We performed a comparison between Snare and Splunk Enterprise Security based on real PeerSpot user reviews.
Find out in this report how the two Log Management solutions compare in terms of features, pricing, service and support, easy of deployment, and ROI."We didn't have anything similar. So, it really provides value from the incidents and automation point of view. The overview of the security fabric is most valuable."
"Sentinel also enables you to ingest data from your entire ecosystem and not just from the Microsoft ecosystem. It can receive data from third-party vendors' products such firewalls, network devices, and antivirus solutions. It's not only a Microsoft solution, it's for everything."
"Previously, it was a little bit difficult to find where an incident came from, including which IP address and which country. So in Sentinel, it's very easy to find where the incident came from since we can easily get the information from the dashboard, after which we take action quickly."
"The data connectors that Microsoft Sentinel provides are easy to integrate when we work with a Microsoft agent."
"Its inbuilt Kusto Query Language is a valuable feature. It provides the flexibility needed to leverage advanced data analytics rules and policies and enables us to easily navigate all our security events in a single view. It helps any user easily understand the data or any security lags in their data and applications."
"The native integration of the Microsoft security solution has been essential because it helps reduce some false positives, especially with some of the impossible travel rules that may be configured in Microsoft 365. For some organizations, that might be benign because they're using VPNs, etc."
"The best feature is that onboarding to the SIM solution is quite easy. If you are using cloud-based solutions, it's just a few clicks to migrate it."
"The log analysis is excellent; it can predict what can or will happen regarding use patterns and vulnerabilities."
"The most valuable feature of Snare is flexibility or the ability to filter all things you don't want and don't have security value."
"Snare has good agents, especially for Windows."
"The best thing about Snare is its format and consistency."
"The correlation searches (properly configured) populate the Incident Management dashboard and provide me a quick birds-eye view of my most important concerns."
"The initial setup is pretty straightforward."
"Splunk is extremely flexible, which allows us to create custom visualizations along with other customizations."
"The most valuable feature of Splunk is the management and built-in workflows."
"The initial setup is really straightforward. It's one of the easiest installations."
"The Splunk user community and forum are most valuable."
"The most valuable feature is the incident dashboard, and the extensive use of correlation searches, which isn't available with a standard Splunk search package. This feature is important to me because it enables SOC analysts to do their job more efficiently and be able to investigate or mediate incidents at a faster pace."
"Aggregation searches have reduced time and difficulty of identifying trends and conditions which need to reviewed."
"They only classify alerts into three categories: high, medium, and low. So, from the user's point of view, having another critical category would be awesome."
"They need to work with other security vendors. For example, we replaced our email gateway with Symantec, but we couldn't collect these logs with Azure Sentinel. Instead of collecting these logs with Azure Sentinel, we are collecting them on Qradar. We couldn't do it with Sentinel, which is a problem for us."
"The KQL query does not function effectively with Windows 11 machines, and in the majority of machine-based investigations, KQL queries are essential for organizing the data during investigations."
"If Azure Sentinel had the ability to ingest Azure services from different tenants into another tenant that was hosting Azure Sentinel, and not lose any metadata, that would be a huge benefit to a lot of companies."
"I would like to see more AI used in processes."
"They should just add more and more out-of-the-box connectors. It is quite a new product, and it has a lot of connectors, and even more would be good."
"The data connectors for third-party tools could be improved, as some aren't available in Sentinel. They need to be available in the data connector panel."
"The troubleshooting has room for improvement."
"Users will initially find it difficult to identify the event types and installation in Snare."
"Snare should modernize its GUI a little bit."
"The solution is now developing a SIEM-like feature on Snare Central Server, but it's not complete yet."
"I feel as though a major focus of upcoming releases should be set on Machine Learning, Predictive Analytics, and I would enjoy to see more security focused add-ons and apps developed by the vendor."
"Splunk can improve its third-party device application plugins."
"The GUI can be improved. Splunk has always suffered from having a kind of goofy UI, it needs some updating."
"I haven't found a way for me to create my own plugins and integrate them into Splunk, but this isn't necessarily a limitation; it could simply be a lack of knowledge on my part."
"The ingestion happens quickly, so you can run up the data costs if you use the default settings. It isn't a problem for government agencies in the Saudi market, but many of the corporations in India are small or medium-sized enterprises that cannot afford that kind of ingestion system."
"There is a definite learning curve to starting out."
"While there aren't any major areas where the solution has to be improved, there are certain integrations that are still not available. I would specifically like to see legacy applications integrated."
"There are new services which are coming up. If Splunk can catch up with the speed of Amazon, and with the integration, instead of us waiting for another year or so, that would be good."
Snare is ranked 41st in Log Management with 3 reviews while Splunk Enterprise Security is ranked 1st in Log Management with 230 reviews. Snare is rated 8.0, while Splunk Enterprise Security is rated 8.4. The top reviewer of Snare writes "A highly scalable solution that is easy to manage and super easy to set up". On the other hand, the top reviewer of Splunk Enterprise Security writes "It has a drag-and-drop interface, so you don't need to know SQL or Java to construct a query ". Snare is most compared with syslog-ng, SolarWinds Kiwi Syslog Server, LogRhythm SIEM, ArcSight Enterprise Security Manager (ESM) and Elastic Security, whereas Splunk Enterprise Security is most compared with Wazuh, Dynatrace, IBM Security QRadar, Elastic Security and Datadog. See our Snare vs. Splunk Enterprise Security report.
See our list of best Log Management vendors and best Security Information and Event Management (SIEM) vendors.
We monitor all Log Management reviews to prevent fraudulent reviews and keep review quality high. We do not post reviews by company employees or direct competitors. We validate each review for authenticity via cross-reference with LinkedIn, and personal follow-up with the reviewer when necessary.