Try our new research platform with insights from 80,000+ expert users

Microsoft Purview Audit vs Splunk Enterprise Security comparison

 

Comparison Buyer's Guide

Executive SummaryUpdated on Jan 5, 2025

Review summaries and opinions

We asked business professionals to review the solutions they use. Here are some excerpts of what they said:
 

Categories and Ranking

Microsoft Purview Audit
Ranking in Log Management
45th
Average Rating
8.0
Reviews Sentiment
8.1
Number of Reviews
2
Ranking in other categories
Microsoft Security Suite (31st)
Splunk Enterprise Security
Ranking in Log Management
2nd
Average Rating
8.4
Reviews Sentiment
7.6
Number of Reviews
305
Ranking in other categories
Security Information and Event Management (SIEM) (1st), IT Operations Analytics (1st)
 

Mindshare comparison

As of April 2025, in the Log Management category, the mindshare of Microsoft Purview Audit is 0.3%, down from 0.4% compared to the previous year. The mindshare of Splunk Enterprise Security is 7.4%, down from 11.1% compared to the previous year. It is calculated based on PeerSpot user engagement data.
Log Management
 

Featured Reviews

Nagendra Nekkala - PeerSpot reviewer
Enables us to create a user in the cloud and give them access to resources through a single workflow
The PAM for Active Directory is good. ActiveOps is quite useful as a feature. The One Identity active role enables us to create a user in the cloud and give them access to resources through a single workflow. We can create rules-based access. It helps us control audit management and IT access management. We can decide what people can access and detect job functions. It enables zero trust security with hybrid AD, find delegation, and role-based access control. It provides all certificates and provides secure authentication, call-based access control, et cetera. It's really important for my critical applications. We can see who's using what, whether they are authorized, and other information to decide what access to offer. With the active role console, I can find out the obvious issues and also perform a decent setup. The One Identity active roles enable us to reduce password reset times. We can handle tasks in a matter of a minute. It simplifies AD and Azure AD management, efficiency, and security overall. The password manager is very secure and is a self-service password manager solution. It is considerably decreasing my help desk tasks. Our engineering users can reset forgotten passwords, and it can implement a stronger password. The management around access to enterprise resources keeps my data and systems secure. We're easily saving at least one hour per day using this solution. The migration from AD to Azure AD is very easy. There are simple configurations, and the migration goes rather smoothly. We use the solution support for SaaS apps through Cloud Delivered SCIM connectors. There are controls that can be configured and we can add and set permissions easily.
ROBERT-CHRISTIAN - PeerSpot reviewer
Has many predefined correlation rules and is brilliant for investigation and log analysis
It is very complicated to write your own correlation rules without the help of Splunk support. What Splunk could do better is to create an API to the standard SIEM tools, such as Microsoft Sentinel. The idea would be to make it less painful. In ELK Stack, Kibana is the query language with which you can search log files. I believe Splunk has also a query language in which they search their log files, but once you have identified the log file that you want to use for further security correlation, you want to very quickly transport that into your SIEM tool, such as Microsoft Sentinel. That is something that Splunk could make a little bit less painful because it is a lot of effort to find that log file and forward it. An API with Microsoft Sentinel or a similar SIEM tool would be a good idea.

Quotes from Members

We asked business professionals to review the solutions they use. Here are some excerpts of what they said:
 

Pros

"We're easily saving at least one hour per day using this solution."
"The platform has significantly enhanced our operational insight into the overall Microsoft 365 environment."
"You can run reports against multiple devices at the same time. You are able to troubleshoot a single application on a thousand servers. You can do this with a single query, since it is very easy to do."
"The benefits my company has seen from the use of Splunk Enterprise Security revolve around the speed of detection it offers."
"They have approximately 50,000 predefined correlation rules, which is quite a lot, and I find that good."
"The site is constantly up, and it's been really easy to adjust the data."
"The solution's most valuable feature is risk-based alerting, focusing on building out user risks for individuals throughout the enterprise."
"The most valuable features are the logs, which allow us to identify what happened and who interacted with the web repository."
"The most valuable function is the notable events. When I joined the team, I asked them what they could currently see, and they said nothing. I was pretty shocked. I know for a fact that they're using Enterprise Security or at least they had purchased it. I told them that there are several dashboards within Splunk that we can leverage. There is also notable events where we can see potential incidents or potential alerts about the infrastructure and the network itself."
"Splunk's advantage is its search capability. Its search is notably faster. With Splunk, I can search easily on keywords. That is great."
 

