We performed a comparison between Sentinel and Splunk Enterprise Security based on real PeerSpot user reviews.
Find out in this report how the two Security Information and Event Management (SIEM) solutions compare in terms of features, pricing, service and support, easy of deployment, and ROI."If you know how to do KQL (kusto query language) queries, which are how you query the log data inside Sentinel, the information is pretty rich. You can get down to a good level of detail regarding event information or notifications."
"The AI and ML of Azure Sentinel are valuable. We can use machine learning models at the tenant level and within Office 365 and Microsoft stack. We don't need to depend upon any other connectors. It automatically provisions the native Microsoft products."
"What is most useful, is that it has a good connection to the Microsoft ecosystem, and I think that's the key part."
"Native integration with Microsoft security products or other Microsoft software is also crucial. For example, we can integrate Sentinel with Office 365 with one click. Other integrations aren't as easy. Sometimes, we have to do it manually."
"We are able to deploy within half an hour and we only require one person to complete the implementation."
"Having your logs put all in one place with machine learning working on those logs is a good feature. I don't need to start thinking, "Where are my logs?" My logs are in a centralized repository, like Log Analytics, which is why you can't use Sentinel without Log Analytics. Having all those logs in one place is an advantage."
"You can fine-tune the SOAR and you'll be charged only when your playbooks are triggered. That is the beauty of the solution because the SOAR is the costliest component in the market today... but with Sentinel it is upside-down: the SOAR is the lowest-hanging fruit. It's the least costly and it delivers more value to the customer."
"It's pretty powerful and its performance is pretty good."
"The most valuable feature of this solution is that it provides a central locking system for many event sources."
"The tool is simple to use."
"The most valuable feature is the flexible log for identifying security threats inside an application. Sentinel is very good at this."
"It makes everything easier by automating some tasks and growing with our needs."
"The stability is phenomenal and we never had any issues with downtime or even had to restart."
"The native integration with out-of-the box format is hassle free and allows data to be used advantageously."
"The solution lets us get all the logs properly and regularly monitor customer infrastructure."
"One of the most valuable features is the business intelligence engine. It's very important because it keeps track of everything that's happening and alerts us if something is different than expected. The first time I used it, I was shocked at how well it performed. Another valuable feature that I think makes this product worth the price you pay for it is that it connects to basically every system that provides some form of logging, and it's very easy to set up what triggers this."
"We can quickly search for almost anything across many log sources in seconds."
"The initial setup is really straightforward. It's one of the easiest installations."
"The most valuable features in Splunk are the search function and the ability to run selected session reports. The session reports are important because I can use them to see what is going on in our environment weekly. Additionally, we can use the graph to see how often that particular event is happening."
"It is very stable. We have not had any problems."
"Recently, Splunk upgraded to version 9.0.02, which includes excellent data dashboards and visualization effects."
"In the past we used the different application to collect logs. We used SurfWatch and VMware to do so. But, we found that the Splunk has more capacity to do more in less time. They provide a aster speed to index all the events , and this is a huge asset."
"We can easily configure things as required in relation to our use cases."
"The ability to analyze huge amounts of sales data and accurate prediction of sales forecasting is the most valuable feature."
"The product can be improved by reducing the cost to use AI machine learning."
"The performance could be improved. If I create 15 to 20 lines for a single-use case in KQL, sometimes it takes more time to execute. If I create use cases within a certain timeline, the result will show in .01 seconds. A complex query takes more time to get results."
"Currently, the watchlist feature is being utilized, and although there have been improvements, it is still not fully optimized."
"The on-prem log sources still require a lot of development."
"Sentinel still has some anomalies. For example, sometimes when we write a query for log analysis with KQL, it doesn't give us the data in a proper way... Also, the fields or columns could be improved. Sometimes, it is not giving the desired results and there is a blank field."
"While I appreciate the UI itself and the vast amount of information available on the platform, I'm finding the overall user experience to be frustrating due to frequent disconnections and the requirement to repeatedly re-authenticate."
"We'd like also a better ticketing system, which is older."
"We'd like to see more connectors."
"I rate Sentinel a six out of ten for scalability."
"There is no integration in the web-side of the tool."
"Creating a drag-and-drop dashboard or workbook in Sentinel is a little more complex compared to other tools like LogRhythm and IBM QRadar."
"This product's connection to certain types of cloud systems could be improved. We can do Microsoft, Google, and Amazon, but there are a lot of other things happening in the cloud that we do not connect well enough to. This product could be improved with better connection to cloud-based solutions."
"There is a need for more flexibility in customization, especially when working with different vendors and platforms."
"I would like to see a better reporting work structure on the dashboard."
"It is an ancient product."
"You need a lot of Unix scripting knowledge in order to manage the tool, which is one of the main issues that we faced."
"Splunk can be an expensive solution. Technical support could be improved as well."
"It needs more formatting control without having to be an admin."
"In the next releases, I would like to see more pricing flexibility."
"The Enterprise Security app could be improved. We have had trouble with it working from the first day."
"Make it easy to use and the cost cheaper. This will help all organisations to implement Splunk."
"It works as intended for us, and we are getting everything that we need out of it. If anything, its initial setup can be improved a bit."
"The level of scalability depends on the license you have. You can expand or reduce it based on the environment. It does cost more money to scale, however."
"Some of the terminology can be confusing, even for seasoned vets. Renaming components at this point would be a serious undertaking. However, it might be beneficial in the long run."
Sentinel is ranked 18th in Security Information and Event Management (SIEM) with 15 reviews while Splunk Enterprise Security is ranked 1st in Security Information and Event Management (SIEM) with 240 reviews. Sentinel is rated 7.6, while Splunk Enterprise Security is rated 8.4. The top reviewer of Sentinel writes "An automated solution that helped me detect threats in less than half the time it used to take". On the other hand, the top reviewer of Splunk Enterprise Security writes "It has a drag-and-drop interface, so you don't need to know SQL or Java to construct a query ". Sentinel is most compared with IBM Security QRadar, Google Chronicle Suite, Wazuh, LogRhythm SIEM and ArcSight Enterprise Security Manager (ESM), whereas Splunk Enterprise Security is most compared with Wazuh, Dynatrace, IBM Security QRadar, Elastic Security and New Relic. See our Sentinel vs. Splunk Enterprise Security report.
See our list of best Security Information and Event Management (SIEM) vendors.
We monitor all Security Information and Event Management (SIEM) reviews to prevent fraudulent reviews and keep review quality high. We do not post reviews by company employees or direct competitors. We validate each review for authenticity via cross-reference with LinkedIn, and personal follow-up with the reviewer when necessary.