We performed a comparison between ClearSkies SaaS NG SIEM and Splunk Enterprise Security based on real PeerSpot user reviews.
Find out what your peers are saying about Splunk, Microsoft, Wazuh and others in Security Information and Event Management (SIEM)."What is most useful, is that it has a good connection to the Microsoft ecosystem, and I think that's the key part."
"It's pretty powerful and its performance is pretty good."
"Microsoft Sentinel provides the capability to integrate different log sources. On top of having several data connectors in place, you can also do integration with a threat intelligence platform to enhance and enrich the data that's available. You can collect as many logs and build all the use cases."
"The best feature is that onboarding to the SIM solution is quite easy. If you are using cloud-based solutions, it's just a few clicks to migrate it."
"The product can integrate with any device."
"In Azure Sentinel, we have found, they do have a store in their capability. AI and intelligence features. We found that to be very helpful for us because some other things we do need to integrate again or find another vendor for the store"
"It has a lot of great features."
"The standout feature of Sentinel is that, because it's cloud-based and because it's from Microsoft, it integrates really well with all the other Microsoft products. It's really simple to set up and get going."
"The correlation rules and the user platform are most valuable."
"Good for log collection and log management."
"Alerts when a server is malfunctioning, monitors external attacks, and takes action to stop spreading viruses."
"I haven't had the chance to properly sink my teeth into Enterprise Security but so far I like that they added the MITRE ATT&CK features."
"You can use it to gather syslog messages from anything."
"It's better than IBM, in my opinion, because it's an independent entity."
"The breadth of the data sources that Splunk can ingest data from is broad and deep and it does an exemplary job at handling structured data."
"Splunk gives my clients the ability to bring multiple, disparate types of data together, then correlate and report on them."
"It is very easy to use and integrate. There are connectors for every technology."
"If their UI was a bit more streamlined and easy to find when I need it, then that would be a great improvement."
"The only thing is sometimes you can have a false positive."
"Everyone has their favorites. There is always room for improvement, and everybody will say, "I wish you could do this for me or that for me." It is a personal thing based on how you use the tool. I do not necessarily have those thoughts, and they are probably not really valuable because they are unique to the context of the user, but broadly, where it can continue to improve is by adding more connectors to more systems."
"There is some relatively advanced knowledge that you have to have to properly leverage Sentinel's full capabilities. I'm thinking about things like the creation of workbooks, how you do threat-hunting, and the kinds of notifications you're getting... It takes time for people to ramp up on that and develop a familiarity or expertise with it."
"The AI capabilities must be improved."
"We're satisfied with the comprehensiveness of the security protection. That said, we do have issues sometimes where there have been global outages and we need to raise a ticket with Microsoft."
"The performance could be improved. If I create 15 to 20 lines for a single-use case in KQL, sometimes it takes more time to execute. If I create use cases within a certain timeline, the result will show in .01 seconds. A complex query takes more time to get results."
"There is room for improvement in entity behavior and the integration site."
"They can add behavior analytics and AI or machine learning technology. They also improve their correlation engine. In addition to collecting logs from devices, they can collect the traffic and then correlate these logs and the traffic information."
"The integration with all our tool sets felt like we were reinventing the wheel, which was a pain point for us."
"It can be tough to determine if you are getting all of the value out of your investment at times."
"I find that the learning curve for Splunk is relatively lengthy."
"I would like some additional AI capabilities to provide additional information about things going wrong and things going well."
"Its search or filtering capability is nice, but it can be improved. It is currently a bit complicated, and it should be simplified. If we can write the search filter in a more simplified way, it would be better."
"When you get into large amounts of data, Splunk can get pretty slow. This is the same on-premise or AWS, it doesn't matter. The way that they handle large data sets could be improved."
"Splunk is not very user-friendly. It has a complex architecture in comparison to other solutions on the market."
"The user access control could be much more granular, so that the admins can control r/w/x access for specific features of the product like dashboards, etc."
Earn 20 points
ClearSkies SaaS NG SIEM is ranked 58th in Security Information and Event Management (SIEM) while Splunk Enterprise Security is ranked 1st in Security Information and Event Management (SIEM) with 228 reviews. ClearSkies SaaS NG SIEM is rated 8.0, while Splunk Enterprise Security is rated 8.4. The top reviewer of ClearSkies SaaS NG SIEM writes "Good correlation rules, competitive pricing, and good stability". On the other hand, the top reviewer of Splunk Enterprise Security writes "It has a drag-and-drop interface, so you don't need to know SQL or Java to construct a query ". ClearSkies SaaS NG SIEM is most compared with , whereas Splunk Enterprise Security is most compared with Wazuh, Dynatrace, IBM Security QRadar, Elastic Security and Datadog.
See our list of best Security Information and Event Management (SIEM) vendors.
We monitor all Security Information and Event Management (SIEM) reviews to prevent fraudulent reviews and keep review quality high. We do not post reviews by company employees or direct competitors. We validate each review for authenticity via cross-reference with LinkedIn, and personal follow-up with the reviewer when necessary.