We performed a comparison between Google Chronicle Suite and Splunk Enterprise Security based on real PeerSpot user reviews.
Find out in this report how the two Security Information and Event Management (SIEM) solutions compare in terms of features, pricing, service and support, easy of deployment, and ROI."The most valuable feature is the onboarding of the workloads. You can see all that has been onboarded in your account on the dashboards."
"The Identity Behavior tab furnishes us with the entire history linked to each IP or domain that has either accessed or attempted to access our system."
"The pricing of the product is excellent."
"We are able to deploy within half an hour and we only require one person to complete the implementation."
"One of the most valuable features of Microsoft Sentinel is that it's cloud-based."
"The in-built SOAR of Sentinel is valuable. Kusto Query Language is also valuable for the ease of writing queries and ease of getting insights from the logs. Schedule-based queries within Sentinel are also valuable. I found these three features most useful for my projects."
"Another area where it is helping us is in creating a single dashboard for our environment. We can collect all the logs into a log analytics workset and run queries on top of it. We get all the results in the dashboard. Even a layman can understand this stuff. The way Microsoft presents it is really incredible."
"The main benefit is the ease of integration."
"Google Chronicle Suite is a highly scalable solution with good search capabilities."
"The log folder is fairly simple."
"The product's most valuable feature is threat hunting. We can detect the threats directly from the console from the past data as well."
"What sets Chronicle apart from other solutions is its emphasis on threat hunting rather than solely serving as a monitoring tool."
"The support team is responsive."
"The tool's most valuable feature is the search option, allowing easy navigation."
"Google Chronicle Suite provides useful APIs."
"The platform's most valuable features are multiple connectors and data output flexibility regarding dashboards and user experience."
"One key advantage of Splunk over competitors like IBM QRadar is its superior device integration capabilities."
"My favorite example of improving of organization is saving a $60k/mo in payroll fraud and $10k/mo in wasted API credits by using simple searches and clear reports."
"It definitely does help with both auditing and as well as regular monitoring. SOC does more monitoring, but ES also gives you other features that are auditing-related. The dashboards are also beneficial."
"The most valuable feature is the incident dashboard, and the extensive use of correlation searches, which isn't available with a standard Splunk search package. This feature is important to me because it enables SOC analysts to do their job more efficiently and be able to investigate or mediate incidents at a faster pace."
"The most valuable features are the logs, which allow us to identify what happened and who interacted with the web repository."
"Speeds up root cause analysis and can help identify issues that your organization never realized were occurring."
"We have a more secure, robust environment, which keeps the harmful software out of the zone required."
"The solution has made us more secure."
"I think the number one area of improvement for Sentinel would be the cost."
"The AI capabilities must be improved."
"Sometimes, we are observing large ingestion delays. We expect logs within 5 minutes, but it takes about 10 to 15 minutes."
"Currently, the watchlist feature is being utilized, and although there have been improvements, it is still not fully optimized."
"We do have in-built or out-of-the-box metrics that are shown on the dashboard, but it doesn't give the kind of metrics that we need from our environment whereby we need to check the meantime to detect and meantime to resolve an incident. I have to do it manually. I have to pull all the logs or all the alerts that are fed into Sentinel over a certain period. We do this on a monthly basis, so I go into Microsoft Sentinel and pull all the alerts or incidents we closed over a period of thirty days."
"The product can be improved by reducing the cost to use AI machine learning."
"The playbook is a bit difficult and could be improved."
"We'd like to see more connectors."
"A few areas are difficult to understand for someone who has less experience using the product."
"The tool needs to improve tasking packages. Its GUI needs to be improved. The product needs to include time-based filtration. We can only see the alert detection timeline now."
"The tool is complicated for a first-time user. It should also include newer APIs."
"The solution's graphical user interface (GUI) should be more user-friendly."
"In terms of improvement, the UI can be a bit challenging for beginners."
"The product's default dashboard feature has a few limitations regarding availability."
"The configuration is not optimal."
"The tool is a little bit difficult to use compared to Microsoft Sentinel."
"I would like additional features in different programming models with the support for writing queries in SQL or other languages, such as C#, Java, or some other type of query definitions."
"I feel the solution to be too slow."
"The product must improve insider threat detection."
"The product was difficult to back up the first time."
"Its setup is a little bit complex for a distributed environment. Their support can also be better. If we miss the response for more than a week, they usually close the case. Sometimes, it can take us more than a week to reply."
". Having a trial version or more training on Splunk would be helpful."
"It's costly."
"I would like to see ability to master management. In terms of clustering, how it manages clustering needs improvement."
Google Chronicle Suite is ranked 28th in Security Information and Event Management (SIEM) with 8 reviews while Splunk Enterprise Security is ranked 1st in Security Information and Event Management (SIEM) with 240 reviews. Google Chronicle Suite is rated 7.8, while Splunk Enterprise Security is rated 8.4. The top reviewer of Google Chronicle Suite writes "Swiftly navigates and analyzes extensive datasets without significant delays ". On the other hand, the top reviewer of Splunk Enterprise Security writes "It has a drag-and-drop interface, so you don't need to know SQL or Java to construct a query ". Google Chronicle Suite is most compared with AWS Security Hub, Sentinel, IBM Security QRadar, Elastic Security and Rapid7 InsightIDR, whereas Splunk Enterprise Security is most compared with Wazuh, Dynatrace, IBM Security QRadar, Elastic Security and Sentinel. See our Google Chronicle Suite vs. Splunk Enterprise Security report.
See our list of best Security Information and Event Management (SIEM) vendors.
We monitor all Security Information and Event Management (SIEM) reviews to prevent fraudulent reviews and keep review quality high. We do not post reviews by company employees or direct competitors. We validate each review for authenticity via cross-reference with LinkedIn, and personal follow-up with the reviewer when necessary.