We performed a comparison between Google Chronicle Suite and Splunk Enterprise Security based on real PeerSpot user reviews.
Find out in this report how the two Security Information and Event Management (SIEM) solutions compare in terms of features, pricing, service and support, easy of deployment, and ROI.
"It is able to connect to an ever-growing number of platforms and systems within the Microsoft ecosystem, such as Azure Active Directory and Microsoft 365 or Office 365, as well as to external services and systems that can be brought in and managed. We can manage on-premises infrastructure. We can manage not just the things that are running in Azure in the public cloud, but through Azure Arc and the hybrid capabilities, we can monitor on-premises servers and endpoints. We can monitor VMware infrastructure, for instance, running as part of a hybrid environment."
"Sentinel also enables you to ingest data from your entire ecosystem and not just from the Microsoft ecosystem. It can receive data from third-party vendors' products such firewalls, network devices, and antivirus solutions. It's not only a Microsoft solution, it's for everything."
"Sentinel is a Microsoft product, so they provide very robust use cases and analytic groups, which are very beneficial for the security team. I also like the ability to integrate data sources into the software for on-premise and cloud-based solutions."
"Sentinel uses Azure Logic Apps for automation, which is really powerful. This allows us to easily automate responses to incidents."
"In Azure Sentinel, we have found, they do have a store in their capability. AI and intelligence features. We found that to be very helpful for us because some other things we do need to integrate again or find another vendor for the store"
"I like the KQL query. It simplifies getting data from the table and seeing the logs. All you need to know are the table names. It's quite easy to build use cases by using KQL."
"It has a lot of great features."
"There are a lot of things you can explore as a user. You can even go and actively hunt for threats. You can go on the offensive rather than on the defensive."
"The platform's most valuable features are multiple connectors and data output flexibility regarding dashboards and user experience."
"The log folder is fairly simple."
"The tool's most valuable feature is the search option, allowing easy navigation."
"What sets Chronicle apart from other solutions is its emphasis on threat hunting rather than solely serving as a monitoring tool."
"Google Chronicle Suite provides useful APIs."
"Google Chronicle Suite is a highly scalable solution with good search capabilities."
"The support team is responsive."
"The product's most valuable feature is threat hunting. We can detect the threats directly from the console from the past data as well."
"The most valuable features are how stable and easy to use Splunk is."
"The varied prebuilt feature is the most valuable because it ensures that we have complete coverage over all of the key questions."
"Splunk is stable, and this is why many customers want it."
"The most valuable feature is the log aggregation, being able to scan through all of the logs."
"The most valuable feature of Splunk is the log monitoring."
"One key advantage of Splunk over competitors like IBM QRadar is its superior device integration capabilities."
"The most valuable features for us include its robust log management capabilities, which allow us to efficiently handle and retain logs for extended periods as needed."
"Splunk is extremely flexible, which allows us to create custom visualizations along with other customizations."
"I can't think of anything other than just getting the name out there. I think a lot of customers don't fully understand the full capabilities of Azure Sentinel yet. It is kind of like when they're first starting to use Azure, it might not be something they first think about. So, they should just kind of get to the point where it is more widely used."
"I would like Sentinel to have more out-of-the-box analytics rules. There are already more than 400 rules, but they could add more industry-specific ones. For example, you could have sets of out-of-the-box rules for banking, financial sector, insurance, automotive, etc., so it's easier for people to use it out of the box. Structuring the rules according to industry might help us."
"The solution could improve the playbooks."
"Not all information shows up in Sentinel. Sometimes there are items provided in 365 and if you looked in Sentinel you would not see them and therefore think they do not exist. There can be discrepancies between Microsoft tools."
"I think the number one area of improvement for Sentinel would be the cost."
"They're giving us the queries so we can plug them right into Sentinel. They need to have a streamlined process for updating them in the tool and knowing when things are updated and knowing when there are new detections available from Microsoft."
"Its documentation is not so simple. It is easy for somebody who is Microsoft certified or more closely attached to Microsoft solutions. It is not easy for those who are working on open-source platforms. There isn't a central point where everything is documented, and there is no specific training or certification."
"They should integrate it with many other software-as-a-service providers and make connectors available so that you don't have to do any sort of log normalization."
"The tool is complicated for a first-time user. It should also include newer APIs."
"The tool needs to improve tasking packages. Its GUI needs to be improved. The product needs to include time-based filtration. We can only see the alert detection timeline now."
"The configuration is not optimal."
"The solution's graphical user interface (GUI) should be more user-friendly."
"A few areas are difficult to understand for someone who has less experience using the product."
"In terms of improvement, the UI can be a bit challenging for beginners."
"The product's default dashboard feature has a few limitations regarding availability."
"The tool is a little bit difficult to use compared to Microsoft Sentinel."
"I haven't found a way for me to create my own plugins and integrate them into Splunk, but this isn't necessarily a limitation; it could simply be a lack of knowledge on my part."
"I find that the learning curve for Splunk is relatively lengthy."
"Previously, they developed custom connectors or add-ons for a lot of applications. But that number can be upgraded still. There are a lot of applications in the world that are not supported."
"Splunk is not very user-friendly. It has a complex architecture in comparison to other solutions on the market."
"Licensing costs can be a barrier for those with limited budgets."
"The Web Application Firewall will send you too much information because it's more dedicated to security than a normal firewall."
"Some of the terminology can be confusing, even for seasoned vets. Renaming components at this point would be a serious undertaking. However, it might be beneficial in the long run."
"The GUI can be improved to include some of the capabilities that other BI solutions have."
Google Chronicle Suite is ranked 28th in Security Information and Event Management (SIEM) with 8 reviews while Splunk Enterprise Security is ranked 1st in Security Information and Event Management (SIEM) with 228 reviews. Google Chronicle Suite is rated 7.8, while Splunk Enterprise Security is rated 8.4. The top reviewer of Google Chronicle Suite writes "Swiftly navigates and analyzes extensive datasets without significant delays ". On the other hand, the top reviewer of Splunk Enterprise Security writes "It has a drag-and-drop interface, so you don't need to know SQL or Java to construct a query ". Google Chronicle Suite is most compared with AWS Security Hub, Sentinel, IBM Security QRadar, Elastic Security and Rapid7 InsightIDR, whereas Splunk Enterprise Security is most compared with Wazuh, Dynatrace, IBM Security QRadar, Elastic Security and Sentinel. See our Google Chronicle Suite vs. Splunk Enterprise Security report.
See our list of best Security Information and Event Management (SIEM) vendors.
We monitor all Security Information and Event Management (SIEM) reviews to prevent fraudulent reviews and keep review quality high. We do not post reviews by company employees or direct competitors. We validate each review for authenticity via cross-reference with LinkedIn, and personal follow-up with the reviewer when necessary.
