We performed a comparison between Snare and Splunk Enterprise Security based on real PeerSpot user reviews.
Find out in this report how the two Log Management solutions compare in terms of features, pricing, service and support, easy of deployment, and ROI."Log aggregation and data connectors are the most valuable features."
"The UI of Sentinel is very good and easy to use, even for beginners."
"The SOAR playbooks are Sentinel's most valuable feature. It gives you a unified toolset for detecting, investigating, and responding to incidents. That's what clearly differentiates Sentinels from its competitors. It's cloud-native, offering end-to-end coverage with more than 120 connectors. All types of data logs can be poured into the system so analysis can happen. That end-to-end visibility gives it the advantage."
"The connectivity and analytics are great."
"The analytics has a lot of advantages because there are 300 default use cases for rules and we can modify them per our environment. We can create other rules as well. Analytics is a useful feature."
"The most valuable feature is the onboarding of the workloads. You can see all that has been onboarded in your account on the dashboards."
"The features that stand out are the detection engine and its integration with multiple data sources."
"Sentinel improved how we investigate incidents. We can create watchlists and update them to align with the latest threat intelligence. The information Microsoft provides enables us to understand thoroughly and improve as we go along. It allows us to provide monthly reports to our clients on their security posture."
"The best thing about Snare is its format and consistency."
"Snare has good agents, especially for Windows."
"The most valuable feature of Snare is flexibility or the ability to filter all things you don't want and don't have security value."
"The solution has proven to be quite stable."
"Its compatibility with other SIEMS is very useful."
"The flexibility of the search capability is most valuable. You can use it for more than just a basic log aggregator. It is powerful in that regard."
"Its usability is the best part. It is easy for our developers to use if they want to search their logs, etc."
"We can easily configure things as required in relation to our use cases."
"Splunk setup is easy and straightforward. "
"There are quite a lot of things that we find useful. Splunk agents are useful and good. Its UI is quite impressive."
"Recently, Splunk upgraded to version 9.0.02, which includes excellent data dashboards and visualization effects."
"If Azure Sentinel had the ability to ingest Azure services from different tenants into another tenant that was hosting Azure Sentinel, and not lose any metadata, that would be a huge benefit to a lot of companies."
"In terms of features I would like to see in future releases, I'm interested in a few more use cases around automation. I do believe a lot of automation is available, and more is in progress, but that would be my area of interest."
"Sentinel could improve its ticketing and management. A few customers I have worked with liked to take the data created in Sentinel. You can make some basic efforts around that, but the customers wanted to push it to a third-party system so they could set up a proper ticketing management system, like ServiceNow, Jira, etc."
"The performance could be improved. If I create 15 to 20 lines for a single-use case in KQL, sometimes it takes more time to execute. If I create use cases within a certain timeline, the result will show in .01 seconds. A complex query takes more time to get results."
"Sentinel still has some anomalies. For example, sometimes when we write a query for log analysis with KQL, it doesn't give us the data in a proper way... Also, the fields or columns could be improved. Sometimes, it is not giving the desired results and there is a blank field."
"Azure Sentinel will be directly competing with tools such as Splunk or Qradar. These are very established kinds of a product that have been around for the last seven, eight years or more."
"The solution could be more user-friendly; some query languages are required to operate it."
"The solution should allow for a streamlined CI/CD procedure."
"The solution is now developing a SIEM-like feature on Snare Central Server, but it's not complete yet."
"Users will initially find it difficult to identify the event types and installation in Snare."
"Snare should modernize its GUI a little bit."
"More control with Splunk Cloud as it seems a bit limited. I used to manage an on-premise instance of Splunk Enterprise and really liked having more control over it."
"This solution could be improved by better pricing in general and by easier installation."
"The training was mostly sales-focused, like how to monitor your sales. It was hard to then come back from doing the training and try to switch it to a cybersecurity focus because all the training we did was sales oriented. The basic training didn't really touch on any kind of cybersecurity use cases or anything like that. That would have been great to see in the training."
"Adding custom visualization in Splunk has been improved over the years but can still be made better by integrating more and more JavaScript visualization sources."
"I think the machine learning should be emphasized. Now, it's really important to analyze Big Data, data mining. A SIEM solution, like Splunk, needs an improved data mining solution, artificial intelligence."
"Its interface could be improved."
"Deployment is not difficult but the lock sources and configurations can take time."
"I'd like to see more integration with more antivirus systems."
Snare is ranked 41st in Log Management with 3 reviews while Splunk Enterprise Security is ranked 1st in Log Management with 240 reviews. Snare is rated 8.0, while Splunk Enterprise Security is rated 8.4. The top reviewer of Snare writes "A highly scalable solution that is easy to manage and super easy to set up". On the other hand, the top reviewer of Splunk Enterprise Security writes "It has a drag-and-drop interface, so you don't need to know SQL or Java to construct a query ". Snare is most compared with syslog-ng, SolarWinds Kiwi Syslog Server, LogRhythm SIEM, ArcSight Enterprise Security Manager (ESM) and Elastic Security, whereas Splunk Enterprise Security is most compared with Wazuh, Dynatrace, IBM Security QRadar, Elastic Security and Datadog. See our Snare vs. Splunk Enterprise Security report.
See our list of best Log Management vendors and best Security Information and Event Management (SIEM) vendors.
We monitor all Log Management reviews to prevent fraudulent reviews and keep review quality high. We do not post reviews by company employees or direct competitors. We validate each review for authenticity via cross-reference with LinkedIn, and personal follow-up with the reviewer when necessary.