ranked #32 with an average rating of 8.5, while Elastic is ranked #5 with an average rating of 8.5. Additionally, 80% of Anomali users are willing to recommend the solution, compared to 86% of Elastic users who would recommend it.

Comparison Buyer's Guide

Download the report

Executive SummaryUpdated on Jan 18, 2026

Anomali and Elastic Security operate in the cybersecurity sphere. Anomali is strong in data threat detection, while Elastic Security excels with analytics and search functionalities, offering a more comprehensive feature set.

Features: Anomali supports robust threat detection through detailed threat analysis and tailored intelligence. Elastic Security is notable for its powerful search capabilities, real-time monitoring, and strong integration features.

Room for Improvement: Anomali could enhance its analytics capabilities, expand search functionalities, and improve feature integration. Elastic Security may improve initial deployment simplicity, diversify threat detection, and offer tailored threat intelligence solutions.

Ease of Deployment and Customer Service: Anomali provides a straightforward deployment with comprehensive support, ensuring quick setup. Elastic Security may present a more complex deployment process due to its extensive feature set but offers robust support options to aid implementation.

Pricing and ROI: Anomali offers competitive pricing with potential for immediate ROI through its focus on threat detection. Elastic Security's pricing may be higher, reflecting its extensive features, potentially providing long-term returns for organizations utilizing its broad capabilities.

To learn more, read our detailed Anomali vs. Elastic Security Report (Updated: March 2026).

Buyer's Guide

Anomali vs. Elastic Security

March 2026

Download the complete report

Helped 884,873 peers since 2012

Review summaries and opinions

We asked business professionals to review the solutions they use. Here are some excerpts of what they said:

Categories and Ranking

Cortex XDR by Palo Alto Net...

Featured Reviews

ABHISHEK_SINGH

Senior Process Expert at A.P. Moller - Maersk

Gained full visibility and streamlined threat detection through behavior-based insights and AI integration

Initially, we got to have a lot of false positives when we onboarded, but nowadays it's quite smooth. We have fine-tuned our security policies and allowed different levels of policies to get rid of those false positives. Currently, we are getting a fairly good amount of incidents that are not false positives or benign, but actionable items. The process is streamlined. In the initial days, the operations used to get involved in a lot of benign and other activities, but now the process is streamlined. We are leveraging the auto-detection and remediation plans. The operations teams are now more involved in other business roles as well, not just looking into the logs and fetching out what's happening there. They have fixed a lot of things. Initially, they didn't have IAC code drift detection, cloud posture management, or security posture management, but they have those now. They purchased different vendors and did a merger with that. They have now Prisma Cloud that gets integrated and now they are working with Cortex Cloud. Everything that was negative has now been addressed, and the product altogether looks to be in a very better and mature shape now. Currently, it's more or less detecting the workloads with AI-based best practices. Since most organizations are consuming AI agents and other things, we are looking forward to seeing what other feature enhancements Palo Alto can support in that.

Read full review

ChrisCollins

Enterprise Security Architect V at FirstEnergy

Enables automated threat intelligence sorting and enhances proactive threat hunting capabilities

You have to have at least a threat intelligence background or a SOC analyst background to use it, as that's the information you'll dig around with in there. If you don't have that kind of knowledge, it probably can be a little hard to use, but they do provide training. They offer training not only for how to use the platform but also some basic threat intelligence training to explain what these things are and what these terms mean. My company is a customer of Anomali. I would recommend it to other people. I would advise making sure you don't pick it without testing other products and have your use cases well thought out and documented before testing, so you know it will solve the problems you're trying to address. Keep an open mind with it and realize that whatever you can dream of, you can probably do with the platform. Overall, I would rate Anomali an eight out of ten.

Read full review

Laurentiu Popescu

Chief Product Officer at ClusterPower

Has improved threat detection with deep log analysis and streamlined investigation workflows

The most useful features I find in Elastic Security are the forensic ones that allow us to carry deeper analysis into the logs for in-depth investigations, and the dashboards, with the reporting dashboard being quite user-friendly. Elastic Security is quite good at identifying threats, as it is part of the deep investigation tool that I mentioned before. Unless we need to look further into a certain log, we can carry out a deeper analysis and forensics on those particular logs. I can assess the impact of Elastic Security's real-time data analysis on our threat response efficiency as working pretty good. We are looking for real-time analysis because we have a continuous inflow of logs from different sources: from our cloud, from Active Directory, from our network. So it works pretty well.

