We performed a comparison between Splunk Enterprise Security and VMware Aria Operations for Applications based on real PeerSpot user reviews.
Find out in this report how the two Security Information and Event Management (SIEM) solutions compare in terms of features, pricing, service and support, easy of deployment, and ROI.
"Microsoft Sentinel comes preloaded with templates for teaching and analytics rules."
"The most valuable features in my experience are the UEBA, LDAP, the threat scheduler, and integration with third-party straight perform like the MISP."
"Microsoft Sentinel provides the capability to integrate different log sources. On top of having several data connectors in place, you can also do integration with a threat intelligence platform to enhance and enrich the data that's available. You can collect as many logs and build all the use cases."
"The best feature is that onboarding to the SIM solution is quite easy. If you are using cloud-based solutions, it's just a few clicks to migrate it."
"The most valuable feature is the performance because unlike legacy SIEMs that were on-premises, it does not require as much maintenance."
"Sentinel has features that have helped improve our security poster. It helped us in going ahead and identifying the gaps via analysis and focusing on the key elements."
"We’ve got process improvement that's happened across multiple different fronts within the organization, within our IT organization based on this tool being in place."
"We can use Sentinel's playbook to block threats. It covers all of the environment, giving us great visibility."
"It has a big user base, so the community is useful."
"It provides a risk score for each object, device, or user. We can then take action if they are at a higher risk."
"Splunk's visualizations make it easy for users to understand the data."
"We are much faster finding and addressing issues with Splunk."
"The integration is seamless with many devices and operating systems."
"The solution's most valuable features are its ability to transact in the cloud and its ability to onboard data easily with minimum connectors."
"It definitely does help with both auditing and as well as regular monitoring. SOC does more monitoring, but ES also gives you other features that are auditing-related. The dashboards are also beneficial."
"The most valuable features for us include its robust log management capabilities, which allow us to efficiently handle and retain logs for extended periods as needed."
"People are very pleased with the implementation."
"The most valuable aspects of the solution are its ease of use and its ease of implementation."
"This solution allows me to have true visibility for any metrics when it comes to my cloud, and private."
"The solution is great for virtualization and preparing the infrastructure in Tanzu to test products. It's very fast and has good visibility."
"The features I find most valuable is the querying and alerting capabilities."
"No issues with stability."
"VMware comes with a support team, and if you have trouble, you can easily create a ticket, and VMware will help you. Therefore, the best aspect is the support."
"For us, the ease of deployment in combination with TMZ was the most important part because we don't have to manually deploy a complex monitoring solution. We can more or less do that with the click of a button, and we are not dependent on the developers to provide us with all the necessary features and functions to make that work. We can just deploy it on a workload cluster and monitor at least a good part of the workload. If we want to go into detail, we clearly need to make changes, but for a good part of application monitoring, it gives us good insights."
"The troubleshooting has room for improvement."
"The reporting could be more structured."
"We'd like to see more connectors."
"Microsoft Sentinel should provide an alternative query language to KQL for users who lack KQL expertise."
"Sentinel can be used in two ways. With other tools like QRadar, I don't need to run queries. Using Sentinel requires users to learn KQL to run technical queries and check things. If they don't know KQL, they can't fully utilize the solution."
"The solution could be more user-friendly; some query languages are required to operate it."
"Sentinel's reporting is complex and can be more user-friendly."
"There is a wider thing called Jupyter Notebooks, which is around the automation side of things. It would be good if there are playbooks that you can utilize without having to have the developer experience to do it in-house. Microsoft could provide more playbooks or more Jupyter Notebooks around MITRE ATT&CK Framework."
"It can be tough to get a hold of somebody in technical support depending on the complexity of the issue."
"It needs integration with a configuration management solution."
"There is improvement needed when importing from some types of data sources."
"Sometimes, there is latency in the logs."
"Splunk Enterprise Security can provide more details and help CISOs resolve vulnerability situations better. The reason is that the tools we choose for data analysis and log collection cannot collect all the data and logs. Splunk Enterprise Security should help me with this, but it cannot."
"On-premises scaling of the solution is a bit more limited than it is on the cloud."
"Splunk is very expensive. The license is based on the volume of the logs ingested. I was responsible for managing the contract with our service integrator. I don't know the precise details of the competing solution, but I have heard that Splunk is more expensive than others. I don't know what the going rate is on the market, but I think there are at least two competitors that are less expensive. We have experienced a few issues with our service providers in terms of log filtering and ingestion, so we continue to pay a bit more per day for our logs."
"Splunk can improve regex/asset analysis as we do not want to crawl until it is done."
"They could make it more easy to plug-in data so that a nontechnical person will be able to use it, like accountants or finance people. That way they don't have to ask us."
"The implementation is a long process that should be improved."
"The documentation and integration with Kubernetes could be improved."
"It could use a URL document server. Everything in the market is moving towards automation and everybody's looking for the single click operations as well relational data locality."
"Its billing model is consumption-based. I understand the consumption-based model, but it is not necessarily easy to estimate and guess how many points or how much we are going to consume on a specific application up until we get to that point. So, for us, it would be helpful to have more insights or predictability into what we can expect from a cost perspective if we are starting to use specific features. This can potentially also drive our consumption a bit more."
"I would like to see integration with Kubernetes cluster and APIs so that you can manage the entire stack."
"The main problem I have is that the license cost is very high."
"In the new version, I would love to see more prediction capabilities. It would be great if one could see the alerts get a little more enriched with information and become more human-friendly instead of the technical stuff that they put in there. I think those would be really awesome outcomes to get."
More VMware Aria Operations for Applications Pricing and Cost Advice →
Splunk Enterprise Security is ranked 1st in Security Information and Event Management (SIEM) with 235 reviews while VMware Aria Operations for Applications is ranked 28th in Cloud Monitoring Software with 9 reviews. Splunk Enterprise Security is rated 8.4, while VMware Aria Operations for Applications is rated 7.6. The top reviewer of Splunk Enterprise Security writes "It has a drag-and-drop interface, so you don't need to know SQL or Java to construct a query ". On the other hand, the top reviewer of VMware Aria Operations for Applications writes "Easy to deploy, worth the money, and helpful for uptime monitoring and performance insights". Splunk Enterprise Security is most compared with Wazuh, Dynatrace, IBM Security QRadar, Elastic Security and Datadog, whereas VMware Aria Operations for Applications is most compared with Dynatrace, Grafana, Zabbix, Datadog and Elastic Observability. See our Splunk Enterprise Security vs. VMware Aria Operations for Applications report.
We monitor all Security Information and Event Management (SIEM) reviews to prevent fraudulent reviews and keep review quality high. We do not post reviews by company employees or direct competitors. We validate each review for authenticity via cross-reference with LinkedIn, and personal follow-up with the reviewer when necessary.
