We performed a comparison between AlienVault OSSIM and Splunk Enterprise Security based on real PeerSpot user reviews.
Find out in this report how the two Security Information and Event Management (SIEM) solutions compare in terms of features, pricing, service and support, easy of deployment, and ROI."Microsoft Sentinel enables you to ingest data from the entire ecosystem and that connection of data helps you to monitor critical resources and to know what's happening in the environment."
"I like the ability to run custom KQL queries. I don't know if that feature is specific to Sentinel. As far as I know, they are using technology built into Azure's Log Analytics app. Sentinel integrates with that, and we use this functionality heavily."
"We’ve got process improvement that's happened across multiple different fronts within the organization, within our IT organization based on this tool being in place."
"We have no complaints about the features or functionality."
"Sentinel is a SIEM and SOAR tool, so its automation is the best feature; we can reduce human interaction, freeing up our human resources."
"The automation rules and playbooks are the most useful that I've seen. A number of other places segregate the automation and playbook as separate tools, whereas Microsoft is a SIEM and SOAR tool in one."
"I believe one of the main advantages is Microsoft Sentinel's seamless integration with other Microsoft products."
"The scalability is great. You can put unlimited logs in, as long as you can pay for it. There are commitment tiers, up to six terabytes per day, which is nowhere close to what any one of our customers is running."
"The threat alerts it gives me from time to time on harmful code within the network, or if they are generating any network traffic, are very useful."
"The paid version of the solution has reporting and better scalability options."
"The product is easy to use."
"The most valuable features of AlienVault OSSIM are vulnerability assessment, network intrusion detection system, response to critical events, and awareness of the whole network."
"With AlienVault you get everything in one box."
"The most valuable features of AlienVault OSSIM are case management, ease of configuration, and investigation."
"The solution is very stable. Compared to Qradar and Splunk, it's very stable."
"AlienVault OSSIM is an enterprise solution that sells easily. It is rated highly by organizations."
"Splunk Enterprise Security is able to process a huge amount of data without any issues."
"Splunk Enterprise Security helped us with faster detection of threats."
"It has a rapid response search environment in the event of an incident."
"Support is quick and competent."
"The indexing and data collection are valuable."
"If I need to integrate devices for logs, it is easier with Splunk. We can integrate different applications, network devices, and databases. It is also very rich in documents. It is the best."
"Splunk has facilitated the correlation of information security logs to look for incidents which could cause damage to the company's infrastructure, as well as financial losses from leaks."
"Out-of-the-box, it seems very powerful."
"The learning curve could be improved. I am still learning it. We were able to implement the basic features to get them up and running, but there are still so many things that I don't know about all its features. They have a lot of features that we have not been able to use or apply. If they could work on reducing the solution's learning curve, that would be good. While there is a training course held by Microsoft to learn more about this solution, there is a cost associated with it."
"Multi-tenancy, in my opinion, needs to be improved. I believe it can do better as a managed service provider."
"The built-in SOAR is not really good out-of-the-box. The SOAR relies on logic apps and you almost need to have some kind of developer background to be able to make these logic apps. Most security people cannot develop anything..."
"We do see continuous improvement all the time, however, I haven't got a specific feature that is lacking or not well designed."
"Microsoft Sentinel is relatively expensive, and its cost should be improved."
"I would like to see more AI used in processes."
"They should just add more and more out-of-the-box connectors. It is quite a new product, and it has a lot of connectors, and even more would be good."
"Given that I am in the small business space, I wish they would make it easier to operate Sentinel without being a Sentinel expert. Examples of things that could be easier are creating alerts and automations from scratch and designing workbooks."
"GUI could be improved."
"The solution needs more integration with cyber intelligence systems."
"It's under heavy traffic. If you have heavy traffic, the system is slow."
"We need more dashboards and we need more customization for dashboards."
"AlienVault OSSIM gives unwanted notifications."
"The user interface needs to be friendlier across the board."
"Lacking in depth of reporting."
"It's so hard to configure and explore something new on it."
"The price has room for improvement."
"Splunk could enhance its services by providing more comprehensive professional assistance aimed at optimizing our investment."
"This solution could be improved by better pricing in general and by easier installation."
"There is a definite learning curve to starting out."
"It needs more thoroughly tested releases. Every new big version (6, 7, etc.) has had so many bugs that it makes me wary of customers upgrading right away."
"We do have to educate developers on how to not blow it up. It is a little to easy to write an expensive query and overly stress the system. This could be improved."
"Endpoint access is the only issue I can think to mention, even though the endpoint access we have with Cisco is fine."
"The CIM model is the method Splunk uses to normalize data and categorize its important parts, but it is quite complex."
AlienVault OSSIM is ranked 16th in Security Information and Event Management (SIEM) with 26 reviews while Splunk Enterprise Security is ranked 2nd in Security Information and Event Management (SIEM) with 221 reviews. AlienVault OSSIM is rated 7.4, while Splunk Enterprise Security is rated 8.4. The top reviewer of AlienVault OSSIM writes "An easy-to-scale open-source solution used for monitoring events on devices ". On the other hand, the top reviewer of Splunk Enterprise Security writes "It has a drag-and-drop interface, so you don't need to know SQL or Java to construct a query ". AlienVault OSSIM is most compared with Wazuh, Elastic Security, USM Anywhere, Fortinet FortiSIEM and IBM Security QRadar, whereas Splunk Enterprise Security is most compared with Wazuh, Dynatrace, IBM Security QRadar, Elastic Security and Azure Monitor. See our AlienVault OSSIM vs. Splunk Enterprise Security report.
See our list of best Security Information and Event Management (SIEM) vendors.
We monitor all Security Information and Event Management (SIEM) reviews to prevent fraudulent reviews and keep review quality high. We do not post reviews by company employees or direct competitors. We validate each review for authenticity via cross-reference with LinkedIn, and personal follow-up with the reviewer when necessary.