Read full review

Quotes from Members

We asked business professionals to review the solutions they use. Here are some excerpts of what they said:

Pros

"The normal protection was really effective, and we detected situations that if we didn't have Cortex XDR by Palo Alto Networks, it's highly likely that we would have been affected, but it protected the infrastructure."

"The protection offered by this product is good, as is the endpoint reporting."

"The main benefit of using Cortex XDR by Palo Alto Networks while employing Palo Alto Firewall at the internet edge is that it improves security on our endpoint devices, integrating seamlessly with Palo Alto Firewalls to deliver comprehensive network, analyst, and security details all in a single dashboard, which allows us to manage everything from our network devices."

"It is an easy-to-use tool."

"The positive impacts I see from Cortex XDR by Palo Alto Networks include a complete 360-degree view of our security posture altogether, being a uniform platform where we are ingesting logs from multiple resources."

"Cortex XDR by Palo Alto Networks should be a stable solution."

"Cortex XDR by Palo Alto Networks is easy to use and does not consume a lot of hardware resources."

"The most valuable feature of Cortex XDR by Palo Alto Networks is the low consumption of system resources. The solution uses a lot of AI and machine learning."

More Cortex XDR by Palo Alto Networks pros

"The feature I have found most valuable is credential monitoring. This feature is easy and quick."

"We now have a very robust collection of threat intelligence based on the capabilities that Anomali provides."

"I have found Cyber threat intelligence (CTI) very useful and concise. The solution is easy to use."

"The most valuable aspect of Anomali is the threat modeling capability."

"Enables monitoring of application performance and the ability to predict behaviors."

"Elastic has a lot of beats, such as Winlogbeat and Filebeat. Beats are the agents that have to be installed on the terminals to send the data. When we install beats or Elastic agents on every terminal, they don't overload the terminals. In other SIEM solutions such as Splunk or QRadar, when beats or agents are installed on endpoints, they are very heavy for the terminals. They consume a lot of power of the terminals, whereas Elastic agents hardly consume any power and don't overload the terminals."

"I can look at events from more than one source across multiple different locations and find patterns or anomalies. The machine learning capabilities are helpful, and I can create rules for notifications to be more proactive rather than responding after something has gone wrong."

"The product has huge integration varieties available."

"We've found the initial setup to be quite straightforward."

"Elastic Security is cost-effective compared to Defender and CrowdStrike."

"It is the best open-source product for people working in SO, managing and analyzing logs."

"It's simple and easy to use."

More Elastic Security pros

Cons

"I would like to see them include NDR (Network Detection Response)."

"It should support more mobile operating systems. That is one of the cons of their infrastructure right now."

"The product's pricing needs improvement. They could provide more discounts. Additionally, the dashboard and control panel could be enhanced."

"Being able to filter the events to see those that are related to the actual alert would save time spent by the engineer."

"There are some false positives. What our guys would have liked is that it would have been easier to manipulate as soon as they found a false positive that they knew was a false positive. How to do so was not obvious. Some people complained about it. The interface, the ESM, is not user-friendly."

"The solution should offer more dashboards and they should be better customized."

"Currently, we are monitoring all USB drives and ports but we would like to improve our device control capabilities."

"The solution lacks real-time, on-demand antivirus."

More Cortex XDR by Palo Alto Networks cons

"An area for improvement is the intelligence sharing within the Anomali community. The tagging system can be inconsistent, as any company can use any tags for their reporting."

"Less code in integration would be nice when building blocks."

"A lot of tools can give you many features, such as CTI intelligence and a tax service reduction. However, many people are combining different tools together to have more capabilities. It is up to the consumer whether they want to have multiple tools or have one tool that serves the purpose. Anomali Enterprise could improve by combining all the other tools' features into one solution."