Cons

"We do have a Denial of Access happening."
"Areas for product improvement include enhancing customization options and integrating more comprehensive compliance features."
"Previously, they developed custom connectors or add-ons for a lot of applications. But that number can be upgraded still. There are a lot of applications in the world that are not supported."
"I would like the ability to view logs for specific instances and not have to pull the logs for the entire Cloud environment in Splunk."
"I've noticed that onboarding data from various multi-cloud sources and diverse products, such as security network devices, can be challenging."
"There are limitations with Splunk not detecting all user activity, especially on mainframes and network devices."
"The GUI can be improved. Splunk has always suffered from having a kind of goofy UI, it needs some updating."
"It is a challenge to manage the environment in such a way, that one’s log, even with the bandwidth license, isn’t exceeded."
"The access and identity features could be improved. For example, let's say we have onboarded 65 logs. Now, we can identify the various processes, but we run into trouble when we're updating the processes for AWS CloudTrail, EDR, MDR, and XDR."
"Splunk is more expensive than other solutions."
 

Pricing and Cost Advice

Information not available
"Splunk ES is quite expensive compared to some products on the market."
"In terms of pricing, I believe Splunk is unreasonably costly for the majority of mid and small-sized companies."
"Splunk Enterprise Security is not at all cost-friendly to be deployed in very small enterprises like start-ups."
"Splunk Enterprise Security's pricing is pretty competitive."
"I believe that Splunk Enterprise Security is worth the price, but it is expensive."
"Unlike other security tools, Splunk provides a fixed amount of gigabytes per day, and we are required to pay for any additional usage beyond that limit, in addition to our monthly cost."
"Splunk is not free."
"You will eat up whatever you purchase quickly. The level of insights that Splunk empowers is addictive."
report
Use our free recommendation engine to learn which Log Management solutions are best for your needs.
845,040 professionals have used our research since 2012.
 

Comparison Review

VS
Feb 26, 2015
HP ArcSight vs. IBM QRadar vs. ​McAfee Nitro vs. Splunk vs. RSA Security vs. LogRhythm
We at Infosecnirvana.com have done several posts on SIEM. After the Dummies Guide on SIEM, we are following it up with a SIEM Product Comparison – 101 deck. So, here it is for your viewing pleasure. Let me know what you think by posting your comments below. The key products compared here are…
 

Top Industries

By visitors reading reviews
Financial Services Firm
17%
Computer Software Company
12%
Government
7%
Manufacturing Company
7%
Financial Services Firm
15%
Computer Software Company
14%
Manufacturing Company
8%
Government
8%
 

Company Size

By reviewers
Large Enterprise
Midsize Enterprise
Small Business
No data available
 

Questions from the Community

What needs improvement with Microsoft Purview Audit?
Areas for product improvement include enhancing customization options and integrating more comprehensive compliance features.
What is your primary use case for Microsoft Purview Audit?
We utilize Microsoft Purview Audit for monitoring security and compliance aspects.
What SOC product do you recommend?
For tools I’d recommend: -SIEM- LogRhythm -SOAR- Palo Alto XSOAR Doing commercial w/o both (or at least an XDR) is asking to miss details that are critical, and ending up a statistic. Also, rememb...
What is a better choice, Splunk or Azure Sentinel?
It would really depend on (1) which logs you need to ingest and (2) what are your use cases Splunk is easy for ingestion of anything, but the charge per GB/Day Indexed and it gets expensive as log ...
How does Splunk compare with Azure Monitor?
Splunk handles a high amount of data very well. We use Splunk to capture information and as an aggregator for monitoring information from different sources. Splunk is very good at alerting us if we...
 

Overview

 

Sample Customers

Information Not Available
Splunk has more than 7,000 customers spread across over 90 countries. These customers include Telenor, UniCredit, ideeli, McKenney's, Tesco, and SurveyMonkey.
Find out what your peers are saying about Microsoft Purview Audit vs. Splunk Enterprise Security and other solutions. Updated: March 2025.
845,040 professionals have used our research since 2012.