We performed a comparison between Splunk Enterprise Security and Tableau based on real PeerSpot user reviews.
Find out what your peers are saying about Splunk, Microsoft, Wazuh and others in Security Information and Event Management (SIEM)."Investigations are something really remarkable. We can drill down right to the raw logs by running different queries and getting those on the console itself."
"Its inbuilt Kusto Query Language is a valuable feature. It provides the flexibility needed to leverage advanced data analytics rules and policies and enables us to easily navigate all our security events in a single view. It helps any user easily understand the data or any security lags in their data and applications."
"The log query feature has been the most valuable because it's very good. You can put your data on the cloud and run queues from Sentinel. It will do it all very fast. I love that I don't have to upload it to an Excel file and then manually look for a piece of information. Sentinel is much faster and is good for big databases."
"There are a lot of things you can explore as a user. You can even go and actively hunt for threats. You can go on the offensive rather than on the defensive."
"We have no complaints about the features or functionality."
"The in-built SOAR of Sentinel is valuable. Kusto Query Language is also valuable for the ease of writing queries and ease of getting insights from the logs. Schedule-based queries within Sentinel are also valuable. I found these three features most useful for my projects."
"Native integration with Microsoft security products or other Microsoft software is also crucial. For example, we can integrate Sentinel with Office 365 with one click. Other integrations aren't as easy. Sometimes, we have to do it manually."
"The dashboard that allows me to view all the incidents is the most valuable feature."
"The scalability of the solution is amazing because it can collect a lot of data and you can have your own structure to monitor this data."
"Recently, Splunk upgraded to version 9.0.02, which includes excellent data dashboards and visualization effects."
"The varied prebuilt feature is the most valuable because it ensures that we have complete coverage over all of the key questions."
"It has a big user base, so the community is useful."
"Splunk has significantly reduced the time in performing the task of aggregating logs, reviewing as well as time spent during investigations."
"The UI of Splunk makes it easier for our analysts to move around and see what they need to see."
"One key advantage of Splunk over competitors like IBM QRadar is its superior device integration capabilities."
"Its usability is the best part. It is easy for our developers to use if they want to search their logs, etc."
"The ease of presenting findings is very helpful."
"It’s good for quick visualization and being able to quickly consume unstructured data to play around with."
"The ability of filtering and segmentation of the data makes it very flexible compared to other tools."
"It is definitely easy to use. It is intuitive, and more or less, everything can be done from the front end. As such, there is no concept of metadata. You can just take data from a database and start building your own stuff, such as OLAP data warehouse. You don't need extensive metadata modeling like Oracle BI."
"The solution helps users create dashboards and analyze data without relying on IT or product teams."
"The best use case for us is the solution's integration with Salesforce because we are also partners of Salesforce."
"All features are valuable. It is very user-friendly, and it is mostly drag-and-drop. If we have the dataset available, then we can develop any dashboard very quickly."
"Show Me is a feature to help with knowing which chart is an appropriate one for the selected variables, and it makes helps in creating appropriate visuals."
"If you're looking to use canned queries, the interface could be a little more straightforward. It's not immediately intuitive regarding how you use it. You have to take a canned query and paste it into an operational box and then you hit a button... They could improve the ease of deploying these queries."
"Some of the data connectors are outdated, at least the ones that utilize Linux machines for log forwarding. I believe that Microsoft is already working on improving this."
"It has been a challenge with Azure Sentinel to onboard the Syslog server from FortiGate. Azure Sentinel can work better on that shift between the Syslog server and a firewall."
"They need to work with other security vendors. For example, we replaced our email gateway with Symantec, but we couldn't collect these logs with Azure Sentinel. Instead of collecting these logs with Azure Sentinel, we are collecting them on Qradar. We couldn't do it with Sentinel, which is a problem for us."
"I can't think of anything other than just getting the name out there. I think a lot of customers don't fully understand the full capabilities of Azure Sentinel yet. It is kind of like when they're first starting to use Azure, it might not be something they first think about. So, they should just kind of get to the point where it is more widely used."
"We're satisfied with the comprehensiveness of the security protection. That said, we do have issues sometimes where there have been global outages and we need to raise a ticket with Microsoft."
"The dashboards can be improved. Creating dashboards is very easy, but the visualizations are not as good as Microsoft Power BI. People who are using Microsoft Power BI do not like Sentinel's dashboards."
"Sentinel provides decent visibility, but it's sometimes a little cumbersome to get to the information I want because there is so much information. I would also like to see more seamless integration between Sentinel and third-party security products."
"The solution should also have more advanced capabilities in comparison with QRadar, which offers Watson."
"I'd like to see more integration with more antivirus systems."
"When you get into large amounts of data, Splunk can get pretty slow. This is the same on-premise or AWS, it doesn't matter. The way that they handle large data sets could be improved."
"When we do a rollout from the server or host or anything, we'd like to see more automation. It would save us time."
"It could be more user friendly, in terms of the end-user experience."
"One issue is that we are getting a lot of false positives. We are trying to reduce them by customizing the default rules, changing thresholds, and using white-listing and black-listing. It's getting better and better as a result. But they need to build components that would reduce the false positives."
"Search head clustering is often temperamental in its current state and should be improved, replaced by something better, or be reverted to search head pooling."
"Its setup is a little bit complex for a distributed environment. Their support can also be better. If we miss the response for more than a week, they usually close the case. Sometimes, it can take us more than a week to reply."
"When it comes to visualizations, Tableau has a limitation as compared to Power BI. It has a limited set of visualizations. Power BI has the entire marketplace, so you can connect and import many visualizations and use them, whereas Tableau has only 10 or 15 visualizations. There should be more visualizations, and there should also be data integration with more cloud providers."
"Tableau could be improved by introducing a data manipulation layer within the tool itself. Currently, data manipulations require using additional tools like Alteryx. If Tableau included these capabilities, it would reduce the need for external dependencies. The tool gets slower when we feed huge amounts of data."
"If you wanted to create something without making it an extra column in the data set, you can't just rename it to a more user-friendly short name."
"I don't have the ability in Tableau to create a tooltip and see the picture of a piece of jewelry or watch that is a best seller."
"I would like to be able to set the parameters in a more specific manner."
"In the next release, I would like to be able to have the option to see more raw data that I'm converting on the dashboard."
"Formatting controls could use some improvement."
"Areas for improvement would be visualization and augmented analytics. In the next release, I would like to see automated insights from the data added to the dashboard."
Splunk Enterprise Security is ranked 1st in Security Information and Event Management (SIEM) with 240 reviews while Tableau is ranked 2nd in BI (Business Intelligence) Tools with 293 reviews. Splunk Enterprise Security is rated 8.4, while Tableau is rated 8.4. The top reviewer of Splunk Enterprise Security writes "It has a drag-and-drop interface, so you don't need to know SQL or Java to construct a query ". On the other hand, the top reviewer of Tableau writes "Provides fast data access with in-memory extracts, makes it easy to create visualizations, and saves time". Splunk Enterprise Security is most compared with Wazuh, Dynatrace, IBM Security QRadar, Elastic Security and Datadog, whereas Tableau is most compared with Microsoft Power BI, Amazon QuickSight, Domo, SAS Visual Analytics and Databricks.
We monitor all Security Information and Event Management (SIEM) reviews to prevent fraudulent reviews and keep review quality high. We do not post reviews by company employees or direct competitors. We validate each review for authenticity via cross-reference with LinkedIn, and personal follow-up with the reviewer when necessary.