We performed a comparison between Splunk Enterprise Security and Splunk ITSI (IT Service Intelligence) based on real PeerSpot user reviews.
Find out in this report how the two Security Information and Event Management (SIEM) solutions compare in terms of features, pricing, service and support, easy of deployment, and ROI.
"The best functionality that you can get from Azure Sentinel is the SOAR capability. So, you can estimate any type of activity, such as when an alert was triggered or an incident was found."
"The ability of all these solutions to work together natively is essential. We have an Azure subscription, including Log Analytics. This feature automatically acts as one of the security baselines and detects recommendations because it also integrates with Defender. We can pull the sysadmin logs from Azure. It's all seamless and native."
"The AI and ML of Azure Sentinel are valuable. We can use machine learning models at the tenant level and within Office 365 and Microsoft stack. We don't need to depend upon any other connectors. It automatically provisions the native Microsoft products."
"The main benefit is the ease of integration."
"We’ve got process improvement that's happened across multiple different fronts within the organization, within our IT organization based on this tool being in place."
"The standout feature of Sentinel is that, because it's cloud-based and because it's from Microsoft, it integrates really well with all the other Microsoft products. It's really simple to set up and get going."
"The pricing of the product is excellent."
"Mainly, this is a cloud-native product. So, there are zero concerns about managing the whole infrastructure on-premises."
"It is user-friendly. It is more effective than other solutions. The support and help for troubleshooting and the documentation from Splunk make it very effective."
"It has a rapid response search environment in the event of an incident."
"The connections to the database are very good and updating the data files is simple to do. The dashboards are useful and user-friendly."
"It helped us consolidate all our solutions into an easy tool to use for various employees."
"One of the most valuable features is threat hunting. We can do threat hunting and identify if there is any malicious activity happening within our environment, which is a key feature for us."
"It is quite extensible. It is a platform that we can build our use instead of each case instead of each case being limited or restricted to each capability. This is probably the best feature."
"The product is adept at log mining."
"You can use it to gather syslog messages from anything."
"I find the episode review, glass tables, and correlation search features very useful."
"We liked the built-in calculation of health scores."
"It's scalable and expands well."
"One of the excellent features is the service analyzer, which is truly impressive."
"We save substantial time on monitoring tasks because we don't have to search for what we need. Everything is packed, so you can drill down to the end values by just doing the kit. We don't spend a lot of time on this. Splunk ITSI is easy to use and not time-consuming."
"The solution has been stable."
"The glass tables are very helpful."
"The most valuable aspect lies in its utilization of predictive analytics to anticipate and prevent incidents within a window of twenty to thirty minutes."
"There is some relatively advanced knowledge that you have to have to properly leverage Sentinel's full capabilities. I'm thinking about things like the creation of workbooks, how you do threat-hunting, and the kinds of notifications you're getting... It takes time for people to ramp up on that and develop a familiarity or expertise with it."
"I would like to see more AI used in processes."
"I would like Sentinel to have more out-of-the-box analytics rules. There are already more than 400 rules, but they could add more industry-specific ones. For example, you could have sets of out-of-the-box rules for banking, financial sector, insurance, automotive, etc., so it's easier for people to use it out of the box. Structuring the rules according to industry might help us."
"They could use some kind of workbook. There is some limitation doing the editing and creating the workbook."
"For certain vendors, some of the data that Microsoft Sentinel captures is redacted due to privacy reasons."
"Sentinel can be used in two ways. With other tools like QRadar, I don't need to run queries. Using Sentinel requires users to learn KQL to run technical queries and check things. If they don't know KQL, they can't fully utilize the solution."
"Sentinel's reporting is complex and can be more user-friendly."
"Sometimes, it is hard for us to estimate the costs of Microsoft Sentinel."
"The difficult part is related to integration with sources of data that are used to create the logs as this depends on the infrastructure of the client."
"I would like Splunk to add more integration. QRadar has many indications with more products than Splunk."
"The administration of the cluster and app deployment to indexers or search heads can be done only using ssh access and command line, there is no GUI tools for that."
"The product must improve insider threat detection."
"When we do a rollout from the server or host or anything, we'd like to see more automation. It would save us time."
"The solution could improve by making it more business analysis oriented. The way it is now is designed more for developers."
"Splunk's ability to analyze malicious activities scores an 8 out of 10, but there's room for improvement. By analyzing emerging patterns, Splunk could identify and predict potential threats more effectively."
"The UI can be difficult to understand for non-technical people."
"ITSI could benefit from a security model that would allow operations team members to get involved in model building, KPI implementation, and model maintenance, while maintaining appropriate segregation of duties."
"The problem becomes the price, as Splunk is an expensive product."
"Predictive analytics, in terms of preventing incidents before they occur, still needs time to mature."
"Microservices is the only area where Splunk ITSI can be improved. When things come from one EC2 instance to another, there's a lack of exposure to microservices, so we can't know what's happening. Apart from that, it's doing pretty well."
"The cost of the license could be lower."
"It could be a little easier to use with the thresholding. We've struggled a little bit with thresholding."
"Splunk ITSI generates numerous false positives and has the potential for enhancement."
"We also faced challenges relating to UI development."
More Splunk ITSI (IT Service Intelligence) Pricing and Cost Advice →
Splunk Enterprise Security is ranked 1st in Security Information and Event Management (SIEM) with 235 reviews while Splunk ITSI (IT Service Intelligence) is ranked 5th in IT Alerting and Incident Management with 28 reviews. Splunk Enterprise Security is rated 8.4, while Splunk ITSI (IT Service Intelligence) is rated 8.2. The top reviewer of Splunk Enterprise Security writes "It has a drag-and-drop interface, so you don't need to know SQL or Java to construct a query ". On the other hand, the top reviewer of Splunk ITSI (IT Service Intelligence) writes "Provides great end-to-end visibility into our network environment and helped us reduce alert noise". Splunk Enterprise Security is most compared with Wazuh, Dynatrace, IBM Security QRadar, Elastic Security and Datadog, whereas Splunk ITSI (IT Service Intelligence) is most compared with ServiceNow IT Operations Management, Grafana, Dynatrace, Splunk APM and Elastic Observability. See our Splunk Enterprise Security vs. Splunk ITSI (IT Service Intelligence) report.
We monitor all Security Information and Event Management (SIEM) reviews to prevent fraudulent reviews and keep review quality high. We do not post reviews by company employees or direct competitors. We validate each review for authenticity via cross-reference with LinkedIn, and personal follow-up with the reviewer when necessary.
