Shortlist fit
SMB and mid-market teams that want managed SIEM and SOC coverage without building their own SIEM program
Provider handles
Service shares SOC workflow with your team or MSP while you keep control.Check before buying
Choosing which endpoints, cloud services, identity systems, network tools and SaaS sources are in scopeAlso fits
- MSPs that need a multi-tenant managed security service with pay-as-you-grow packaging
- Buyers that want log collection, compliance reporting and managed detection in one platform
- Teams that can keep response approvals and business remediation in house while Netsurion handles monitoring and guidance
Can replace
- Some self-managed SIEM operation, log collection and alert tuning work
- Some after-hours monitoring, investigation and threat-hunting workload
- Some compliance log management and reporting work
Coverage
Provider covers
- Open XDR platform with managed SIEM, log collection, correlation and 400-day standard log management in the public solution brief
- 24/7 SOC monitoring, threat hunting and guided remediation
- Workflow automations and service integrations for incident triage and orchestration
Your team still owns
- Approving response authority, escalation paths and the incident-response plan
- Completing business remediation, recovery and user communication after confirmed incidents
- Buying or managing optional endpoint security, vulnerability management, incident support and extended retention
Tradeoffs
Works well
- Co-managed model fits buyers that want SOC help while keeping visibility into the security operations platform
- Managed SIEM and log retention make it useful for compliance-driven buyers that need more than endpoint MDR
- MSP-oriented packaging, multi-tenant management and pay-as-you-grow language are clearer than many enterprise-only SOC providers
Watch out for
- Public pricing is quote-based, with no current numeric list price for Managed Open XDR
- Response ownership is not the same as full provider-owned containment or DFIR
- Feature depth depends on Essentials, Enterprise and optional modules, so package comparison matters
Reviews
Review synthesis
G2 and Gartner reviews mostly describe Netsurion through managed SIEM and EventTracker experience: buyers value support, reports, log visibility and reduced internal monitoring work. The recurring cautions are setup effort, search or dashboard complexity, delayed or unclear communication and the need to verify whether newer Open XDR and Lumifi-owned delivery match older EventTracker reviews.Customers like
- Reviews mention managed SIEM support, useful reports and alert tuning that gives internal teams time back
- MSP and mid-market users call out co-managed SIEM as a practical way to add SOC coverage
- Reddit discussion often places EventTracker or Netsurion among MSP-oriented managed SIEM options
Watch out for
- Some reviewers describe setup, search or dashboard work as less simple than expected
- Older G2 reviews include communication and public-cloud service-model caveats
- Reddit evidence is mostly shortlisting and category discussion, not detailed current Netsurion customer experience
Pricing
- Price
- Quote-based, with pay-as-you-grow packaging referenced for MSP buyers
- Billing
- Tiered, Custom
Questions to ask
- Which Open XDR package are we buying, and which data-source integrations are included versus optional?
- Which automated response actions can the platform take, and which remediation steps only come as SOC guidance?
- Will support, renewal and roadmap ownership sit with Netsurion, Lumifi, an MSP or another channel partner?
Integrations
- SIEM
- Netsurion Open XDR
- EventTracker
- EDR / Endpoint
- Netsurion managed endpoint security
- SentinelOne
- Carbon Black
- CrowdStrike
- Windows Defender
- Cloud
- Microsoft 365
- Google Workspace
- Other
- Active Directory
- Okta
- Duo
- ConnectWise
- Cisco
- Fortinet
- Palo Alto Networks
- Sophos
- VMware
Editorial notes
Why co-managed SOC
Netsurion's public material describes Managed Open XDR as a co-managed service with Open XDR, managed SIEM, workflow automation, 24/7 monitoring, threat hunting, tuning, training and customer success. That is broader than alert forwarding but still leaves incident-response authority and business remediation with the buyer or MSP.
Response boundary
Official material supports automated response by Open XDR and guided remediation by the 24/7 SOC. It also says successful incident response centers on the customer and that partners may be enlisted for hands-on DFIR, so the profile should not imply Netsurion owns every containment or recovery step.
Package boundary
The 2024 solution brief separates Essentials and Enterprise features. Threat hunting, full compliance reports, full data-source integrations, data-source tuning, implementation project management, incident and audit support and extended retention can vary by package or option.
Pricing boundary
Netsurion references pay-as-you-grow pricing for service-provider buyers but does not publish current Managed Open XDR list pricing. Old EventTracker Log Manager prices are legacy product signals and are not used as current public pricing.
Ownership change
Lumifi acquired Netsurion on May 21, 2024 and said the acquisition added more than 400 Netsurion clients. Buyers should ask how Lumifi's SOC, SHIELDVision platform, support model and roadmap affect Netsurion Open XDR customers.