"Support in the past has been top-notch, but recent trends indicate that it has taken a back seat, as we often don't get answers for days."

"This type of monitoring is not very mature just yet. We need more real-time information in a way that's easier to manage."

"There is room for improvement in the Kibana dashboard and in the asset management for the program."

"There is an area of improvement in the Logs list. The load list may need to be paginated as there are limits."

"I think because we are a cybersecurity company, the thing that can be improved is the prebuilt tools, especially quality. Compared to its competitor, they still have fewer prebuilt security rules. Elastic Security, in terms of generating alerts, cannot group the same products into one another. Even though the alerts are the same, they still generate them one by one. So, it is very noisy in our dashboard. I would like the Elastic Security admin to group all the same alarms into one alarm so that our dashboard is not noisy."

"It is difficult to anticipate and understand the space utilization, so more clarity there would be great."

"Installation is a little bit overwhelming, so improvements on the installation site could make it easier."

"The Integration module could be improved. It is a pain to build integration with any product. We have to do parking and so on. It's not like other commercial solutions that use profile integration. I would also see more detection features on the SIEM side."

"An area for improvement in Elastic Security is the pricing. It could be better. Right now, when you increase the volume of logs to be collected, the price also increases a lot."

More Elastic Security cons

Pricing and Cost Advice

"We didn't have to pay any additional fee for the cloud instance. It just came with the renewal, which was nice."

"Its pricing is kind of in line with its competitors and everybody else out there."

"The price of the solution could be reduced. I have customers that have voiced that the solution is good for the value but if I want to sell more of the solution the price reduction would help."

"The price is on the higher side, but it's okay."

"I don't have any issues with the pricing. We are satisfied with the price."

"It is present, but when compared to other competitive products, I would say it is not less expensive; however, when all of the other added values are considered, the price is reasonable."

"I am using the Community edition."

"Compared to CrowdStrike, Cortex XDR is an expensive solution."

More Cortex XDR by Palo Alto Networks pricing and cost advice

"When comparing the price of Anomali Enterprise to other solutions it is in the medium to high range. However, I am satisfied with the price."

"Compared to other tools, Elastic Security is a cheaper solution."

"It is easy to deploy, easy to use, and you get everything you need to become operational with it, and have nothing further to pay unless you want the OLED plugin."

"The tool's pricing is flexible and comes at unit cost. You don't have to pay for everything."

"The product offers an amazing pricing structure. Price-wise, the product is very competitive."

"Affordable but with additional costs"

"We use the open-source version, so there is no charge for this solution."

"The licensing cost of Elastic Security is based on the daily ingestion rate. I can't recall the exact figure, but for 10GB of log action daily, it would cost around $20,000."

"The price is reasonable. It probably costs the same as ArcSight and LogRhythm SIEM. FortiSIEM might cost less than Elastic Security. There are no hidden or additional costs."

More Elastic Security pricing and cost advice

See which vendors are best for you

Use our free recommendation engine to learn which Security Information and Event Management (SIEM) solutions are best for your needs.

See recommendations

884,873 professionals have used our research since 2012.

Top Industries

By visitors reading reviews

Computer Software Company

Manufacturing Company

Financial Services Firm

Comms Service Provider

Financial Services Firm

16%

Computer Software Company

Manufacturing Company

Educational Organization

Computer Software Company

10%

Government

Comms Service Provider

Manufacturing Company

Company Size

By reviewers

Large Enterprise

Midsize Enterprise

Small Business

By reviewers
Company Size	Count
Small Business	44
Midsize Enterprise	20
Large Enterprise	47

By reviewers
Company Size	Count
Small Business	2
Midsize Enterprise	1
Large Enterprise	5

By reviewers
Company Size	Count
Small Business	40
Midsize Enterprise	11
Large Enterprise	15

Questions from the Community

Cortex XDR by Palo Alto vs. Sentinel One

Cortex XDR by Palo Alto vs. SentinelOne SentinelOne offers very detailed specifics with regard to risks or attacks. ...

