We performed a comparison between Snare and Splunk Enterprise Security based on real PeerSpot user reviews.
Find out in this report how the two Security Information and Event Management (SIEM) solutions compare in terms of features, pricing, service and support, easy of deployment, and ROI."We didn't have anything similar. So, it really provides value from the incidents and automation point of view. The overview of the security fabric is most valuable."
"What is most useful, is that it has a good connection to the Microsoft ecosystem, and I think that's the key part."
"It's pretty powerful and its performance is pretty good."
"It is quite efficient. It helps our clients in identifying their security issues and respond quickly. Our clients want to automate incident response and all those things."
"The UI-based analytics are excellent."
"Free ingestion for Azure logs (with E5 licence)"
"It is always correlating to IOCs for normal attacks, using Azure-related resources. For example, if any illegitimate IP starts unusual activity on our Azure firewall, then it automatically generates an alarm for us."
"I believe one of the main advantages is Microsoft Sentinel's seamless integration with other Microsoft products."
"The most valuable feature of Snare is flexibility or the ability to filter all things you don't want and don't have security value."
"The best thing about Snare is its format and consistency."
"Snare has good agents, especially for Windows."
"It has helped us look at modern technology, as well as penetrate our legacy systems, to see where the bottlenecks are."
"Capability to expand the functionality through custom code for data inputs, commands, visualization, alerts, and machine learning."
"The tool helps with advanced reports and keeps the system scalable and flexible. It provides a clear picture of the current status of any incidents. As a CISO, I see a lot of potential for future innovation, which is interesting. I've noticed better performance, especially with the reports."
"What I really like is that even if you have already collected the data, you can extract fields and can build searches."
"Splunk helps us be more proactive. We can take predictive action to identify and block threats so that nothing harmful gets into the system."
"Integrity with many vendors: This simplifies the implementation and integration with different devices"
"The fact that Splunk is a platform and not just a SIEM solution is a key benefit."
"It has virtual visualization, and other products do not."
"Sentinel's alerts and notifications are not fully optimized for mobile devices. The overall reporting and the analytics processes for the end user should also be improved. Also, the compatibility and availability of data sources and reports are not always perfect."
"The learning curve could be improved. I am still learning it. We were able to implement the basic features to get them up and running, but there are still so many things that I don't know about all its features. They have a lot of features that we have not been able to use or apply. If they could work on reducing the solution's learning curve, that would be good. While there is a training course held by Microsoft to learn more about this solution, there is a cost associated with it."
"The playbook is a bit difficult and could be improved."
"I believe one of the challenges I encountered was the absence of live training sessions, even with the option to pay for them."
"Its implementation could be simpler. It is not really simple or straightforward. It is in the middle. Sometimes, connectors are a little bit complex."
"We'd like to see more connectors."
"Only one thing is missing: NDR is not available out-of-the-box. The competitive cloud-native SIEM providers have the NDR component. Currently, Sentinel needs NDR to be powered from either Corelight or some other NDR provider."
"The KQL query does not function effectively with Windows 11 machines, and in the majority of machine-based investigations, KQL queries are essential for organizing the data during investigations."
"Users will initially find it difficult to identify the event types and installation in Snare."
"The solution is now developing a SIEM-like feature on Snare Central Server, but it's not complete yet."
"Snare should modernize its GUI a little bit."
"It needs a better way to export dynamic views without requiring a ton of code and user/pw."
"Its interface and usability can always be improved."
"Adding custom visualization in Splunk has been improved over the years but can still be made better by integrating more and more JavaScript visualization sources."
"The only improvement I am expecting is the cost of the licensing. Clients are going to other solutions just because of the cost."
"We usually have to follow up with technical support on our open cases."
"It would be nice if Splunk reduced the cost of training. Their training sessions are way too costly."
"Splunk does not build apps. They only go back and validate the apps that somebody has already built. They should have remote consulting support. They have a wonderful solution. They have 24/7 security. Nobody needs to depend on any third party and will therefore just buy Splunk on the cloud."
"The difficult part is related to integration with sources of data that are used to create the logs as this depends on the infrastructure of the client."
Snare is ranked 37th in Security Information and Event Management (SIEM) with 3 reviews while Splunk Enterprise Security is ranked 1st in Security Information and Event Management (SIEM) with 240 reviews. Snare is rated 8.0, while Splunk Enterprise Security is rated 8.4. The top reviewer of Snare writes "A highly scalable solution that is easy to manage and super easy to set up". On the other hand, the top reviewer of Splunk Enterprise Security writes "It has a drag-and-drop interface, so you don't need to know SQL or Java to construct a query ". Snare is most compared with syslog-ng, SolarWinds Kiwi Syslog Server, LogRhythm SIEM, ArcSight Enterprise Security Manager (ESM) and Elastic Security, whereas Splunk Enterprise Security is most compared with Wazuh, Dynatrace, IBM Security QRadar, Elastic Security and Datadog. See our Snare vs. Splunk Enterprise Security report.
See our list of best Security Information and Event Management (SIEM) vendors and best Log Management vendors.
We monitor all Security Information and Event Management (SIEM) reviews to prevent fraudulent reviews and keep review quality high. We do not post reviews by company employees or direct competitors. We validate each review for authenticity via cross-reference with LinkedIn, and personal follow-up with the reviewer when necessary.