We performed a comparison between Splunk Enterprise Security and Tableau based on real PeerSpot user reviews.
Find out what your peers are saying about Microsoft, Splunk, Wazuh and others in Security Information and Event Management (SIEM)."The best feature is that onboarding to the SIM solution is quite easy. If you are using cloud-based solutions, it's just a few clicks to migrate it."
"The data connectors that Microsoft Sentinel provides are easy to integrate when we work with a Microsoft agent."
"Having your logs put all in one place with machine learning working on those logs is a good feature. I don't need to start thinking, "Where are my logs?" My logs are in a centralized repository, like Log Analytics, which is why you can't use Sentinel without Log Analytics. Having all those logs in one place is an advantage."
"Native integration with Microsoft security products or other Microsoft software is also crucial. For example, we can integrate Sentinel with Office 365 with one click. Other integrations aren't as easy. Sometimes, we have to do it manually."
"It is easy to implement (turn on) - does need a skilled analyst to develop queries and playbooks."
"Log aggregation and data connectors are the most valuable features."
"The UI of Sentinel is very good and easy to use, even for beginners."
"Sentinel's most important feature is the ability to centralize all the logs in one place. There's no need to search multiple systems for information."
"We have a more secure, robust environment, which keeps the harmful software out of the zone required."
"It has the ability to correlate data, analyze and review it."
"It's the completeness of the solution that we like the most."
"If I need to integrate devices for logs, it is easier with Splunk. We can integrate different applications, network devices, and databases. It is also very rich in documents. It is the best."
"The ability to digest any information and then correlate it in accordance with what you need is valuable. The ability to connect to pretty much everything and bring the information in the same format is also valuable. On top of that, we can use their language in order to create and customize the dashboards, correlations, or analytics that we want to incorporate."
"The varied prebuilt feature is the most valuable because it ensures that we have complete coverage over all of the key questions."
"We did not encounter any issues with scalability. It is almost seamless to add new index (storage) or search (used to analyze the data) nodes to the cluster."
"This solution helps us increase our productivity."
"Tableau is an advanced specialized tool. One of the best features I've seen is the lack of an intermediate semantic layer. I think that's an advantage compared to any other tool like BusinessObjects or Power BI, which are Tableau's biggest competitors."
"The most valuable feature is the interface, which is user-friendly and intuitive."
"I have found many of the self-service features valuable."
"Very user friendly."
"There is a lot of APIs available, which means that Tableau can be customized to a large extent."
"Tableau is easy to use compared to some other solutions, such as Excel."
"The most valuable part of the solution is the general dashboard features."
"It's very easy to visualize data with this product. The visualization maps of and frames that we have been able to cross-reference has been excellent."
"We have been working with multiple customers, and every time we onboard a customer, we are missing an essential feature that surprisingly doesn't exist in Sentinel. We searched the forums and knowledge bases but couldn't find a solution. When you onboard new customers, you need to enable the data connectors. That part is easy, but you must create rules from scratch for every associated connector. You click "next," "next," "next," and it requires five clicks for each analytical rule. Imagine we have a customer with 150 rules."
"Sometimes, it is hard for us to estimate the costs of Microsoft Sentinel."
"They need to work with other security vendors. For example, we replaced our email gateway with Symantec, but we couldn't collect these logs with Azure Sentinel. Instead of collecting these logs with Azure Sentinel, we are collecting them on Qradar. We couldn't do it with Sentinel, which is a problem for us."
"The playbook is a bit difficult and could be improved."
"Sentinel should be improved with more connectors. At the moment, it only covers a few vendors. If I remember correctly, only 100 products are supported natively in Sentinel, although you can connect them with syslog. But Microsoft should increase the number of native connectors to get logs into Sentinel."
"Sentinel can be used in two ways. With other tools like QRadar, I don't need to run queries. Using Sentinel requires users to learn KQL to run technical queries and check things. If they don't know KQL, they can't fully utilize the solution."
