2021-08-30T13:01:00Z

What is a better choice, Splunk or Azure Sentinel?

NC
  • 0
  • 181
PeerSpot user
1

1 Answer

Real User
2021-09-01T19:24:21Z
Sep 1, 2021

It would really depend on (1) which logs you need to ingest and (2) what are your use cases


Splunk is easy for ingestion of anything, but the charge per GB/Day Indexed and it gets expensive as log volume increases. Splunk is good for operations style use cases (NOC), but requires ESS and isn't as easy to use or get data out of for SOC style use cases.


Sentinel is good for endpoint Windows Defender Advanced Edition (extra cost, not the free version), analysis and malware findings, and when the data sources are all Windows events (O365/OneDrive/Email/ADFS), but costs go up substantially if the log sources aren't Microsoft events, and support for non-MSFT log sources is limited.


Neither offers real UEBA capabilities IMO.


Splunk has the add-on (entirely different architecture and systems), for the Caspida UEBA.


MSFT will tout UEBA on Sentinel, but it's endpoint related (not network) and I've yet to see use cases on non-MSFT application data events.

Find out what your peers are saying about Microsoft Sentinel vs. Splunk Enterprise Security and other solutions. Updated: March 2024.
765,234 professionals have used our research since 2012.
Product comparison that may be of interest to you
Microsoft Sentinel vs. Splunk Enterprise Security comparison
We performed a comparison between Microsoft Sentinel and Splunk based on our users’ reviews in five categories. After reading all of the collected data, you can find our conclusion below. Ease of Deployment: Most Microsoft Sentinel users say the initial setup is straightforward. While many Splunk users say the initial setup is straightforward, several users disagree and say it is complex. Features: Users of both products are happy with their stability and scalability. Microsoft Sentinel...
Download Microsoft Sentinel vs. Splunk Enterprise Security comparison ReportRead more

Related Q&As