We performed a comparison between FileAudit and Splunk Enterprise Security based on real PeerSpot user reviews.
Find out in this report how the two Security Information and Event Management (SIEM) solutions compare in terms of features, pricing, service and support, easy of deployment, and ROI."The analytics has a lot of advantages because there are 300 default use cases for rules and we can modify them per our environment. We can create other rules as well. Analytics is a useful feature."
"What is most useful, is that it has a good connection to the Microsoft ecosystem, and I think that's the key part."
"Native integration with Microsoft security products or other Microsoft software is also crucial. For example, we can integrate Sentinel with Office 365 with one click. Other integrations aren't as easy. Sometimes, we have to do it manually."
"Another area where it is helping us is in creating a single dashboard for our environment. We can collect all the logs into a log analytics workset and run queries on top of it. We get all the results in the dashboard. Even a layman can understand this stuff. The way Microsoft presents it is really incredible."
"Sentinel has an intuitive, user-friendly way to visualize the data properly. It gives me a solid overview of all the logs. We get a more detailed view that I can't get from the other SIEM tools. It has some IP and URL-specific allow listing"
"The initial setup is very simple and straightforward."
"The log query feature has been the most valuable because it's very good. You can put your data on the cloud and run queues from Sentinel. It will do it all very fast. I love that I don't have to upload it to an Excel file and then manually look for a piece of information. Sentinel is much faster and is good for big databases."
"The AI and ML of Azure Sentinel are valuable. We can use machine learning models at the tenant level and within Office 365 and Microsoft stack. We don't need to depend upon any other connectors. It automatically provisions the native Microsoft products."
"Alerting upon file changes is the most valuable aspect of the product."
"It is a good and stable solution...It is a scalable solution."
"Our customer acquires the complete report which is kept for future auditing purposes."
"The solution is stable and reliable."
"I really like the user interface and how it works."
"Splunk incorporates a lot of elements that help to reduce security risks. For it to reach certain compliance, we need to have some security insight. Splunk is a very good SIEM, it’s a top solution, but the best feature is its cost of visibility. We have all the most important features to detect vulnerabilities or risks."
"The ability to quickly search logs, performance data, and other inputs has helped tremendously with troubleshooting."
"It is user-friendly. It is more effective than other solutions. The support and help for troubleshooting and the documentation from Splunk make it very effective."
"It gives us the liberty to do more in terms of use cases."
"From my experience, the visual aid that it provides is most valuable. There are charts and other means to provide information."
"It's better than IBM, in my opinion, because it's an independent entity."
"The AI capabilities must be improved."
"While I appreciate the UI itself and the vast amount of information available on the platform, I'm finding the overall user experience to be frustrating due to frequent disconnections and the requirement to repeatedly re-authenticate."
"Microsoft Sentinel should provide an alternative query language to KQL for users who lack KQL expertise."
"Improvement-wise, I would like to see more integration with third-party solutions or old-school antivirus products that have some kind of logging capability. I wouldn't mind having that exposed within Sentinel. We do have situations where certain companies have bought licensing or have made an investment in a product, and that product will be there for the next two or three years. To be able to view information from those legacy products would be great. We can then better leverage the Sentinel solution and its capabilities."
"The playbook is a bit difficult and could be improved."
"They only classify alerts into three categories: high, medium, and low. So, from the user's point of view, having another critical category would be awesome."
"It could have a better API to be able to automate many things more extensively and get more extensive data and more expensive deployment possibilities. It can gain some points on the automation part and the integration part. The API is very limited, and I would like to see it extended a bit more."
"They're giving us the queries so we can plug them right into Sentinel. They need to have a streamlined process for updating them in the tool and knowing when things are updated and knowing when there are new detections available from Microsoft."
"Whenever someone cuts and paste, it shows as "file is deleted"."
"The updates management and central management console could be improved."
"The DLP function, including installation of the agent on the workstation and controlling the DLP restrictions, are areas where the product lacks."
"Writing queries is a bit complicated sometimes."
"It needs to improve the way to install third-party apps and enable installation without logging into splunk.com."
"Splunk could enhance its services by providing more comprehensive professional assistance aimed at optimizing our investment."
"The threat detection library needs to increase the frequency at which the playbooks are updated."
"I'd like to see more integration with more antivirus systems."
"It can be tough to determine if you are getting all of the value out of your investment at times."
"Custom visualizations are real hard. While the default visualizations are good, creating enhanced visualizations are complex."
"The pricing can be better."
FileAudit is ranked 38th in Security Information and Event Management (SIEM) with 3 reviews while Splunk Enterprise Security is ranked 1st in Security Information and Event Management (SIEM) with 240 reviews. FileAudit is rated 9.0, while Splunk Enterprise Security is rated 8.4. The top reviewer of FileAudit writes "A scalable SIEM solution for monitoring a user's activity in the file server". On the other hand, the top reviewer of Splunk Enterprise Security writes "It has a drag-and-drop interface, so you don't need to know SQL or Java to construct a query ". FileAudit is most compared with ManageEngine File Audit Plus, whereas Splunk Enterprise Security is most compared with Wazuh, Dynatrace, IBM Security QRadar, Elastic Security and Datadog. See our FileAudit vs. Splunk Enterprise Security report.
See our list of best Security Information and Event Management (SIEM) vendors and best Log Management vendors.
We monitor all Security Information and Event Management (SIEM) reviews to prevent fraudulent reviews and keep review quality high. We do not post reviews by company employees or direct competitors. We validate each review for authenticity via cross-reference with LinkedIn, and personal follow-up with the reviewer when necessary.