We performed a comparison between Anomali ThreatStream and Splunk Enterprise Security based on real PeerSpot user reviews.
Find out what your peers are saying about Recorded Future, Microsoft, Check Point Software Technologies and others in Threat Intelligence Platforms."The feature I have found most valuable is credential monitoring. This feature is easy and quick."
"It has a big user base, so the community is useful."
"The solution's most valuable feature is that it helps with our use cases to detect anomalies in our data and it is important to my company since we have a lot of data on different logs on the systems."
"Visualizations helped the organisation with a better understanding of its KPIs."
"The technical support has been very good. They are very responsive and have been helpful."
"We can do things in minutes instead of days."
"The ability to quickly search logs, performance data, and other inputs has helped tremendously with troubleshooting."
"From my experience, the visual aid that it provides is most valuable. There are charts and other means to provide information."
"Exporting is a good feature. It helps me out when I have to do reports. I do a lot of exporting and crunching of the numbers. Dashboards are okay for showing to the leadership, but for doing statistics and updating tickets, the export feature is very beneficial for me."
"Less code in integration would be nice when building blocks."
"On the technical side, it would be nice to see aspects of the recent acquisition of Phantom make it into the core Splunk Enterprise, not just become a part of the premium Enterprise Security."
"Splunk is very expensive. The license is based on the volume of the logs ingested. I was responsible for managing the contract with our service integrator. I don't know the precise details of the competing solution, but I have heard that Splunk is more expensive than others. I don't know what the going rate is on the market, but I think there are at least two competitors that are less expensive. We have experienced a few issues with our service providers in terms of log filtering and ingestion, so we continue to pay a bit more per day for our logs."
"Integrating tools and creating use cases could be easier. It's hard for a junior security engineer with only a couple of years of experience to write use cases. They can do it, but it's much easier in a solution like IBM QRadar. Setting conditions is like a multiple-choice type of thing. It's a more user-friendly process."
"I would like to see future development in terms of ML (Machine Learning)."
"It would be nice if Splunk reduced the cost of training. Their training sessions are way too costly."
"Make it easier to include roles and user controls, as it is horrible now."
"Writing queries is a bit complicated sometimes."
"Given the ever-increasing number of threats, I would like Splunk to update its threat signatures more frequently."
Anomali ThreatStream is ranked 6th in Threat Intelligence Platforms with 1 review while Splunk Enterprise Security is ranked 1st in Security Information and Event Management (SIEM) with 251 reviews. Anomali ThreatStream is rated 7.0, while Splunk Enterprise Security is rated 8.4. The top reviewer of Anomali ThreatStream writes "Easy and quick credential monitoring; tech support could be improved". On the other hand, the top reviewer of Splunk Enterprise Security writes "It has a drag-and-drop interface, so you don't need to know SQL or Java to construct a query ". Anomali ThreatStream is most compared with Recorded Future, ThreatConnect Threat Intelligence Platform (TIP), ThreatQ, Group-IB Threat Intelligence and Palo Alto Networks AutoFocus, whereas Splunk Enterprise Security is most compared with Wazuh, IBM Security QRadar, Dynatrace, Elastic Security and Microsoft Sentinel.
We monitor all Threat Intelligence Platforms reviews to prevent fraudulent reviews and keep review quality high. We do not post reviews by company employees or direct competitors. We validate each review for authenticity via cross-reference with LinkedIn, and personal follow-up with the reviewer when necessary.