See all answers

Comparing CrowdStrike Falcon to Cortex XDR (Palo Alto)

Cortex XDR by Palo Alto vs. CrowdStrike Falcon Both Cortex XDR and Crowd Strike Falcon offer cloud-based solutions th...

See all answers

How is Cortex XDR compared with Microsoft Defender?

Microsoft Defender for Endpoint is a cloud-delivered endpoint security solution. The tool reduces the attack surface,...

See all answers

What needs improvement with Anomali ThreatStream?

An area for improvement is the intelligence sharing within the Anomali community. The tagging system can be inconsist...

See all answers

What is your primary use case for Anomali ThreatStream?

I use Anomali ( /products/anomali-reviews ) for threat hunting, threat collection, operationalization of intelligence...

See all answers

What advice do you have for others considering Anomali ThreatStream?

For new users, I recommend taking the training provided by Anomali as it is very well articulated. I advise reading t...

See all answers

Datadog vs ELK: which one is good in terms of performance, cost and efficiency?

With Datadog, we have near-live visibility across our entire platform. We have seen APM metrics impacted several time...

See all answers

What do you like most about Elastic Security?

Elastic provides the capability to index quickly due to the reverse indexes it offers. This data is crucial as it con...

See all answers

What is your experience regarding pricing and costs for Elastic Security?

I am satisfied with the pricing, setup cost, and licensing cost. It is a pure 10.

See all answers

Comparisons

Microsoft Defender for Endpoint vs Cortex XDR by Palo Alto Networks

Compared 9% of the time

SentinelOne Singularity Complete vs Cortex XDR by Palo Alto Networks

Compared 6% of the time

CrowdStrike Falcon vs Cortex XDR by Palo Alto Networks

Compared 4% of the time

Cortex XSIAM vs Cortex XDR by Palo Alto Networks

Compared 4% of the time

Symantec Endpoint Security vs Cortex XDR by Palo Alto Networks

Compared 3% of the time

More Cortex XDR by Palo Alto Networks Competitors

Recorded Future vs Anomali

Compared 6% of the time

ThreatConnect Threat Intelligence Platform (TIP) vs Anomali

Compared 6% of the time

Splunk Enterprise Security vs Anomali

Compared 4% of the time

IBM Security QRadar vs Anomali

Compared 3% of the time

TrendAI Vision One – Network Security vs Anomali

Compared 3% of the time

More Anomali Competitors

Wazuh vs Elastic Security

Compared 8% of the time

Splunk Enterprise Security vs Elastic Security

Compared 5% of the time

IBM Security QRadar vs Elastic Security

Compared 5% of the time

CrowdStrike Falcon vs Elastic Security

Compared 4% of the time

Microsoft Defender for Endpoint vs Elastic Security

Compared 3% of the time

More Elastic Security Competitors

Product Reports

Buyer's Guide

Cortex XDR by Palo Alto Networks

March 2026

Download Cortex XDR by Palo Alto Networks product report

Buyer's Guide

Threat Intelligence Platforms (TIP)

March 2026

Download Anomali product report

Buyer's Guide

Elastic Security

March 2026

Download Elastic Security product report

Also Known As

Cyvera, Cortex XDR, Palo Alto Networks Traps

Match, Lens, ThreatStream, STAXX, Anomali Security Analytics

Elastic SIEM, ELK Logstash

Overview

Cortex XDR by Palo Alto Networks provides advanced threat detection with AI-driven endpoint protection and seamless integration, ensuring multi-layered security and automatic threat response.

Cortex XDR is designed to safeguard endpoints against malware and suspicious activities. It offers advanced threat detection and response capabilities using behavioral analysis, AI, and machine learning. It seamlessly integrates with security infrastructures, providing endpoint security, firewall integration, and enhanced visibility in both cloud-based and on-premises environments.

What are the key features of Cortex XDR?

Advanced Threat Detection: Uses AI and machine learning for proactive threat identification.
Multi-layered Security: Combines various security measures for comprehensive protection.
Endpoint Protection: Safeguards against malware and exploits.
Behavioral Analysis: Monitors suspicious activity for early detection.
Automatic Threat Response: Automates responses to neutralize threats.

What benefits should users expect?

