We performed a comparison between ManageEngine Log360 and Splunk Enterprise Security based on real PeerSpot user reviews.
Find out in this report how the two Security Information and Event Management (SIEM) solutions compare in terms of features, pricing, service and support, easy of deployment, and ROI."The Log analytics are useful."
"The native integration of the Microsoft security solution has been essential because it helps reduce some false positives, especially with some of the impossible travel rules that may be configured in Microsoft 365. For some organizations, that might be benign because they're using VPNs, etc."
"We’ve got process improvement that's happened across multiple different fronts within the organization, within our IT organization based on this tool being in place."
"Previously, it was a little bit difficult to find where an incident came from, including which IP address and which country. So in Sentinel, it's very easy to find where the incident came from since we can easily get the information from the dashboard, after which we take action quickly."
"The initial setup is very simple and straightforward."
"The log analysis is excellent; it can predict what can or will happen regarding use patterns and vulnerabilities."
"The analytics has a lot of advantages because there are 300 default use cases for rules and we can modify them per our environment. We can create other rules as well. Analytics is a useful feature."
"The log query feature has been the most valuable because it's very good. You can put your data on the cloud and run queues from Sentinel. It will do it all very fast. I love that I don't have to upload it to an Excel file and then manually look for a piece of information. Sentinel is much faster and is good for big databases."
"The product is very user-friendly."
"The most valuable feature is that this solution is more secure than others, and there are more applications and features as well."
"The reports that you can run are really nice."
"The most valuable features for us are the application logs monitoring and the dashboard, which provides a single-pane view of all the ongoing activities."
"We haven't had any stability issues."
"It basically helps us. We have to stay in compliance with certain issues with some of our customers. We have to have these types of tools in place for protecting our network and our data. We're in the aerospace industry, so we have a lot of defense contracts. So, all those guys will make sure that we're protecting their information, and it does a good job in that aspect."
"It is easier to deploy than are other SIEMs, which is great. You can also get an overview of your environment, which is very handy."
"ManageEngine Log360 is not difficult to deploy."
"We can present to our management in real time the security of the batch management for the PCs, security regarding the network equipment. We're currently working in the Azure Cloud project, so we can send any logs from the cloud to Splunk. We can monitor them and we can present to the managers and customers. It's a very good solution for reporting. We use Splunk for reporting and monitoring of any solution in the company."
"The ability to quickly search logs, performance data, and other inputs has helped tremendously with troubleshooting."
"The completeness of the solution is what we like the most."
"The feature that we use the most is the correlation search engine within ES."
"Splunk Enterprise Security helped us with faster detection of threats."
"The most useful feature for me is the ability to create different kinds of alerts and set a different kind of denominator that will capture the real event. That is helpful for a power user like me."
"We have a more secure, robust environment, which keeps the harmful software out of the zone required."
"The varied prebuilt feature is the most valuable because it ensures that we have complete coverage over all of the key questions."
"They could use some kind of workbook. There is some limitation doing the editing and creating the workbook."
"Only one thing is missing: NDR is not available out-of-the-box. The competitive cloud-native SIEM providers have the NDR component. Currently, Sentinel needs NDR to be powered from either Corelight or some other NDR provider."
"The solution could improve the playbooks."
"Sentinel can be used in two ways. With other tools like QRadar, I don't need to run queries. Using Sentinel requires users to learn KQL to run technical queries and check things. If they don't know KQL, they can't fully utilize the solution."
"They need to work with other security vendors. For example, we replaced our email gateway with Symantec, but we couldn't collect these logs with Azure Sentinel. Instead of collecting these logs with Azure Sentinel, we are collecting them on Qradar. We couldn't do it with Sentinel, which is a problem for us."
"I would like to be able to monitor applications outside of the Azure Cloud."
"The product can be improved by reducing the cost to use AI machine learning."
"If I see an alert and I want to drill down and get more details about the alert, it's not just one click. In other SIEM tools, you just have to click the IP address of the entity and they give you the complete picture. In Sentinel, you have to write queries or use saved queries to get details."
"Most times log sheets are not assigned well."
"The support needs improvement."
"It is not expensive compared to other solutions."
"On the logging system, there's a local on-client side that is encrypted, and there's one that is not encrypted. It is only for diagnostical purposes. However, both being encrypted would be very valuable for some audits."
"It's difficult to find which conditions have been applied to a report because they are provided by default by ManageEngine. However, with other SIEMs if you want to create a report, they provide details, like which conditions are triggering certain reports. This needs to be there in ManageEngine. It would be good to know which parameter has been applied to the report that is updating the system."
"Their technical support should be improved."
"It takes a little bit of time for Log360 to actually learn your environment."
"The matter of the data retention needs to be addressed."
"There is a definite learning curve to starting out."
"Splunk Enterprise Security has not helped reduce our alert volume."
"We find that the maintenance process could be a lot better."
"This is not really a monitoring solution."
"Splunk is not very user-friendly. It has a complex architecture in comparison to other solutions on the market."
"Splunk can be an expensive solution. Technical support could be improved as well."
"I would like to see more SIEM functionality and a better ticket tool."
"The level of scalability depends on the license you have. You can expand or reduce it based on the environment. It does cost more money to scale, however."
ManageEngine Log360 is ranked 24th in Security Information and Event Management (SIEM) with 15 reviews while Splunk Enterprise Security is ranked 1st in Security Information and Event Management (SIEM) with 240 reviews. ManageEngine Log360 is rated 7.2, while Splunk Enterprise Security is rated 8.4. The top reviewer of ManageEngine Log360 writes "Facilitates incident backtracking and identifying the cause of incidents but insufficient intelligence-driven analysis to suppress unnecessary alerts". On the other hand, the top reviewer of Splunk Enterprise Security writes "It has a drag-and-drop interface, so you don't need to know SQL or Java to construct a query ". ManageEngine Log360 is most compared with ManageEngine EventLog Analyzer, Wazuh, Fortinet FortiSIEM, SolarWinds Security Event Manager and LogRhythm SIEM, whereas Splunk Enterprise Security is most compared with Wazuh, Dynatrace, IBM Security QRadar, Elastic Security and Datadog. See our ManageEngine Log360 vs. Splunk Enterprise Security report.
See our list of best Security Information and Event Management (SIEM) vendors and best Log Management vendors.
We monitor all Security Information and Event Management (SIEM) reviews to prevent fraudulent reviews and keep review quality high. We do not post reviews by company employees or direct competitors. We validate each review for authenticity via cross-reference with LinkedIn, and personal follow-up with the reviewer when necessary.