We performed a comparison between Splunk Enterprise Security and Trellix Helix based on real PeerSpot user reviews.
Find out in this report how the two Security Information and Event Management (SIEM) solutions compare in terms of features, pricing, service and support, easy of deployment, and ROI."The log query feature has been the most valuable because it's very good. You can put your data on the cloud and run queues from Sentinel. It will do it all very fast. I love that I don't have to upload it to an Excel file and then manually look for a piece of information. Sentinel is much faster and is good for big databases."
"The dashboard that allows me to view all the incidents is the most valuable feature."
"Microsoft Sentinel comes preloaded with templates for teaching and analytics rules."
"It has a lot of great features."
"The analytic rule is the most valuable feature."
"The most valuable features in my experience are the UEBA, LDAP, the threat scheduler, and integration with third-party straight perform like the MISP."
"The log analysis is excellent; it can predict what can or will happen regarding use patterns and vulnerabilities."
"Sentinel is a Microsoft product, so they provide very robust use cases and analytic groups, which are very beneficial for the security team. I also like the ability to integrate data sources into the software for on-premise and cloud-based solutions."
"Splunk can extract all kinds of data. There's no limitation on what kind of structured and unstructured data one needs to extract — it can access any kind of data, including machine-generated data."
"It is a one stop shop as a full monitoring and alerting solution for operations and application analysis for most of our back-end systems."
"It has a drag-and-drop interface, so you don't need to know SQL or Java to construct a query on Splunk. The resolution time is about the same, but it took longer to discover the issue with ArcSight. Our previous solution took about an hour or more, but Splunk can do it within a few minutes or an hour at most."
"Splunk Enterprise Security helped us with faster detection of threats."
"Visualizations are the best way to understand deviation techniques from the norm."
"We are using Microsoft 365 and we're using the Exchange Mail Service. It's good for monitoring that in particular."
"The correlation searches are most valuable just because we are able to do things like RBA."
"The alerts are very effective."
"The integration is very useful and very easy. You can have an API connection with any cloud and I'll be able to do both ways of communication with the help of APA."
"Trellix Helix helps prevent email attacks, like phishing and email spoofing attacks."
"It is kind of simple and very easily deployable. You can start working with it very fast."
"I like that it's easy. It's got the protection set up, and we can see whatever is required. We write our own rules and the rules that we can input. I think it is good."
"The product offers very strong automation. Our cyber security analysts don't have to correlate the information to detect problems. They only need to analyze problems that have been identified by the platform."
"FireEye Helix's best features are its speed and use of an easy-to-understand language to send queries to the raw logs."
"The most valuable features include predefined use cases and threatening states."
"When it comes to ingesting Azure native log sources, some of the log sources are specific to the subscription, and it is not always very clear."
"We have been working with multiple customers, and every time we onboard a customer, we are missing an essential feature that surprisingly doesn't exist in Sentinel. We searched the forums and knowledge bases but couldn't find a solution. When you onboard new customers, you need to enable the data connectors. That part is easy, but you must create rules from scratch for every associated connector. You click "next," "next," "next," and it requires five clicks for each analytical rule. Imagine we have a customer with 150 rules."
"The playbook is a bit difficult and could be improved."
"Multi-tenancy, in my opinion, needs to be improved. I believe it can do better as a managed service provider."
"The product can be improved by reducing the cost to use AI machine learning."
"While I appreciate the UI itself and the vast amount of information available on the platform, I'm finding the overall user experience to be frustrating due to frequent disconnections and the requirement to repeatedly re-authenticate."
"Currently, the watchlist feature is being utilized, and although there have been improvements, it is still not fully optimized."
"Everyone has their favorites. There is always room for improvement, and everybody will say, "I wish you could do this for me or that for me." It is a personal thing based on how you use the tool. I do not necessarily have those thoughts, and they are probably not really valuable because they are unique to the context of the user, but broadly, where it can continue to improve is by adding more connectors to more systems."
"There are limitations with Splunk not detecting all user activity, especially on mainframes and network devices."
"They should make data onboarding easier."
"I think the tech support response time could be a bit better. Sometimes I need to wait more than 24 hours for a response to my tickets."
"The price has room for improvement."
"Free-floating panels in the dashboards are like a glass table."
"Professional support is great, but too expensive."
"This is not really a monitoring solution."
"The solution has a high learning curve for users. It's a little complicated when you're trying to figure out all the features and what they do."
"FireEye Helix would be improved with the option of an on-prem version, which they don't currently offer."
"Trellix Helix's configuration and learning could be improved to identify normal traffic from abnormal and to identify trusted domains."
"Sometimes the rules are disabled by FireEye, and we basically get it after the patch. I think there needs to be a better way of creating the application rules. I would like to see better pricing for our licensing."
"The graphical user interface could be improved. It's not easy to handle and it's not easy for a customer or end-user to learn how to manage the solution."
"It should have more cloud connectors. It could also be cheaper."
"We have certain challenges with integrating the SOAR platform with multiple vendors."
"Integrations could be improved, and the dashboard could be a little better."
Splunk Enterprise Security is ranked 1st in Security Information and Event Management (SIEM) with 240 reviews while Trellix Helix is ranked 31st in Security Information and Event Management (SIEM) with 7 reviews. Splunk Enterprise Security is rated 8.4, while Trellix Helix is rated 8.6. The top reviewer of Splunk Enterprise Security writes "It has a drag-and-drop interface, so you don't need to know SQL or Java to construct a query ". On the other hand, the top reviewer of Trellix Helix writes "Helps prevent email attacks, like phishing and email spoofing attacks". Splunk Enterprise Security is most compared with Wazuh, Dynatrace, IBM Security QRadar, Elastic Security and Datadog, whereas Trellix Helix is most compared with LogRhythm SIEM, Trellix ESM, IBM Security QRadar, USM Anywhere and Palo Alto Networks Cortex XSOAR. See our Splunk Enterprise Security vs. Trellix Helix report.
See our list of best Security Information and Event Management (SIEM) vendors.
We monitor all Security Information and Event Management (SIEM) reviews to prevent fraudulent reviews and keep review quality high. We do not post reviews by company employees or direct competitors. We validate each review for authenticity via cross-reference with LinkedIn, and personal follow-up with the reviewer when necessary.