With Gemini, you can start an investigation on an event using natural language. It saves us a lot of time because you don't have to apply many different filters to find, for example, applicable logging and debug information. Next to this, we can, just as in a regular chat, ask questions we have about certain CVE's or attack surfaces. This saves us a lot of time and, because of this, also less experienced SOC operators can find their way in the system. Another thing we noticed is the speed and uptime of the platform, the GUI always responds fast and we have never experienced an outage yet and because of the speed, we are confident to push all of our logs to the system, giving us a real image of the state of our network. This is also possible by the large number of parsers available, making it possible to connect all of our different equipment and brands to the system. Because of the excellent GUI and single pane of view, our SOC team can quickly analyze the state of our network and possible issues within it. Also
January 19, 2026
1. YARA-L rule language has a steep learning curve for teams migrating from Splunk SPL or traditional SIEM query languages. 2. SOAR and SIEM components feel like two products stitched together with ocasional UI/UX inconsistencies. 3. Limited out-of-the-box integrations. 4. Documentation and onboarding resources could be more comprehensive.
March 15, 2026