We performed a comparison between Splunk Enterprise Security and Trellix ESM based on real PeerSpot user reviews.
Find out in this report how the two Security Information and Event Management (SIEM) solutions compare in terms of features, pricing, service and support, easy of deployment, and ROI."The product can integrate with any device."
"The most valuable features in my experience are the UEBA, LDAP, the threat scheduler, and integration with third-party straight perform like the MISP."
"Sentinel has an intuitive, user-friendly way to visualize the data properly. It gives me a solid overview of all the logs. We get a more detailed view that I can't get from the other SIEM tools. It has some IP and URL-specific allow listing"
"The UI of Sentinel is very good and easy to use, even for beginners."
"It has a lot of great features."
"The SOAR playbooks are Sentinel's most valuable feature. It gives you a unified toolset for detecting, investigating, and responding to incidents. That's what clearly differentiates Sentinels from its competitors. It's cloud-native, offering end-to-end coverage with more than 120 connectors. All types of data logs can be poured into the system so analysis can happen. That end-to-end visibility gives it the advantage."
"Previously, it was a little bit difficult to find where an incident came from, including which IP address and which country. So in Sentinel, it's very easy to find where the incident came from since we can easily get the information from the dashboard, after which we take action quickly."
"Native integration with Microsoft security products or other Microsoft software is also crucial. For example, we can integrate Sentinel with Office 365 with one click. Other integrations aren't as easy. Sometimes, we have to do it manually."
"The additional vendors we've brought on board, particularly the elastic, have been quite beneficial."
"It has the ability to correlate data, analyze and review it."
"The feature that I have found most valuable with Splunk is the ability to sift through a bunch of data very quickly."
"It's extremely scalable. It's a very robust solution and certainly has the capability of handling far bigger data requirements than a lot of the other tools. Generally what ends up happening with me is that my clients tend, for the most part, to be mid-tier organizations where the cost of that solutions would be accompanying requirements for people just becomes way too prohibitive. Especially considering the model that they use for costing, which is based on the volume of data. Of course, they're going to put everything including the Coke machine as the ability to collect data off of it, because of course the more they can put through the tool the more money they make."
"The most valuable features of the solution are it is straightforward to use and the documentation is good for finding out how to get the data you are looking for."
"The ability to manipulate data in Splunk is unparalleled. Splunk’s powerful, flexible query language can morph difficult to understand log formats into usable data."
"Splunk has facilitated the correlation of information security logs to look for incidents which could cause damage to the company's infrastructure, as well as financial losses from leaks."
"The most valuable features in Splunk are the search function and the ability to run selected session reports. The session reports are important because I can use them to see what is going on in our environment weekly. Additionally, we can use the graph to see how often that particular event is happening."
"It enables us to detect malicious threats, issues, or vulnerabilities in our network."
"It is a good central viewpoint for issues. These can then be investigated in more detail on the subnet server(s)/endpoints."
"The solution is 100% stable. We really have had a great time working with it. It hasn't let us down."
"Compared to other solutions, the user interface is good."
"The product’s most valuable feature is log monitoring."
"It has performed well and delivered the results that I have been looking for."
"I rate the tool's deployment an eight out of ten. The deployment is completed in two days."
"It is easy to use."
"I think the number one area of improvement for Sentinel would be the cost."
"If their UI was a bit more streamlined and easy to find when I need it, then that would be a great improvement."
"They could use some kind of workbook. There is some limitation doing the editing and creating the workbook."
"The troubleshooting has room for improvement."
"Sentinel can be used in two ways. With other tools like QRadar, I don't need to run queries. Using Sentinel requires users to learn KQL to run technical queries and check things. If they don't know KQL, they can't fully utilize the solution."
"When we pass KPIs to the governance department, there's no option to provide rights to the data or dashboard to colleagues. We can use Power BI for this, but it isn't easy or convenient. They should just come up with a way to provide limited role-based access to auditing personnel"
"If I can use Sentinel offline at home and use it on a local network, it would be great. I'm not sure if I can use Sentinel offline versus the tools I have."
"The AI capabilities must be improved."
"There are limitations with Splunk not detecting all user activity, especially on mainframes and network devices."
"Previously, they developed custom connectors or add-ons for a lot of applications. But that number can be upgraded still. There are a lot of applications in the world that are not supported."
"Deployment is not difficult but the lock sources and configurations can take time."
"The product's price may be an area of concern where improvements are required."
"I'd say I am happy with the technical support, not elated. They provide great support, but sometimes they don't have the answers that I need."
"The upgrading process could be smoother."
"If it could be made available as a service, this would be much better than as a product."
"Could be more user friendly."
"There's no software support from McAfee."
"It cannot integrate with our Next-Generation Firewall and few applications such as Cisco ACI."
"It seems McAfee does test its product before releasing. When we - not only us, other companies also - deploy McAfee, we face multiple issues from the customer side, after which, McAfee reacts and fixes the bugs."
"McAfee ESM is not user-friendly and the log is not accurate. For instance, if I were assigned to generate a log for changes made today, I wouldn't be able to see all the modifications. While Palo Alto allows us to see all changes, McAfee ESM only captures one out of every ten changes. It's crucial to have visibility into all changes made."
"We acquired the IBM product because McAfee is slightly confusing to use, and it's broader."
"Product-wise, adding accounts on a single data source by batch would be a really great help."
"Update to user interface from version 9 is cosmetic in some aspects, and after a few clicks you are back on the old interface."
"There should be support for multitenancy in the product."
Splunk Enterprise Security is ranked 1st in Security Information and Event Management (SIEM) with 240 reviews while Trellix ESM is ranked 19th in Security Information and Event Management (SIEM) with 34 reviews. Splunk Enterprise Security is rated 8.4, while Trellix ESM is rated 7.4. The top reviewer of Splunk Enterprise Security writes "It has a drag-and-drop interface, so you don't need to know SQL or Java to construct a query ". On the other hand, the top reviewer of Trellix ESM writes "Provides visibility of all the traffic within the company infrastructure". Splunk Enterprise Security is most compared with Wazuh, Dynatrace, IBM Security QRadar, Elastic Security and Datadog, whereas Trellix ESM is most compared with ArcSight Enterprise Security Manager (ESM), IBM Security QRadar, LogRhythm SIEM, Trellix Helix and Cybereason Endpoint Detection & Response. See our Splunk Enterprise Security vs. Trellix ESM report.
See our list of best Security Information and Event Management (SIEM) vendors.
We monitor all Security Information and Event Management (SIEM) reviews to prevent fraudulent reviews and keep review quality high. We do not post reviews by company employees or direct competitors. We validate each review for authenticity via cross-reference with LinkedIn, and personal follow-up with the reviewer when necessary.