Netsurion Managed Open XDR

XDR · Co-Managed SOC · MDR · MSSP

Netsurion Managed Open XDR is a co-managed security operations service built around Netsurion's Open XDR platform, managed SIEM, workflow automation and 24/7 SOC. After an alert, Netsurion monitors, hunts, correlates, triages and provides guided remediation or platform-driven automated response, while the buyer or MSP still owns response authority, business remediation, source coverage and optional add-on scope.

Service
Co-Managed SOC
Handles
Co-manage the SOC
Price
Quote-based, with pay-as-you-grow packaging referenced for MSP buyers
  • Co-manage the SOC
  • Fort Lauderdale, Florida
  • 200-500
  • Founded 2009
Visit website

Shortlist fit

SMB and mid-market teams that want managed SIEM and SOC coverage without building their own SIEM program

Provider handles

Service shares SOC workflow with your team or MSP while you keep control.

Check before buying

Choosing which endpoints, cloud services, identity systems, network tools and SaaS sources are in scope

Also fits

  • MSPs that need a multi-tenant managed security service with pay-as-you-grow packaging
  • Buyers that want log collection, compliance reporting and managed detection in one platform
  • Teams that can keep response approvals and business remediation in house while Netsurion handles monitoring and guidance

Can replace

  • Some self-managed SIEM operation, log collection and alert tuning work
  • Some after-hours monitoring, investigation and threat-hunting workload
  • Some compliance log management and reporting work

Coverage

Provider covers

  • Open XDR platform with managed SIEM, log collection, correlation and 400-day standard log management in the public solution brief
  • 24/7 SOC monitoring, threat hunting and guided remediation
  • Workflow automations and service integrations for incident triage and orchestration

Your team still owns

  • Approving response authority, escalation paths and the incident-response plan
  • Completing business remediation, recovery and user communication after confirmed incidents
  • Buying or managing optional endpoint security, vulnerability management, incident support and extended retention

Tradeoffs

Works well

  • Co-managed model fits buyers that want SOC help while keeping visibility into the security operations platform
  • Managed SIEM and log retention make it useful for compliance-driven buyers that need more than endpoint MDR
  • MSP-oriented packaging, multi-tenant management and pay-as-you-grow language are clearer than many enterprise-only SOC providers

Watch out for

  • Public pricing is quote-based, with no current numeric list price for Managed Open XDR
  • Response ownership is not the same as full provider-owned containment or DFIR
  • Feature depth depends on Essentials, Enterprise and optional modules, so package comparison matters

Reviews

Review synthesis

G2 and Gartner reviews mostly describe Netsurion through managed SIEM and EventTracker experience: buyers value support, reports, log visibility and reduced internal monitoring work. The recurring cautions are setup effort, search or dashboard complexity, delayed or unclear communication and the need to verify whether newer Open XDR and Lumifi-owned delivery match older EventTracker reviews.

Customers like

  • Reviews mention managed SIEM support, useful reports and alert tuning that gives internal teams time back
  • MSP and mid-market users call out co-managed SIEM as a practical way to add SOC coverage
  • Reddit discussion often places EventTracker or Netsurion among MSP-oriented managed SIEM options

Watch out for

  • Some reviewers describe setup, search or dashboard work as less simple than expected
  • Older G2 reviews include communication and public-cloud service-model caveats
  • Reddit evidence is mostly shortlisting and category discussion, not detailed current Netsurion customer experience

Pricing

Price
Quote-based, with pay-as-you-grow packaging referenced for MSP buyers
Billing
Tiered, Custom

Questions to ask

  1. Which Open XDR package are we buying, and which data-source integrations are included versus optional?
  2. Which automated response actions can the platform take, and which remediation steps only come as SOC guidance?
  3. Will support, renewal and roadmap ownership sit with Netsurion, Lumifi, an MSP or another channel partner?

Integrations

SIEM
  • Netsurion Open XDR
  • EventTracker
EDR / Endpoint
  • Netsurion managed endpoint security
  • SentinelOne
  • Carbon Black
  • CrowdStrike
  • Windows Defender
Cloud
  • AWS
  • Azure
  • Microsoft 365
  • Google Workspace
Other
  • Active Directory
  • Okta
  • Duo
  • ConnectWise
  • Cisco
  • Fortinet
  • Palo Alto Networks
  • Sophos
  • VMware

Editorial notes

Why co-managed SOC

Netsurion's public material describes Managed Open XDR as a co-managed service with Open XDR, managed SIEM, workflow automation, 24/7 monitoring, threat hunting, tuning, training and customer success. That is broader than alert forwarding but still leaves incident-response authority and business remediation with the buyer or MSP.

Response boundary

Official material supports automated response by Open XDR and guided remediation by the 24/7 SOC. It also says successful incident response centers on the customer and that partners may be enlisted for hands-on DFIR, so the profile should not imply Netsurion owns every containment or recovery step.

Package boundary

The 2024 solution brief separates Essentials and Enterprise features. Threat hunting, full compliance reports, full data-source integrations, data-source tuning, implementation project management, incident and audit support and extended retention can vary by package or option.

Pricing boundary

Netsurion references pay-as-you-grow pricing for service-provider buyers but does not publish current Managed Open XDR list pricing. Old EventTracker Log Manager prices are legacy product signals and are not used as current public pricing.

Ownership change

Lumifi acquired Netsurion on May 21, 2024 and said the acquisition added more than 400 Netsurion clients. Buyers should ask how Lumifi's SOC, SHIELDVision platform, support model and roadmap affect Netsurion Open XDR customers.

Questions

Is Netsurion Managed Open XDR an MDR service or a co-managed SOC?
It has MDR and XDR elements, but this profile classifies it as co-managed SOC because Netsurion brings Open XDR, managed SIEM, workflow automation, 24/7 SOC monitoring, tuning and customer collaboration while the buyer or MSP keeps response authority and business remediation.
Does Netsurion contain threats for the buyer?
Public material supports automated response by the Open XDR platform and guided remediation by the 24/7 SOC. Buyers should confirm which actions are automatic, which require approval and whether hands-on DFIR is included or partner-led.
Is Netsurion pricing public?
Netsurion references pay-as-you-grow pricing for service-provider buyers, but current Managed Open XDR list pricing is not public. Ask for package tier, monitored sources, optional modules, retention and channel terms.