We performed a comparison between Snare and Splunk Enterprise Security based on real PeerSpot user reviews.
Find out in this report how the two Security Information and Event Management (SIEM) solutions compare in terms of features, pricing, service and support, easy of deployment, and ROI."The solution has features that helped improve the security posture of our clients. It provides the ability to correlate a large variety of log sources very cost-effectively, especially for Microsoft sources."
"Sentinel has an intuitive, user-friendly way to visualize the data properly. It gives me a solid overview of all the logs. We get a more detailed view that I can't get from the other SIEM tools. It has some IP and URL-specific allow listing"
"The AI and ML of Azure Sentinel are valuable. We can use machine learning models at the tenant level and within Office 365 and Microsoft stack. We don't need to depend upon any other connectors. It automatically provisions the native Microsoft products."
"I like the unified security console. You can close incidents using Sentinel in all other Microsoft Security portals, when it comes to incident response."
"You can fine-tune the SOAR and you'll be charged only when your playbooks are triggered. That is the beauty of the solution because the SOAR is the costliest component in the market today... but with Sentinel it is upside-down: the SOAR is the lowest-hanging fruit. It's the least costly and it delivers more value to the customer."
"The product can integrate with any device."
"The log analysis is excellent; it can predict what can or will happen regarding use patterns and vulnerabilities."
"Microsoft Sentinel enables you to ingest data from the entire ecosystem and that connection of data helps you to monitor critical resources and to know what's happening in the environment."
"Snare has good agents, especially for Windows."
"The most valuable feature of Snare is flexibility or the ability to filter all things you don't want and don't have security value."
"The best thing about Snare is its format and consistency."
"it can explain to management about what kind of traffic is visiting the network. It can also explain other traffic coming in and out, along with protecting against malware."
"With good domain knowledge, one can build almost anything. If you throw in Alert Manager or an integration with ServiceNow. Then, you have your own SIEM"
"We have found all the features useful. However, the dashboarding and logging have been very helpful. Additionally, the log analysis does a great job."
"Speeds up root cause analysis and can help identify issues that your organization never realized were occurring."
"Capability to expand the functionality through custom code for data inputs, commands, visualization, alerts, and machine learning."
"The breadth of the data sources that Splunk can ingest data from is broad and deep and it does an exemplary job at handling structured data."
"The Splunk queries are valuable."
"I like the search feature and the indexing. It's very fast and comprehensive."
"Microsoft Sentinel should provide an alternative query language to KQL for users who lack KQL expertise."
"Sentinel's reporting is complex and can be more user-friendly."
"Sentinel provides decent visibility, but it's sometimes a little cumbersome to get to the information I want because there is so much information. I would also like to see more seamless integration between Sentinel and third-party security products."
"At the network level, there is a limitation in integrating some of the switches or routers with Microsoft Sentinel. Currently, SPAN traffic monitoring is not available in Microsoft Sentinel. I have heard that it is available in Defender for Identity, which is a different product. It would be good if LAN traffic monitoring or SPAN traffic monitoring is available in Microsoft Sentinel. It would add a lot of value. It is available in some of the competitor products in the market."
"Not all information shows up in Sentinel. Sometimes there are items provided in 365 and if you looked in Sentinel you would not see them and therefore think they do not exist. There can be discrepancies between Microsoft tools."
"The AI capabilities must be improved."
"The built-in SOAR is not really good out-of-the-box. The SOAR relies on logic apps and you almost need to have some kind of developer background to be able to make these logic apps. Most security people cannot develop anything..."
"The reporting could be more structured."
"Users will initially find it difficult to identify the event types and installation in Snare."
"Snare should modernize its GUI a little bit."
"The solution is now developing a SIEM-like feature on Snare Central Server, but it's not complete yet."
"I would like to see ability to master management. In terms of clustering, how it manages clustering needs improvement."
"More control with Splunk Cloud as it seems a bit limited. I used to manage an on-premise instance of Splunk Enterprise and really liked having more control over it."
"We find that the maintenance process could be a lot better."
"Deployment is not difficult but the lock sources and configurations can take time."
"Some of the terminology can be confusing, even for seasoned vets. Renaming components at this point would be a serious undertaking. However, it might be beneficial in the long run."
"The configuration could be better."
"It is a challenge to manage the environment in such a way, that one’s log, even with the bandwidth license, isn’t exceeded."
"Splunk could have more built-in use case presets that customers can build on and customize."
Snare is ranked 37th in Security Information and Event Management (SIEM) with 3 reviews while Splunk Enterprise Security is ranked 1st in Security Information and Event Management (SIEM) with 240 reviews. Snare is rated 8.0, while Splunk Enterprise Security is rated 8.4. The top reviewer of Snare writes "A highly scalable solution that is easy to manage and super easy to set up". On the other hand, the top reviewer of Splunk Enterprise Security writes "It has a drag-and-drop interface, so you don't need to know SQL or Java to construct a query ". Snare is most compared with syslog-ng, SolarWinds Kiwi Syslog Server, LogRhythm SIEM, ArcSight Enterprise Security Manager (ESM) and Elastic Security, whereas Splunk Enterprise Security is most compared with Wazuh, Dynatrace, IBM Security QRadar, Elastic Security and Datadog. See our Snare vs. Splunk Enterprise Security report.
See our list of best Security Information and Event Management (SIEM) vendors and best Log Management vendors.
We monitor all Security Information and Event Management (SIEM) reviews to prevent fraudulent reviews and keep review quality high. We do not post reviews by company employees or direct competitors. We validate each review for authenticity via cross-reference with LinkedIn, and personal follow-up with the reviewer when necessary.