We performed a comparison between SolarWinds Security Event Manager and Splunk Enterprise Security based on real PeerSpot user reviews.
Find out in this report how the two Security Information and Event Management (SIEM) solutions compare in terms of features, pricing, service and support, easy of deployment, and ROI."The analytic rule is the most valuable feature."
"If you know how to do KQL (kusto query language) queries, which are how you query the log data inside Sentinel, the information is pretty rich. You can get down to a good level of detail regarding event information or notifications."
"The UI of Sentinel is very good and easy to use, even for beginners."
"The most valuable feature is the onboarding of the workloads. You can see all that has been onboarded in your account on the dashboards."
"The most valuable feature is the UEBA. It's very easy for a security operations analyst. It has a one-touch analysis where you can search for a particular entity, and you can get a complete overview of that entity or user."
"The automation feature is valuable."
"Sentinel is a SIEM and SOAR tool, so its automation is the best feature; we can reduce human interaction, freeing up our human resources."
"It is able to connect to an ever-growing number of platforms and systems within the Microsoft ecosystem, such as Azure Active Directory and Microsoft 365 or Office 365, as well as to external services and systems that can be brought in and managed. We can manage on-premises infrastructure. We can manage not just the things that are running in Azure in the public cloud, but through Azure Arc and the hybrid capabilities, we can monitor on-premises servers and endpoints. We can monitor VMware infrastructure, for instance, running as part of a hybrid environment."
"SolarWinds is easy to configure, and it provides timely alerts."
"SolarWinds is effective for server, network, and log monitoring. It's also good for IP address management. We also have a patch manager, but we're still working on getting that operational."
"It has in-depth monitoring capabilities and an easy way for setting up dashboards. I can expand in various areas, or I can reduce areas. It supports different types of breakdowns, filters, and rules. It is very simple for an out-of-the-box type of product. It doesn't take a lot of time to figure it out, which is unlike some of the solutions that I have looked at. It meets all the aspects."
"The most valuable feature of this solution is the visibility into both attempted and failed logins."
"The graphical user interface is very user-friendly. SolarWinds is a hybrid solution so you can use it across many platforms."
"The most valuable feature of SolarWinds Security Event Manager is the analysis and the knowledge about the incidence that we trace."
"It performs network behavior monitoring, log monitoring, and disaster recovery monitoring."
"Some of the rules are most valuable because you can be notified about various things, such as spyware or things that are going on in the internal network."
"The scalability is good."
"The search function for spam is like a google search. You just enter and it will quickly show you the results."
"It gives me notifications of notable events."
"The solution's most valuable features are its ability to transact in the cloud and its ability to onboard data easily with minimum connectors."
"Capability to expand the functionality through custom code for data inputs, commands, visualization, alerts, and machine learning."
"The technical support has been very good. They are very responsive and have been helpful."
"Splunk is stable, and this is why many customers want it."
"Splunk Enterprise Security offers two valuable features: the Common Information Model and arrangement modules."
"We are invoiced according to the amount of data generated within each log."
"In terms of features I would like to see in future releases, I'm interested in a few more use cases around automation. I do believe a lot of automation is available, and more is in progress, but that would be my area of interest."
"If you're looking to use canned queries, the interface could be a little more straightforward. It's not immediately intuitive regarding how you use it. You have to take a canned query and paste it into an operational box and then you hit a button... They could improve the ease of deploying these queries."
"We're satisfied with the comprehensiveness of the security protection. That said, we do have issues sometimes where there have been global outages and we need to raise a ticket with Microsoft."
"Microsoft Sentinel should provide an alternative query language to KQL for users who lack KQL expertise."
"The interface could be more user-friendly. It''s a small improvement that they could make if they wanted to."
"Sometimes, we are observing large ingestion delays. We expect logs within 5 minutes, but it takes about 10 to 15 minutes."
"The solution could be more user-friendly; some query languages are required to operate it."
"I would like to have a more customizable dashboard."
"The product should improve the ease with which you can create event alerts. They are not as hard now but you need to have an easier way."
"I don't think SolarWinds is scalable enough. It is somewhat limited when I need to deploy it across multiple environments in a distributed architecture."
"The company had to use a third party for the implementation of the solution."
"It is a very technical program. They can simplify it so that it isn't so hard to deal with."
"I would like to be able to dig deeper into the visibility of events or incidents to determine whether they are malicious, such as by doing behavior analysis."
"We'd like more customization capabilities."
"The only issue is the pricetag. SolarWinds is a costly solution."
"The monitoring aspect of Splunk could be improved. We have to do some queries to get as much information as CrowdStrike or other solutions provide. If you run a big query, you will see a delay. That is the only concern we have because it will take some time if you query large data sets."
"Splunk ES could have more pre-built integrations and rules. The detection is fairly accurate, but it depends on the rules you create. Splunk's out-of-the-box configuration isn't that useful."
"The product was designed for security and IT with business intelligence needs, such as PDF exporting, but this has not been the highest priority. While the functionality is there, it could be developed more."
"The only improvement I am expecting is the cost of the licensing. Clients are going to other solutions just because of the cost."
"It is important to make sure that everything is built off of the threat models and all the underlying items within Splunk."
"I'd say I am happy with the technical support, not elated. They provide great support, but sometimes they don't have the answers that I need."
"Enterprise security: Splunk must work on clarifying the solution to customers and explain how to gain more from it."
"My company could benefit from doing more Splunk training with Splunk consultants teaching us how to use it."
More SolarWinds Security Event Manager Pricing and Cost Advice →
SolarWinds Security Event Manager is ranked 20th in Security Information and Event Management (SIEM) with 24 reviews while Splunk Enterprise Security is ranked 1st in Security Information and Event Management (SIEM) with 240 reviews. SolarWinds Security Event Manager is rated 7.8, while Splunk Enterprise Security is rated 8.4. The top reviewer of SolarWinds Security Event Manager writes "A comprehensive network security with robust technical capabilities, effective threat response, and centralized management". On the other hand, the top reviewer of Splunk Enterprise Security writes "It has a drag-and-drop interface, so you don't need to know SQL or Java to construct a query ". SolarWinds Security Event Manager is most compared with ManageEngine Log360, Wazuh, IBM Security QRadar, Microsoft Defender XDR and LogRhythm SIEM, whereas Splunk Enterprise Security is most compared with Wazuh, Dynatrace, IBM Security QRadar, Elastic Security and Datadog. See our SolarWinds Security Event Manager vs. Splunk Enterprise Security report.
See our list of best Security Information and Event Management (SIEM) vendors.
We monitor all Security Information and Event Management (SIEM) reviews to prevent fraudulent reviews and keep review quality high. We do not post reviews by company employees or direct competitors. We validate each review for authenticity via cross-reference with LinkedIn, and personal follow-up with the reviewer when necessary.