We performed a comparison between Google Chronicle Suite and Splunk Enterprise Security based on real PeerSpot user reviews.
Find out in this report how the two Security Information and Event Management (SIEM) solutions compare in terms of features, pricing, service and support, easy of deployment, and ROI.
"It's easy to use. It's a very good product. It can easily ingest data from anywhere. It has an easily understandable language to perform actions."
"If you know how to do KQL (kusto query language) queries, which are how you query the log data inside Sentinel, the information is pretty rich. You can get down to a good level of detail regarding event information or notifications."
"Its inbuilt Kusto Query Language is a valuable feature. It provides the flexibility needed to leverage advanced data analytics rules and policies and enables us to easily navigate all our security events in a single view. It helps any user easily understand the data or any security lags in their data and applications."
"The automation feature is valuable."
"I like the ability to run custom KQL queries. I don't know if that feature is specific to Sentinel. As far as I know, they are using technology built into Azure's Log Analytics app. Sentinel integrates with that, and we use this functionality heavily."
"Native integration with Microsoft security products or other Microsoft software is also crucial. For example, we can integrate Sentinel with Office 365 with one click. Other integrations aren't as easy. Sometimes, we have to do it manually."
"There are a lot of things you can explore as a user. You can even go and actively hunt for threats. You can go on the offensive rather than on the defensive."
"Sentinel has features that have helped improve our security poster. It helped us in going ahead and identifying the gaps via analysis and focusing on the key elements."
"The platform's most valuable features are multiple connectors and data output flexibility regarding dashboards and user experience."
"What sets Chronicle apart from other solutions is its emphasis on threat hunting rather than solely serving as a monitoring tool."
"Google Chronicle Suite provides useful APIs."
"The support team is responsive."
"The log folder is fairly simple."
"The product's most valuable feature is threat hunting. We can detect the threats directly from the console from the past data as well."
"Google Chronicle Suite is a highly scalable solution with good search capabilities."
"The tool's most valuable feature is the search option, allowing easy navigation."
"Splunk gives my clients the ability to bring multiple, disparate types of data together, then correlate and report on them."
"The dashboard and reporting are very good... It provides very good visibility in a hybrid cloud environment, and you can build custom utilization APIs using Splunk."
"It gives us good visibility into multiple environments, including cloud, on-premises, and hybrid; irrespective of platform."
"Visualizations are the best way to understand deviation techniques from the norm."
"It provides a lot of analytics with the underlying AI engine, and it is a lot easier than other solutions. There are some products that do automated AI-based detection and drawing up charts, but for network monitoring and all of the monitoring aspects, it is quite a nice tool. It is very convenient for business users because they get more or less a lot of data readily available. If you're familiar with the Splunk query language, you can pretty much do whatever you want."
"I really like the user interface and how it works."
"Splunk has machine learning which is a valuable feature."
"I have also been able to take advantage of some of the more complex statistical capabilities when analyzing logs."
"When it comes to ingesting Azure native log sources, some of the log sources are specific to the subscription, and it is not always very clear."
"Improvement-wise, I would like to see more integration with third-party solutions or old-school antivirus products that have some kind of logging capability. I wouldn't mind having that exposed within Sentinel. We do have situations where certain companies have bought licensing or have made an investment in a product, and that product will be there for the next two or three years. To be able to view information from those legacy products would be great. We can then better leverage the Sentinel solution and its capabilities."
"Multi-tenancy, in my opinion, needs to be improved. I believe it can do better as a managed service provider."
"The performance could be improved. If I create 15 to 20 lines for a single-use case in KQL, sometimes it takes more time to execute. If I create use cases within a certain timeline, the result will show in .01 seconds. A complex query takes more time to get results."
"I would like to see more AI used in processes."
"Currently, the watchlist feature is being utilized, and although there have been improvements, it is still not fully optimized."
"They only classify alerts into three categories: high, medium, and low. So, from the user's point of view, having another critical category would be awesome."
"The solution could improve the playbooks."
"The configuration is not optimal."
"The tool is complicated for a first-time user. It should also include newer APIs."
"The product's default dashboard feature has a few limitations regarding availability."
"A few areas are difficult to understand for someone who has less experience using the product."
"The tool needs to improve tasking packages. Its GUI needs to be improved. The product needs to include time-based filtration. We can only see the alert detection timeline now."
"In terms of improvement, the UI can be a bit challenging for beginners."
"The solution's graphical user interface (GUI) should be more user-friendly."
"The tool is a little bit difficult to use compared to Microsoft Sentinel."
"Enterprise security: Splunk must work on clarifying the solution to customers and explain how to gain more from it."
". Having a trial version or more training on Splunk would be helpful."
"The complexity could be worked on so that it's even easier and faster."
"We are waiting for Dashboard Studio to mature a little bit more. There are some things that we are using with Classic Dashboards which have not yet made it to Dashboard Studio. We are waiting for that."
"The implementation and the scanning of the logs can be difficult."
"The difficult part is related to integration with sources of data that are used to create the logs as this depends on the infrastructure of the client."
"I would like the ability to view logs for specific instances and not have to pull the logs for the entire Cloud environment in Splunk."
"The product was difficult to back up the first time."
Google Chronicle Suite is ranked 28th in Security Information and Event Management (SIEM) with 8 reviews while Splunk Enterprise Security is ranked 1st in Security Information and Event Management (SIEM) with 240 reviews. Google Chronicle Suite is rated 7.8, while Splunk Enterprise Security is rated 8.4. The top reviewer of Google Chronicle Suite writes "Swiftly navigates and analyzes extensive datasets without significant delays ". On the other hand, the top reviewer of Splunk Enterprise Security writes "It has a drag-and-drop interface, so you don't need to know SQL or Java to construct a query ". Google Chronicle Suite is most compared with AWS Security Hub, Sentinel, IBM Security QRadar, Elastic Security and Rapid7 InsightIDR, whereas Splunk Enterprise Security is most compared with Wazuh, Dynatrace, IBM Security QRadar, Elastic Security and Sentinel. See our Google Chronicle Suite vs. Splunk Enterprise Security report.
See our list of best Security Information and Event Management (SIEM) vendors.
We monitor all Security Information and Event Management (SIEM) reviews to prevent fraudulent reviews and keep review quality high. We do not post reviews by company employees or direct competitors. We validate each review for authenticity via cross-reference with LinkedIn, and personal follow-up with the reviewer when necessary.
