We performed a comparison between Exabeam Fusion SIEM and Splunk Enterprise Security based on real PeerSpot user reviews.
Find out in this report how the two Log Management solutions compare in terms of features, pricing, service and support, easy of deployment, and ROI."The most valuable features in my experience are the UEBA, LDAP, the threat scheduler, and integration with third-party straight perform like the MISP."
"We can use Sentinel's playbook to block threats. It covers all of the environment, giving us great visibility."
"It is easy to implement (turn on) - does need a skilled analyst to develop queries and playbooks."
"Investigations are something really remarkable. We can drill down right to the raw logs by running different queries and getting those on the console itself."
"The machine learning and artificial intelligence on offer are great."
"Free ingestion for Azure logs (with E5 licence)"
"The Identity Behavior tab furnishes us with the entire history linked to each IP or domain that has either accessed or attempted to access our system."
"The best functionality that you can get from Azure Sentinel is the SOAR capability. So, you can estimate any type of activity, such as when an alert was triggered or an incident was found."
"The most valuable feature of Exabeam Fusion SIEM is the easy-to-use user interface."
"The way it can connect with AWS is very useful, and the integrations are pretty good."
"The advanced analytics has a really great overview of user behavior."
"The setup is not difficult. It was easy."
"The user interface and the timelines they use are the most valuable features. The price model is very simple so that one can understand it easily and there are no surprises within it."
"I have customers that like the EUBA functionality of it. The solution has the ability to build a session, basically. It pulls a lot of information together, for example, everything a user does in a specific timeframe. It's quite helpful."
"Exabeam Fusion SIEM has a good performance and more advantages than traditional solutions."
"It's a very user-friendly product and it's a very comprehensive technology."
"It has virtual visualization, and other products do not."
"Splunk would be my choice for the presentation layer because it comes with inbuilt reports and a dashboard that you can customize."
"The most useful feature for me is the ability to create different kinds of alerts and set a different kind of denominator that will capture the real event. That is helpful for a power user like me."
"The reporting aspect is good and it does what I need it to do."
"Splunk incorporates a lot of elements that help to reduce security risks. For it to reach certain compliance, we need to have some security insight. Splunk is a very good SIEM, it’s a top solution, but the best feature is its cost of visibility. We have all the most important features to detect vulnerabilities or risks."
"It can log more logs than other solutions. It's a good way to troubleshoot problems."
"Being able to track impossible travel logins and things of that nature is valuable. We can track user logins from various IPs, various countries, and at various times to see if everything adds up."
"The correlation capabilities are the first value that our clients say they like with Splunk."
"When it comes to ingesting Azure native log sources, some of the log sources are specific to the subscription, and it is not always very clear."
"Documentation is the main thing that could be improved. In terms of product usage, the documentation is pretty good, but I'd like a lot more documentation on Kusto Query Language."
"It could have a better API to be able to automate many things more extensively and get more extensive data and more expensive deployment possibilities. It can gain some points on the automation part and the integration part. The API is very limited, and I would like to see it extended a bit more."
"There is some relatively advanced knowledge that you have to have to properly leverage Sentinel's full capabilities. I'm thinking about things like the creation of workbooks, how you do threat-hunting, and the kinds of notifications you're getting... It takes time for people to ramp up on that and develop a familiarity or expertise with it."
"The KQL query does not function effectively with Windows 11 machines, and in the majority of machine-based investigations, KQL queries are essential for organizing the data during investigations."
"Azure Sentinel will be directly competing with tools such as Splunk or Qradar. These are very established kinds of a product that have been around for the last seven, eight years or more."
"The only thing is sometimes you can have a false positive."
"Sometimes, we are observing large ingestion delays. We expect logs within 5 minutes, but it takes about 10 to 15 minutes."
"The initial setup of Exabeam Fusion SIEM is complex because it needs to integrate with the SIEM solution, but after this is complete it is straightforward."
"We had a large volume right from the beginning and they weren't quite prepared for that. That's something that they should think about when it comes to customers that have a large volume to start off with."
"Adding to the number of certifications that they have, for example, ISO 27001, would be helpful."
"I believe if it were more flexible it would be a better product."
"They need to focus on more of the MITRE ATT&CK Framework and coverage. They claim they cover about 70 to 80%. I'm not sure if it's really quite that much, however."
"Updating the new release of Exabeam Fusion SIEM takes time and slows our performance."
"The organzation is rigid and not flexible in the way they operate"
"The only problem is that the UI is not very impressive."
"It needs a better way to export dynamic views without requiring a ton of code and user/pw."
"The analytics of Splunk could be improved."
"It works as intended for us, and we are getting everything that we need out of it. If anything, its initial setup can be improved a bit."
"The difficult part is related to integration with sources of data that are used to create the logs as this depends on the infrastructure of the client."
"It is important to make sure that everything is built off of the threat models and all the underlying items within Splunk."
"In the next releases, I would like to see more pricing flexibility."
"Splunk Enterprise Security could improve in automation, flexibility, and providing more content out of the box."
"Custom visualizations are real hard. While the default visualizations are good, creating enhanced visualizations are complex."
Exabeam Fusion SIEM is ranked 32nd in Log Management with 10 reviews while Splunk Enterprise Security is ranked 1st in Log Management with 228 reviews. Exabeam Fusion SIEM is rated 8.0, while Splunk Enterprise Security is rated 8.4. The top reviewer of Exabeam Fusion SIEM writes "Enables centralized log collection on a single platform". On the other hand, the top reviewer of Splunk Enterprise Security writes "It has a drag-and-drop interface, so you don't need to know SQL or Java to construct a query ". Exabeam Fusion SIEM is most compared with IBM Security QRadar, Palo Alto Networks Cortex XSOAR, Splunk User Behavior Analytics, Gurucul UEBA and Cortex XSIAM, whereas Splunk Enterprise Security is most compared with Wazuh, Dynatrace, IBM Security QRadar, Elastic Security and Datadog. See our Exabeam Fusion SIEM vs. Splunk Enterprise Security report.
See our list of best Log Management vendors and best Security Information and Event Management (SIEM) vendors.
We monitor all Log Management reviews to prevent fraudulent reviews and keep review quality high. We do not post reviews by company employees or direct competitors. We validate each review for authenticity via cross-reference with LinkedIn, and personal follow-up with the reviewer when necessary.