Gurucul logo

    Gurucul

    Sold by
    Gurucul Security Analytics and Operations platform is a flexible platform for modernizing security operations. Security teams can trust in Gurucul to provide greater visibility, reduce manual tasks, prioritize investigations, detect threats out-of-the-box, and provide targeted risk-driven response actions.

    Ratings and reviews

    3.5
    3 ratings
    3 star
    1 star
    33%
    33%
    0%
    33%
    0%
    1 AWS reviews
    |
    2 external reviews
    External reviews are from G2 .

    Filters

    Review type

    AWS Marketplace reviews
    External reviews
    Reviews (3)
    Pasanj Pasanj

    Advanced analytics have strengthened our threat detection and improved incident response

    Reviewed on Jun 30, 2026
    Review from a verified AWS customer

    What is our primary use case?

    My main use case for Gurucul Security Analytics and Operations Platform is SIEM and user entity behavior analytics.

    I manage Gurucul for a client, and one case is when any user compromises their devices or has any unauthorized access. We detect alerts from this tool and monitor the Gurucul Security Analytics and Operations Platform portal.

    We have a display in our company, and through that, we have a couple of dashboards that alert us to any kind of abnormality detection, which pops up on our TV screens, allowing us to contact our client accordingly.

    We create many dashboards for our client, and through our SOC, it is very easy to monitor; anyone who is sat on the SOC can do a great job.

    What is most valuable?

    The best feature Gurucul Security Analytics and Operations Platform offers is its analytics. When I heard about this feature, it was quite new to us for a SIEM as a feature. Gurucul Security Analytics and Operations Platform gave the first kind of impression from this platform, and I was impressed with this feature; it is doing a great job.

    Overall, this feature has covered most scenarios for now, including any kind of data exfiltration, lateral movement, or insider threat detection, so it covers almost all areas. I can say they are doing a great job regarding most of the security posture issues for any kind of organization.

    Gurucul Security Analytics and Operations Platform has positively impacted our organization and client by allowing us to notice compromised accounts most of the time. Some users, not from a technical background, often make mistakes that lead to their end devices being compromised, and they are usually unaware. We can detect these compromised accounts from our SIEM tool, which is a great opportunity for our company and client to improve their security posture.

    Of course, we have seen measurable results, such as a reduction in incidents and faster response times. If any incident happens, such as a user compromising their account while being unaware, we take that as an example and educate all staff of the client to avoid such activities, such as clicking a malicious URL or visiting a malicious site. Through that, we could improve their security posture and knowledge about security.

    What needs improvement?

    I feel the dashboard of Gurucul Security Analytics and Operations Platform is not always user-friendly. I still feel the dashboard could be understandable even by a non-technical person. It could be complex since it is a SIEM tool, but if we can improve the dashboard so that non-technical people can identify any kind of thing, this would be a very great tool.

    For how long have I used the solution?

    I have been using Gurucul Security Analytics and Operations Platform for more than two years.

    What do I think about the stability of the solution?

    For now, I have not noticed any issues with the accuracy and reliability of output from Gurucul Security Analytics and Operations Platform, although we got a couple of false positive alerts. I think maybe we configured our dashboard incorrectly, but since then we have improved that. Currently, we are good.

    We have not experienced any glitches or missed opportunities regarding attacks or security incidents, which means clients can trust this product 100% based on my experience.

    Which solution did I use previously and why did I switch?

    Since I do not have any experience with other kinds of SIEM tools, I cannot provide any kind of comparison or improvement here. For now, I am satisfied.

    What other advice do I have?

    I am not quite familiar with the governance part of Gurucul Security Analytics and Operations Platform, as I have not used their features related to that, so I cannot comment. I give this review a rating of 9.

    Which deployment model are you using for this solution?

    Public Cloud

    If public cloud, private cloud, or hybrid cloud, which cloud provider do you use?

    Nahoum A.

    Tedious Cloud Integration reduces scalability

    Reviewed on Dec 12, 2024
    Review provided by G2
    What do you like best about the product?
    At a large enterprise, working as a security analyst, Gurucul’s REVEAL platform has proved beneficial to me. The machine-based analytics greatly decrease alert fatigue which is caused by the number of alerts by focusing on the high risk threats.
    What do you dislike about the product?
    Security data to be processed in REVEAL has to be moved to the cloud which is quite a tedious process. This poses a problem to our utilization of the scaling and versatility of cloud based security analytics.
    What problems is the product solving and how is that benefiting you?
    Gurucul solves the problem of having to go through countless security alerts by using machine learning to triage actual threats. This means that I have enough time to concentrate and use my experience to analyze only the most significant matters.
    Sujeet Y.

    GURUCUL SIEM Review

    Reviewed on Sep 27, 2024
    Review provided by G2
    What do you like best about the product?
    The dashboard is self explanatory and covers all the aspect related to security posture. The pre-built parser used for ingesting logs of various devices are reliable and there is no data loss from the bucket.
    What do you dislike about the product?
    The various threat intel integration feeds although, integrated but the alerts take significant amount of time to populate on the console. The TI feed ingesting parser needs modulation in itslef.
    What problems is the product solving and how is that benefiting you?
    Earlier we had seperate tools for SIEM ingesting purpose, threat hunting tool, and maintaining other security postures. But, with the Gurucul inception in our infra we are able to ingest and visualize all the security reated paramaeters on the single console. Additionally, the ML feeds provided for UEBA works on heuristic algorithm which is at par with industry standards.