Ease of Use: Simplifies security management with intuitive design.
Resource Efficiency: Minimizes impact on system resources.
Integration Capabilities: Works well with existing security setups.
Reduced Analyst Workload: Automates processes to decrease manual intervention.

Organizations in diverse sectors deploy Cortex XDR to protect against malware, leveraging its advanced threat detection capabilities. Its integration with existing security infrastructures appeals to those seeking comprehensive protection in both cloud and on-premises environments, providing enhanced visibility and threat intelligence.

Palo Alto Networks

Anomali delivers advanced threat intelligence solutions designed to enhance security operations by providing comprehensive visibility into threats and enabling real-time threat detection and management.

Anomali stands out in threat intelligence, offering an innovative platform that integrates data to identify and analyze threats effectively. It enables teams to streamline threat detection processes and respond to incidents with increased agility. With a focus on accuracy and efficiency, Anomali supports cybersecurity professionals in making informed decisions to safeguard their networks consistently.

What are Anomali's core features?

ThreatStream: A platform that aggregates threat intelligence feeds to enhance threat assessment.
Match: An automated detection feature that matches internal log data against threat intelligence insights.
Link: Provides graphical visualization for threat analysis, helping to understand threat vectors better.
STAXX: A lightweight tool for collecting and analyzing open-source threat intelligence.

What are the key benefits and ROI of using Anomali?

Improved Threat Detection: Streamlined processes lead to faster identification and response to threats.
Resource Efficiency: Automation reduces manual tasks, allowing security teams to focus on strategic activities.
Better Decision Making: Provides actionable insights that enable more informed security strategies.

In industries like finance and healthcare, Anomali is implemented to address specific challenges like compliance and data protection. By using this platform, organizations gain the ability to adapt to evolving threats, ensuring robust and adaptable security postures tailored to industry demands.

Anomali

Elastic Security is a robust, open-source security solution designed to offer integrated threat prevention, detection, and response capabilities across an organization's entire digital estate. Part of the Elastic Stack (which includes Elasticsearch, Logstash, and Kibana), Elastic Security leverages the power of search, analytics, and data aggregation to provide real-time insight into threats and vulnerabilities. It is a comprehensive platform that supports a wide range of security needs, from endpoint protection to cloud and network security, making it a versatile choice for organizations looking to enhance their cybersecurity posture.

Elastic Security combines the features of a security information and event management (SIEM) system with endpoint protection, allowing organizations to detect, investigate, and respond to threats in real time. This unified approach helps reduce complexity and improve the efficiency of security operations.

Additional offerings and benefits:

The platform utilizes advanced analytics, machine learning algorithms, and anomaly detection to identify threats and suspicious activities.
It offers extensive integration options with other tools and platforms, facilitating a more cohesive and comprehensive security ecosystem.
With Kibana, users gain access to powerful visualization tools and dashboards that provide real-time insight into security data.

Finally, Elastic Security benefits from a global community of users who contribute to its threat intelligence, helping to enhance its detection capabilities. This collaborative approach ensures that the solution remains on the cutting edge of cybersecurity, with up-to-date information on the latest threats and vulnerabilities.

Elastic

Sample Customers

CBI Health Group, University Honda, VakifBank

Bank of England, First Energy, UBISOFT, Bank of Hope, Blackhawk Network

Texas A&M, U.S. Air Force, NuScale Power, Martin's Point Health Care

Buyer's Guide

Anomali vs. Elastic Security

March 2026

Free Report: Anomali vs. Elastic Security

Find out what your peers are saying about Anomali vs. Elastic Security and other solutions. Updated: March 2026.

DOWNLOAD NOW

884,873 professionals have used our research since 2012.

See our Anomali vs. Elastic Security report.

See our list of best Security Information and Event Management (SIEM) vendors and best Extended Detection and Response (XDR) vendors.

We monitor all Security Information and Event Management (SIEM) reviews to prevent fraudulent reviews and keep review quality high. We do not post reviews by company employees or direct competitors. We validate each review for authenticity via cross-reference with LinkedIn, and personal follow-up with the reviewer when necessary.