We performed a comparison between ClearSkies SaaS NG SIEM and Splunk Enterprise Security based on real PeerSpot user reviews.
Find out what your peers are saying about Splunk, Microsoft, Wazuh and others in Security Information and Event Management (SIEM)."We are able to deploy within half an hour and we only require one person to complete the implementation."
"One of the most valuable features of Microsoft Sentinel is that it's cloud-based."
"Sentinel has features that have helped improve our security poster. It helped us in going ahead and identifying the gaps via analysis and focusing on the key elements."
"Another area where it is helping us is in creating a single dashboard for our environment. We can collect all the logs into a log analytics workset and run queries on top of it. We get all the results in the dashboard. Even a layman can understand this stuff. The way Microsoft presents it is really incredible."
"It's easy to use. It's a very good product. It can easily ingest data from anywhere. It has an easily understandable language to perform actions."
"The Identity Behavior tab furnishes us with the entire history linked to each IP or domain that has either accessed or attempted to access our system."
"The analytic rule is the most valuable feature."
"We’ve got process improvement that's happened across multiple different fronts within the organization, within our IT organization based on this tool being in place."
"The correlation rules and the user platform are most valuable."
"The connections to the database are very good and updating the data files is simple to do. The dashboards are useful and user-friendly."
"The most valuable features in Splunk are the search function and the ability to run selected session reports. The session reports are important because I can use them to see what is going on in our environment weekly. Additionally, we can use the graph to see how often that particular event is happening."
"This is a straightforward solution, easy to configure."
"The data analysis part is good in Splunk, which is something that I like the most. It is also quite easy to use. Its dashboards, visualizations, and analytics are good."
"It can log more logs than other solutions. It's a good way to troubleshoot problems."
"Good for log collection and log management."
"It is a one stop shop as a full monitoring and alerting solution for operations and application analysis for most of our back-end systems."
"The feature that we use the most is the correlation search engine within ES."
"Multi-tenancy, in my opinion, needs to be improved. I believe it can do better as a managed service provider."
"Add more out-of-the-box connectors with other SaaS platforms/applications."
"The playbook development environment is not as rich as it should be. There are multiple occasions when we face problems while creating the playbook."
"Microsoft Sentinel is relatively expensive, and its cost should be improved."
"Its implementation could be simpler. It is not really simple or straightforward. It is in the middle. Sometimes, connectors are a little bit complex."
"Documentation is the main thing that could be improved. In terms of product usage, the documentation is pretty good, but I'd like a lot more documentation on Kusto Query Language."
"The built-in SOAR is not really good out-of-the-box. The SOAR relies on logic apps and you almost need to have some kind of developer background to be able to make these logic apps. Most security people cannot develop anything..."
"If I can use Sentinel offline at home and use it on a local network, it would be great. I'm not sure if I can use Sentinel offline versus the tools I have."
"They can add behavior analytics and AI or machine learning technology. They also improve their correlation engine. In addition to collecting logs from devices, they can collect the traffic and then correlate these logs and the traffic information."
"It currently has limited default rules and customizations. If they can concentrate more on the compliance part and the security information part, it would be helpful. The platform part is good, but it requires many features from the security aspect."
"A lot of people are averse to using new tools so if they make it even more user-friendly than it already is, I think that could go a long way."
"I would like to see an updated dashboard. The dashboard is a little out-of-date. It could be made prettier."
"On-premises scaling of the solution is a bit more limited than it is on the cloud."
"The administration of the cluster and app deployment to indexers or search heads can be done only using ssh access and command line, there is no GUI tools for that."
"We were inundated with the amount of alerts and alarms that we could get out of it. It is also a resource hog and we didn't have the resources to support it on-prem so we're taking it offline now."
"The solution could improve by giving more email details."
"I find the graphical options really limited and you don't have enough control over how to display the data that you want to see."
Earn 20 points
ClearSkies SaaS NG SIEM is ranked 58th in Security Information and Event Management (SIEM) while Splunk Enterprise Security is ranked 1st in Security Information and Event Management (SIEM) with 240 reviews. ClearSkies SaaS NG SIEM is rated 8.0, while Splunk Enterprise Security is rated 8.4. The top reviewer of ClearSkies SaaS NG SIEM writes "Good correlation rules, competitive pricing, and good stability". On the other hand, the top reviewer of Splunk Enterprise Security writes "It has a drag-and-drop interface, so you don't need to know SQL or Java to construct a query ". ClearSkies SaaS NG SIEM is most compared with , whereas Splunk Enterprise Security is most compared with Wazuh, Dynatrace, IBM Security QRadar, Elastic Security and Datadog.
See our list of best Security Information and Event Management (SIEM) vendors.
We monitor all Security Information and Event Management (SIEM) reviews to prevent fraudulent reviews and keep review quality high. We do not post reviews by company employees or direct competitors. We validate each review for authenticity via cross-reference with LinkedIn, and personal follow-up with the reviewer when necessary.