We performed a comparison between RSA enVision and Splunk Enterprise Security based on real PeerSpot user reviews.
Find out in this report how the two Security Information and Event Management (SIEM) solutions compare in terms of features, pricing, service and support, easy of deployment, and ROI."The analytic rule is the most valuable feature."
"The most valuable feature is the onboarding of the workloads. You can see all that has been onboarded in your account on the dashboards."
"The Identity Behavior tab furnishes us with the entire history linked to each IP or domain that has either accessed or attempted to access our system."
"The UI-based analytics are excellent."
"The best functionality that you can get from Azure Sentinel is the SOAR capability. So, you can estimate any type of activity, such as when an alert was triggered or an incident was found."
"I've worked on most of the top SIEM solutions, and Sentinel has an edge in most areas. For example, it has built-in SOAR capabilities, allowing you to run playbooks automatically. Other vendors typically offer SOAR as a separate licensed solution or module, but you get it free with Sentinel. In-depth incident integration is available out of the box."
"Free ingestion for Azure logs (with E5 licence)"
"The analytics has a lot of advantages because there are 300 default use cases for rules and we can modify them per our environment. We can create other rules as well. Analytics is a useful feature."
"The configuration part is very easy...The technical support was sincere in their responses...I rate the technical support a nine out of ten."
"The most valuable feature of this solution is the reporting."
"The most valuable feature is the management features. It's capable of managing large enterprises."
"We are using Microsoft 365 and we're using the Exchange Mail Service. It's good for monitoring that in particular."
"We have a one stop dashboard for health of some of our services where you can click in and it takes you to other dashboards that have custom near real-time metrics that show the application's health."
"The product provides visibility and enables us to correlate data and generate alerts."
"The initial setup is pretty straightforward."
"It's extremely scalable. It's a very robust solution and certainly has the capability of handling far bigger data requirements than a lot of the other tools. Generally what ends up happening with me is that my clients tend, for the most part, to be mid-tier organizations where the cost of that solutions would be accompanying requirements for people just becomes way too prohibitive. Especially considering the model that they use for costing, which is based on the volume of data. Of course, they're going to put everything including the Coke machine as the ability to collect data off of it, because of course the more they can put through the tool the more money they make."
"It helped us consolidate all our solutions into an easy tool to use for various employees."
"The speed of the search engine"
"The dashboards are the most valuable feature. We like the ability to drill in and see what queries are under the dashboard, build new visualizations, edit the querying, and see the reports."
"Everyone has their favorites. There is always room for improvement, and everybody will say, "I wish you could do this for me or that for me." It is a personal thing based on how you use the tool. I do not necessarily have those thoughts, and they are probably not really valuable because they are unique to the context of the user, but broadly, where it can continue to improve is by adding more connectors to more systems."
"I can't think of anything other than just getting the name out there. I think a lot of customers don't fully understand the full capabilities of Azure Sentinel yet. It is kind of like when they're first starting to use Azure, it might not be something they first think about. So, they should just kind of get to the point where it is more widely used."
"The reporting could be more structured."
"While I appreciate the UI itself and the vast amount of information available on the platform, I'm finding the overall user experience to be frustrating due to frequent disconnections and the requirement to repeatedly re-authenticate."
"In terms of features I would like to see in future releases, I'm interested in a few more use cases around automation. I do believe a lot of automation is available, and more is in progress, but that would be my area of interest."
"We'd like to see more connectors."
"I would like Sentinel to have more out-of-the-box analytics rules. There are already more than 400 rules, but they could add more industry-specific ones. For example, you could have sets of out-of-the-box rules for banking, financial sector, insurance, automotive, etc., so it's easier for people to use it out of the box. Structuring the rules according to industry might help us."
"The interface could be more user-friendly. It''s a small improvement that they could make if they wanted to."
"RSA enVision log manager is out of date and is not in use anymore."
"The integration could be easier, it should support more products."
"In general, the solution currently isn't user-friendly."
"The search could be improved. Now, it is a bit difficult to write search queries because they become quite long, then maintaining those long search queries is a quite challenging."
"Splunk needs local technical support."
"The product was designed for security and IT with business intelligence needs, such as PDF exporting, but this has not been the highest priority. While the functionality is there, it could be developed more."
"Splunk should have more regional data centers in the Middle East."
"Adding custom visualization in Splunk has been improved over the years but can still be made better by integrating more and more JavaScript visualization sources."
"Splunk is more expensive than other solutions."
"Splunk is not very user-friendly. It has a complex architecture in comparison to other solutions on the market."
"The training was mostly sales-focused, like how to monitor your sales. It was hard to then come back from doing the training and try to switch it to a cybersecurity focus because all the training we did was sales oriented. The basic training didn't really touch on any kind of cybersecurity use cases or anything like that. That would have been great to see in the training."
RSA enVision is ranked 36th in Security Information and Event Management (SIEM) with 5 reviews while Splunk Enterprise Security is ranked 1st in Security Information and Event Management (SIEM) with 240 reviews. RSA enVision is rated 6.8, while Splunk Enterprise Security is rated 8.4. The top reviewer of RSA enVision writes "Though the solution offers good technical support, it needs to be made more user-friendly ". On the other hand, the top reviewer of Splunk Enterprise Security writes "It has a drag-and-drop interface, so you don't need to know SQL or Java to construct a query ". RSA enVision is most compared with NetWitness Platform and IBM Security QRadar, whereas Splunk Enterprise Security is most compared with Wazuh, Dynatrace, IBM Security QRadar, Elastic Security and Datadog. See our RSA enVision vs. Splunk Enterprise Security report.
See our list of best Security Information and Event Management (SIEM) vendors.
We monitor all Security Information and Event Management (SIEM) reviews to prevent fraudulent reviews and keep review quality high. We do not post reviews by company employees or direct competitors. We validate each review for authenticity via cross-reference with LinkedIn, and personal follow-up with the reviewer when necessary.