We performed a comparison between Splunk Enterprise Security and Trellix ESM based on real PeerSpot user reviews.
Find out in this report how the two Security Information and Event Management (SIEM) solutions compare in terms of features, pricing, service and support, easy of deployment, and ROI."The automation rules and playbooks are the most useful that I've seen. A number of other places segregate the automation and playbook as separate tools, whereas Microsoft is a SIEM and SOAR tool in one."
"The log analysis is excellent; it can predict what can or will happen regarding use patterns and vulnerabilities."
"It's pretty powerful and its performance is pretty good."
"I've worked on most of the top SIEM solutions, and Sentinel has an edge in most areas. For example, it has built-in SOAR capabilities, allowing you to run playbooks automatically. Other vendors typically offer SOAR as a separate licensed solution or module, but you get it free with Sentinel. In-depth incident integration is available out of the box."
"There are a lot of things you can explore as a user. You can even go and actively hunt for threats. You can go on the offensive rather than on the defensive."
"It has basic out-of-the-box integrations with multiple log sources."
"It has a lot of great features."
"The most valuable features are its threat handling and detection. It's a powerful tool because it's based on machine learning and on the behavior of malware."
"On the cloud, we are pushing through less than half a petabyte of data. So far, it has been fairly stable because it runs on all the underlying AWS infrastructures."
"The most valuable feature of Splunk Enterprise Security is the comprehensive logging capabilities it provides."
"Splunk helps us be more proactive. We can take predictive action to identify and block threats so that nothing harmful gets into the system."
"it can explain to management about what kind of traffic is visiting the network. It can also explain other traffic coming in and out, along with protecting against malware."
"Internal tracking is helpful because we do not like to deal with multiple ticketing systems, and I am not a fan of ServiceNow. We are able to keep everything internal and utilize Enterprise Security."
"It can log more logs than other solutions. It's a good way to troubleshoot problems."
"Its usability is the best part. It is easy for our developers to use if they want to search their logs, etc."
"The product provides visibility and enables us to correlate data and generate alerts."
"It is a good central viewpoint for issues. These can then be investigated in more detail on the subnet server(s)/endpoints."
"It has performed well and delivered the results that I have been looking for."
"It enables us to detect malicious threats, issues, or vulnerabilities in our network."
"The most valuable feature is the correlation rules."
"The most valuable feature is the capability to correlate different events from different platforms that we feed into it."
"It is user-friendly. The notification part of McAfee ESM is very easy."
"Compared to other solutions, the user interface is good."
"The product’s most valuable feature is log monitoring."
"If we want to use more features, we have to pay more. There are multiple solutions on the cloud itself, but the pricing model package isn't consistent, which is confusing to clients."
"They need to work with other security vendors. For example, we replaced our email gateway with Symantec, but we couldn't collect these logs with Azure Sentinel. Instead of collecting these logs with Azure Sentinel, we are collecting them on Qradar. We couldn't do it with Sentinel, which is a problem for us."
"It could have a better API to be able to automate many things more extensively and get more extensive data and more expensive deployment possibilities. It can gain some points on the automation part and the integration part. The API is very limited, and I would like to see it extended a bit more."
"The KQL query does not function effectively with Windows 11 machines, and in the majority of machine-based investigations, KQL queries are essential for organizing the data during investigations."
"Given that I am in the small business space, I wish they would make it easier to operate Sentinel without being a Sentinel expert. Examples of things that could be easier are creating alerts and automations from scratch and designing workbooks."
"They only classify alerts into three categories: high, medium, and low. So, from the user's point of view, having another critical category would be awesome."
"Sentinel's alerts and notifications are not fully optimized for mobile devices. The overall reporting and the analytics processes for the end user should also be improved. Also, the compatibility and availability of data sources and reports are not always perfect."
"There is room for improvement in entity behavior and the integration site."
"This solution could be improved by better pricing in general and by easier installation."
"The integration with all our tool sets felt like we were reinventing the wheel, which was a pain point for us."
"Cybersecurity and infrastructure monitoring have room for improvement."
"Splunk has a steeper learning curve, making it feel less user-friendly."
"The product was designed for security and IT with business intelligence needs, such as PDF exporting, but this has not been the highest priority. While the functionality is there, it could be developed more."
"The only thing which can be improved is that they are too subjective on whom their Splunk4Good initiative can be applied. They market it as you only need to be a nonprofit, but there is more to it."
"Could be more user friendly."
"It would be nice if Splunk reduced the cost of training. Their training sessions are way too costly."
"McAfee ESM is not user-friendly and the log is not accurate. For instance, if I were assigned to generate a log for changes made today, I wouldn't be able to see all the modifications. While Palo Alto allows us to see all changes, McAfee ESM only captures one out of every ten changes. It's crucial to have visibility into all changes made."
"There should be support for multitenancy in the product."
"I would like to see fingerprint recognition included in the next release of this solution."
"Update to user interface from version 9 is cosmetic in some aspects, and after a few clicks you are back on the old interface."
"It is not a very advanced solution, and it is for very generic use cases. It cannot cope with the advanced requirements that we're going to have. For example, for multiple authentication failures, it is still based on Windows events for detecting multiple login failures, whereas other companies are going beyond and working on implementing two-factor authentication. It is time to correlate the two-factor authentication results with authentification failures, which is not happening with McAfee ESM. The performance of the tool should be improved because it is very slow. The data display on the console is very slow in McAfee ESM. Its data storage is still old-fashioned, and it should be improved and upgraded to the latest versions. They have to come up with some new ideas to match what other leaders in the same domain are doing. For example, in Splunk, when you search for information for the last 60 days or five months, it quickly shows the information, but that is not the case with McAfee. The results should be quicker and faster on the console. They should integrate some additional features such as User Behavior Analytics (UBA) and automation. The threat intelligence part should also be improved on McAfee."
"We cannot add new data sources to the most recent version."
"The only issue I have with McAfee is the amount of computer resources that it takes... it's definitely impacting some of the other applications that are running on a computer at the same time."
"The initial setup is difficult and could improve."
Splunk Enterprise Security is ranked 1st in Security Information and Event Management (SIEM) with 240 reviews while Trellix ESM is ranked 19th in Security Information and Event Management (SIEM) with 34 reviews. Splunk Enterprise Security is rated 8.4, while Trellix ESM is rated 7.4. The top reviewer of Splunk Enterprise Security writes "It has a drag-and-drop interface, so you don't need to know SQL or Java to construct a query ". On the other hand, the top reviewer of Trellix ESM writes "Provides visibility of all the traffic within the company infrastructure". Splunk Enterprise Security is most compared with Wazuh, Dynatrace, IBM Security QRadar, Elastic Security and Datadog, whereas Trellix ESM is most compared with ArcSight Enterprise Security Manager (ESM), IBM Security QRadar, LogRhythm SIEM, Trellix Helix and Cybereason Endpoint Detection & Response. See our Splunk Enterprise Security vs. Trellix ESM report.
See our list of best Security Information and Event Management (SIEM) vendors.
We monitor all Security Information and Event Management (SIEM) reviews to prevent fraudulent reviews and keep review quality high. We do not post reviews by company employees or direct competitors. We validate each review for authenticity via cross-reference with LinkedIn, and personal follow-up with the reviewer when necessary.