"There is a wider thing called Jupyter Notebooks, which is around the automation side of things. It would be good if there are playbooks that you can utilize without having to have the developer experience to do it in-house. Microsoft could provide more playbooks or more Jupyter Notebooks around MITRE ATT&CK Framework."
"They should integrate it with many other software-as-a-service providers and make connectors available so that you don't have to do any sort of log normalization."
"One issue is that we are getting a lot of false positives. We are trying to reduce them by customizing the default rules, changing thresholds, and using white-listing and black-listing. It's getting better and better as a result. But they need to build components that would reduce the false positives."
"Splunk could add more ways to manage archiving and storage. There isn't a web interface. You can do this on the SaaS version, but the on-premise platform doesn't have this option. It has other things but no option for remote NAS. I would like to have a personal web interface where I can specify how long logs should be stored. To have this readily available on the web, you need to adjust some settings on the backend. That is tricky."
"Their technical support sucks."
"Make it easier to include roles and user controls, as it is horrible now."
"It is a hugely complicated product."
"Splunk could have more built-in use case presets that customers can build on and customize."
"It would be nice if Splunk reduced the cost of training. Their training sessions are way too costly."
"It can be tough to get a hold of somebody in technical support depending on the complexity of the issue."
"We need big servers to perform the operations that we are doing. They should probably relook at its architecture."
"It needs a little bit more advanced modeling. I would like to see functionality like Cognos has in the Framework Manager."
"At the organizational level, increasing the servers' capabilities to support us as an enterprise tool."
"It's already using 32 gigabytes of memory, but the performance is not so good. It's very heavy."
"I have used Power BI as well as Tableau. There are a couple of interesting features that I like in Power BI, but they are not present in Tableau. For example, in Power BI, if I am looking at country-wise population, I can type and ask for the country that has the maximum population, and it will automatically give an answer and address that query. This kind of feature is not there in Tableau. Similarly, in Power BI, for integrating with the latest ML algorithms, we have decision trees and primarily multiple machine learning algorithms. The decision tree essentially visualizes the patterns in the data. We don't have such a feature in Tableau. If Tableau can integrate with the machine learning algorithms and help us to do visualizations, it would be a wonderful combination. Most of the people are going for Tableau primarily for visualization purposes. However, in the data science industry, users want to do model building as well as tell a story. As of now, Tableau is fulfilling the requirements for visualization purposes. If they can bring it up to a level where I can use it for machine learning purposes as well as for visualization, it would be very helpful. Many people who want to do data science don't want to write a code. Tableau is anyway a drag and drop tool, and if they can provide those options as well, it will be a powerful combination."
"Provide additional enhancements in any business process: Operations, Marketing and Sales, Finance, Human Resources, Logistics, etc."
"When I've done presentations in the past, I've had issues with uploading the cartography."
"To be the best in the market, Tableau has to improve its user interface and also look into developing implementing the best machine learning algorithms."
Splunk Enterprise Security is ranked 2nd in Security Information and Event Management (SIEM) with 228 reviews while Tableau is ranked 2nd in BI (Business Intelligence) Tools with 290 reviews. Splunk Enterprise Security is rated 8.4, while Tableau is rated 8.4. The top reviewer of Splunk Enterprise Security writes "It has a drag-and-drop interface, so you don't need to know SQL or Java to construct a query ". On the other hand, the top reviewer of Tableau writes "Provides fast data access with in-memory extracts, makes it easy to create visualizations, and saves time". Splunk Enterprise Security is most compared with Wazuh, Dynatrace, IBM Security QRadar, Elastic Security and Azure Monitor, whereas Tableau is most compared with Microsoft Power BI, Amazon QuickSight, Domo, SAS Visual Analytics and Databricks.
We monitor all Security Information and Event Management (SIEM) reviews to prevent fraudulent reviews and keep review quality high. We do not post reviews by company employees or direct competitors. We validate each review for authenticity via cross-reference with LinkedIn, and personal follow-up with the reviewer when necessary.