Avoid Devo, querying across data sets with their system was hot garbage in comparison to both splunk and elastic. Then when you try and break up with them it becomes a whole thing.
Avoid Exabeam. Their UEBA product is riddled with problems, and they are not concerned that it does not display timestamps for when the event occurred- they display timestamps for event ingestion which can sometimes be hours off.
They also seem to outsource much of the development, maintenance and support and appear to have high turnover.
