We performed a comparison between RSA enVision and Splunk Enterprise Security based on real PeerSpot user reviews.
Find out in this report how the two Security Information and Event Management (SIEM) solutions compare in terms of features, pricing, service and support, easy of deployment, and ROI."The connectivity and analytics are great."
"Sentinel is a Microsoft product, so they provide very robust use cases and analytic groups, which are very beneficial for the security team. I also like the ability to integrate data sources into the software for on-premise and cloud-based solutions."
"The SOAR playbooks are Sentinel's most valuable feature. It gives you a unified toolset for detecting, investigating, and responding to incidents. That's what clearly differentiates Sentinels from its competitors. It's cloud-native, offering end-to-end coverage with more than 120 connectors. All types of data logs can be poured into the system so analysis can happen. That end-to-end visibility gives it the advantage."
"The analytic rule is the most valuable feature."
"Sentinel improved how we investigate incidents. We can create watchlists and update them to align with the latest threat intelligence. The information Microsoft provides enables us to understand thoroughly and improve as we go along. It allows us to provide monthly reports to our clients on their security posture."
"The solution offers a lot of data on events. It helps us create specific detection strategies."
"The automation feature is valuable."
"We are able to deploy within half an hour and we only require one person to complete the implementation."
"The configuration part is very easy...The technical support was sincere in their responses...I rate the technical support a nine out of ten."
"The most valuable feature of this solution is the reporting."
"The most valuable feature is the management features. It's capable of managing large enterprises."
"The most valuable features are how stable and easy to use Splunk is."
"Splunk allows us to find insights that we were not able to with traditional BI tools using ETL. It allows us to dig into raw events."
"Recently, Splunk upgraded to version 9.0.02, which includes excellent data dashboards and visualization effects."
"We used it to create a custom anomaly detection data model to monitor the activity of our back-end services on an hourly basis relative to the past three months of activity."
"The most valuable features for us include its robust log management capabilities, which allow us to efficiently handle and retain logs for extended periods as needed."
"Splunk's interface is user-friendly, and it has apps and add-ons for most applications. We can easily normalize the data to make it readable and understand the logs. We easily get all the field extractions and enrichment done by using the apps and add-ons. This helps us understand the application logs because the raw data is useless unless we extract some useful information from it. These add-ons make it so much easier."
"To get visibility from your network devices, servers, and security devices is a great feature."
"The ability to manipulate data in Splunk is unparalleled. Splunk’s powerful, flexible query language can morph difficult to understand log formats into usable data."
"We've seen delays in getting the logs from third-party solutions and sometimes Microsoft products as well. It would be helpful if Microsoft created a list of the delays. That would make things more transparent for customers."
"The only thing is sometimes you can have a false positive."
"If I can use Sentinel offline at home and use it on a local network, it would be great. I'm not sure if I can use Sentinel offline versus the tools I have."
"The solution could improve the playbooks."
"We do have in-built or out-of-the-box metrics that are shown on the dashboard, but it doesn't give the kind of metrics that we need from our environment whereby we need to check the meantime to detect and meantime to resolve an incident. I have to do it manually. I have to pull all the logs or all the alerts that are fed into Sentinel over a certain period. We do this on a monthly basis, so I go into Microsoft Sentinel and pull all the alerts or incidents we closed over a period of thirty days."
"We do see continuous improvement all the time, however, I haven't got a specific feature that is lacking or not well designed."
"I would like to be able to monitor applications outside of the Azure Cloud."
"Microsoft should improve Sentinel, considering that from the legacy systems, it cannot collect logs."
"In general, the solution currently isn't user-friendly."
"The integration could be easier, it should support more products."
"RSA enVision log manager is out of date and is not in use anymore."
"We are waiting for Dashboard Studio to mature a little bit more. There are some things that we are using with Classic Dashboards which have not yet made it to Dashboard Studio. We are waiting for that."
"The difficult part is related to integration with sources of data that are used to create the logs as this depends on the infrastructure of the client."
"We usually have to follow up with technical support on our open cases."
"The configuration could be better."
"Some of the terminology can be confusing, even for seasoned vets. Renaming components at this point would be a serious undertaking. However, it might be beneficial in the long run."
"My company could benefit from doing more Splunk training with Splunk consultants teaching us how to use it."
"The case management area of the ES could be improved. The ability to move cases through various stages and states. The ability to close a case would be key improvement."
"I would like to see more SIEM functionality and a better ticket tool."
RSA enVision is ranked 36th in Security Information and Event Management (SIEM) with 5 reviews while Splunk Enterprise Security is ranked 1st in Security Information and Event Management (SIEM) with 240 reviews. RSA enVision is rated 6.8, while Splunk Enterprise Security is rated 8.4. The top reviewer of RSA enVision writes "Though the solution offers good technical support, it needs to be made more user-friendly ". On the other hand, the top reviewer of Splunk Enterprise Security writes "It has a drag-and-drop interface, so you don't need to know SQL or Java to construct a query ". RSA enVision is most compared with NetWitness Platform and IBM Security QRadar, whereas Splunk Enterprise Security is most compared with Wazuh, Dynatrace, IBM Security QRadar, Elastic Security and Datadog. See our RSA enVision vs. Splunk Enterprise Security report.
See our list of best Security Information and Event Management (SIEM) vendors.
We monitor all Security Information and Event Management (SIEM) reviews to prevent fraudulent reviews and keep review quality high. We do not post reviews by company employees or direct competitors. We validate each review for authenticity via cross-reference with LinkedIn, and personal follow-up with the reviewer when necessary.