We compared Splunk Enterprise Security and Microsoft Sentinel based on our users' reviews using several parameters.
Splunk Enterprise Security is praised for its threat intelligence, analytics, and user-friendly interface. Users mention improvements needed in user-friendliness, search query language, and performance. Pricing is considered high but justified by the value. Microsoft Sentinel is affordable and has a simpler setup process. Users appreciate the advanced threat visibility, integration with other Microsoft products, and machine learning capabilities. Improvement suggestions include a more intuitive interface, better customization options, and enhanced integration with third-party tools. Users find both products valuable with positive impacts on their organization.
Features: Splunk Enterprise Security stands out for its customizable analytics and real-time monitoring, while Microsoft Sentinel excels in advanced threat visibility and machine learning integration. Splunk focuses on scalability and customization, whereas Sentinel emphasizes centralizing alerts and actionable insights.
Pricing and ROI: Splunk Enterprise Security tends to have higher pricing and high setup costs initially, but users find the value and benefits worth the investment. Microsoft Sentinel is noted for its reasonable pricing, minimal setup costs, and flexible licensing options. Splunk Enterprise Security offers improved operational efficiency, threat detection, and incident response, while Microsoft Sentinel provides enhanced security, reduced incident response time, and seamless integration.
Room for Improvement: Splunk Enterprise Security users seek a more user-friendly interface and simplified search query language. They desire enhanced alerting and reporting features to improve performance. Microsoft Sentinel users want a more intuitive platform, better customization options, enhanced integration capabilities, and improved reporting and documentation.
Deployment and customer support: While Splunk Enterprise Security had varying implementation durations, users found Microsoft Sentinel quicker to deploy. However, some noted that Sentinel's setup was more complex compared to Splunk's faster implementation and simpler setup process. Splunk Enterprise Security stands out for its prompt response times and knowledgeable staff, enhancing the overall user experience. Microsoft Sentinel impresses with quick issue resolution and effective, helpful support, leading to positive user experiences.
The summary above is based on 201 interviews we conducted recently with Splunk Enterprise Security and Microsoft Sentinel users. To access the review's full transcripts, download our report.
"The machine learning and artificial intelligence on offer are great."
"It's easy to use. It's a very good product. It can easily ingest data from anywhere. It has an easily understandable language to perform actions."
"Another area where it is helping us is in creating a single dashboard for our environment. We can collect all the logs into a log analytics workset and run queries on top of it. We get all the results in the dashboard. Even a layman can understand this stuff. The way Microsoft presents it is really incredible."
"It has basic out-of-the-box integrations with multiple log sources."
"The product can integrate with any device."
"You can fine-tune the SOAR and you'll be charged only when your playbooks are triggered. That is the beauty of the solution because the SOAR is the costliest component in the market today... but with Sentinel it is upside-down: the SOAR is the lowest-hanging fruit. It's the least costly and it delivers more value to the customer."
"There are some very powerful features to Sentinel, such as the integration of various connectors. We have a lot of departments that use both IaaS and SaaS services, including M365 as well as Azure services. The ability to leverage connectors into these environments allows for large-scale data injection."
"Log aggregation and data connectors are the most valuable features."
"Easy to deploy and simple to use."
"The product has a good security posture."
"I like the search feature and the indexing. It's very fast and comprehensive."
"The most valuable feature is the custom dashboard feature."
"Out-of-the-box, it seems very powerful."
"It is very scalable."
"Splunk's schema on demand is incredibly useful. I do not have to worry about what my users will need when we onboard their data."
"With good domain knowledge, one can build almost anything. If you throw in Alert Manager or an integration with ServiceNow. Then, you have your own SIEM"
"Microsoft Sentinel is relatively expensive, and its cost should be improved."
"Sentinel could improve its ticketing and management. A few customers I have worked with liked to take the data created in Sentinel. You can make some basic efforts around that, but the customers wanted to push it to a third-party system so they could set up a proper ticketing management system, like ServiceNow, Jira, etc."
"The on-prem log sources still require a lot of development."
"While I appreciate the UI itself and the vast amount of information available on the platform, I'm finding the overall user experience to be frustrating due to frequent disconnections and the requirement to repeatedly re-authenticate."
"Microsoft Defender has a built-in threat expert option that enables you to contact an expert. That feature isn't available in Sentinel because it's a huge product that integrates all the technologies. I would like Microsoft to add the threat expert option so we can contact them. There are a few other features, like threat assessment that the PG team is working on. I expect them to release this feature in the next quarter."
"In terms of features I would like to see in future releases, I'm interested in a few more use cases around automation. I do believe a lot of automation is available, and more is in progress, but that would be my area of interest."
"I would like to see more AI used in processes."
"They're giving us the queries so we can plug them right into Sentinel. They need to have a streamlined process for updating them in the tool and knowing when things are updated and knowing when there are new detections available from Microsoft."
"The Web Application Firewall will send you too much information because it's more dedicated to security than a normal firewall."
"Sometimes, there is latency in the logs."
"The solution could improve by making it more business analysis oriented. The way it is now is designed more for developers."
"I feel as though a major focus of upcoming releases should be set on Machine Learning, Predictive Analytics, and I would enjoy to see more security focused add-ons and apps developed by the vendor."
"My company could benefit from doing more Splunk training with Splunk consultants teaching us how to use it."
"Splunk can improve its third-party device application plugins."
"The solution could improve by giving more email details."
"There is a definite learning curve to starting out."
Microsoft Sentinel is ranked 2nd in Security Information and Event Management (SIEM) with 85 reviews while Splunk Enterprise Security is ranked 1st in Security Information and Event Management (SIEM) with 230 reviews. Microsoft Sentinel is rated 8.2, while Splunk Enterprise Security is rated 8.4. The top reviewer of Microsoft Sentinel writes "Gives a comprehensive and holistic view of the ecosystem and improves visibility and the ability to respond". On the other hand, the top reviewer of Splunk Enterprise Security writes "It has a drag-and-drop interface, so you don't need to know SQL or Java to construct a query ". Microsoft Sentinel is most compared with AWS Security Hub, IBM Security QRadar, Microsoft Defender for Cloud, Elastic Security and Wazuh, whereas Splunk Enterprise Security is most compared with Wazuh, Dynatrace, IBM Security QRadar, Elastic Security and Datadog. See our Microsoft Sentinel vs. Splunk Enterprise Security report.
See our list of best Security Information and Event Management (SIEM) vendors.
We monitor all Security Information and Event Management (SIEM) reviews to prevent fraudulent reviews and keep review quality high. We do not post reviews by company employees or direct competitors. We validate each review for authenticity via cross-reference with LinkedIn, and personal follow-up with the reviewer when necessary.