We performed a comparison between Security Onion and Splunk Enterprise Security based on real PeerSpot user reviews.
Find out in this report how the two Log Management solutions compare in terms of features, pricing, service and support, easy of deployment, and ROI."The most valuable feature of Security Onion for security monitoring is its ability to find infected ports."
"We use Security Onion for internal vulnerability assessment."
"Security Onion is the most mature solution in the market."
"The log aggregation is great."
"What is nice about the solution is that it makes it easy to build the queries, search for the events and then do analysis."
"We primarily use it to correlate logs throughout the enterprise for both searching and use in investigations."
"We have a one stop dashboard for health of some of our services where you can click in and it takes you to other dashboards that have custom near real-time metrics that show the application's health."
"One of the most valuable features is threat hunting. We can do threat hunting and identify if there is any malicious activity happening within our environment, which is a key feature for us."
"It allows for transparency into IT metrics for insightful business analytics."
"The solution's most valuable features are the granularity and analysis of the logs."
"Three features stand out for me: the SDK for writing Python, the customizable and adaptable diagnostic dashboard, and the optimizer for collecting data."
"The initial setup of the solution is a little bit difficult."
"The product is not easy to learn."
"Security Onion's user interface could be improved."
"The GUI can be improved to include some of the capabilities that other BI solutions have."
"It would be great if I could have a certain dialogue box in Splunk that uses innovative AI tools like ChatGPT, which are available now in the tech department."
"The access and identity features could be improved. For example, let's say we have onboarded 65 logs. Now, we can identify the various processes, but we run into trouble when we're updating the processes for AWS CloudTrail, EDR, MDR, and XDR."
"There are a lot of competitive products that are doing better than what Splunk is doing on the analytics side."
"We usually have to follow up with technical support on our open cases."
"I would like to get visibility into the data pipelines on heavy forwarders and indexers to see exactly their source and the cause of saturation when it occurs. This would help us learn even more about our high use applications."
"The Enterprise Security app could be improved. We have had trouble with it working from the first day."
"They should make data onboarding easier."
Security Onion is ranked 30th in Log Management with 3 reviews while Splunk Enterprise Security is ranked 1st in Log Management with 251 reviews. Security Onion is rated 7.6, while Splunk Enterprise Security is rated 8.4. The top reviewer of Security Onion writes "A mature and affordable solution that is easy to install and easy to update". On the other hand, the top reviewer of Splunk Enterprise Security writes "It has a drag-and-drop interface, so you don't need to know SQL or Java to construct a query ". Security Onion is most compared with Wazuh, Elastic Stack, TheHive, Graylog and Kali Linux, whereas Splunk Enterprise Security is most compared with Wazuh, IBM Security QRadar, Dynatrace, Elastic Security and Microsoft Sentinel. See our Security Onion vs. Splunk Enterprise Security report.
See our list of best Log Management vendors.
We monitor all Log Management reviews to prevent fraudulent reviews and keep review quality high. We do not post reviews by company employees or direct competitors. We validate each review for authenticity via cross-reference with LinkedIn, and personal follow-up with the reviewer when necessary.