We performed a comparison between ArcSight Intelligence and Splunk Enterprise Security based on real PeerSpot user reviews.
Find out in this report how the two Security Information and Event Management (SIEM) solutions compare in terms of features, pricing, service and support, easy of deployment, and ROI."The best functionality that you can get from Azure Sentinel is the SOAR capability. So, you can estimate any type of activity, such as when an alert was triggered or an incident was found."
"The solution has features that helped improve the security posture of our clients. It provides the ability to correlate a large variety of log sources very cost-effectively, especially for Microsoft sources."
"The ability of all these solutions to work together natively is essential. We have an Azure subscription, including Log Analytics. This feature automatically acts as one of the security baselines and detects recommendations because it also integrates with Defender. We can pull the sysadmin logs from Azure. It's all seamless and native."
"The most valuable feature is the performance because unlike legacy SIEMs that were on-premises, it does not require as much maintenance."
"The log analysis is excellent; it can predict what can or will happen regarding use patterns and vulnerabilities."
"The SOAR playbooks are Sentinel's most valuable feature. It gives you a unified toolset for detecting, investigating, and responding to incidents. That's what clearly differentiates Sentinels from its competitors. It's cloud-native, offering end-to-end coverage with more than 120 connectors. All types of data logs can be poured into the system so analysis can happen. That end-to-end visibility gives it the advantage."
"Microsoft Sentinel enables you to ingest data from the entire ecosystem and that connection of data helps you to monitor critical resources and to know what's happening in the environment."
"Microsoft Sentinel provides the capability to integrate different log sources. On top of having several data connectors in place, you can also do integration with a threat intelligence platform to enhance and enrich the data that's available. You can collect as many logs and build all the use cases."
"The ability to tailor an environment to suit our specific use cases is a major advantage of ArcSight compared to other logging servers such as Splunk."
"The platform helps us improve threat detection capabilities."
"The product has a valuable interface."
"The most valuable feature of ArcSight Intelligence is a single console where the entire dashboard gives all the connected details in a single place."
"We found the correlation engine to be very good. It takes logs from different types of devices and does the correlation in a good way."
"The logs on the solution are excellent."
"The integration is seamless with many devices and operating systems."
"Our clients use the solution to find any threats or vulnerabilities inside their environment."
"Out-of-the-box, it seems very powerful."
"It is very simple to tweak or write a small piece of glue code to go ahead and create a new dashboard for a business unit to make near real-time decisions to focus more on other geographies when launching the product."
"The dashboards are the most valuable feature. We like the ability to drill in and see what queries are under the dashboard, build new visualizations, edit the querying, and see the reports."
"The correlation searches are most valuable just because we are able to do things like RBA."
"The product is good, it satisfies our customers."
"If their UI was a bit more streamlined and easy to find when I need it, then that would be a great improvement."
"Multi-tenancy, in my opinion, needs to be improved. I believe it can do better as a managed service provider."
"The AI capabilities must be improved."
"They should just add more and more out-of-the-box connectors. It is quite a new product, and it has a lot of connectors, and even more would be good."
"When we pass KPIs to the governance department, there's no option to provide rights to the data or dashboard to colleagues. We can use Power BI for this, but it isn't easy or convenient. They should just come up with a way to provide limited role-based access to auditing personnel"
"I think the number one area of improvement for Sentinel would be the cost."
"They need to work with other security vendors. For example, we replaced our email gateway with Symantec, but we couldn't collect these logs with Azure Sentinel. Instead of collecting these logs with Azure Sentinel, we are collecting them on Qradar. We couldn't do it with Sentinel, which is a problem for us."
"If I see an alert and I want to drill down and get more details about the alert, it's not just one click. In other SIEM tools, you just have to click the IP address of the entity and they give you the complete picture. In Sentinel, you have to write queries or use saved queries to get details."
"The dashboard is not user-friendly and is in black and white."
"We haven't found the product fully scalable."
"ArcSight Intelligence is a bit slower, and its speed should be improved."
"The frequency of the updates that we are getting can be improved because the number and types of incidents that are happening at the global level are far more than what we are receiving. The frequency of updates feeds related to our rules should be increased. There should be more frequent information about the new rules that are coming and the global threats that are happening. There should be better options for dashboard creation. At present, the dashboards are good, but there is scope to make them better."
"ArcSight Intelligence's pricing needs improvement."
"Splunk can improve its third-party device application plugins."
"The GUI could be improved to include some of the capabilities that other BI solutions have. The layout is a little restrictive where you can’t resize all the panels to exactly how you would like them without tweaking some XML code."
"Its pricing model and integration with third-party services can be improved. We had faced an issue with integration. The alerting feature is currently not available with Splunk, but it is definitely available with Datadog and PagerDuty. They should include this feature. A few dashboards in Splunk look quite old and are not that modern. They aren't bad, but improving these dashboards will definitely make Splunk more attractive and usable. I read in a few blog posts that there were a few security incidents related to Splunk agents. So, it can be made more secure."
"Most of my interaction is with the user community, which is how Splunk wants it. When I need help, that community is very hit or miss."
"The GUI can be improved. Splunk has always suffered from having a kind of goofy UI, it needs some updating."
"The solution has a high learning curve for users. It's a little complicated when you're trying to figure out all the features and what they do."
"It will be helpful for customers if they can create some real-world cases, and we can find a case study to align with. I know that Splunk has tremendous potential. We only include a tiny piece of it. There is a lot of stuff that we need to learn. If Splunk can provide more real-time examples, that will be helpful for customers."
"Splunk needs local technical support."
ArcSight Intelligence is ranked 33rd in Security Information and Event Management (SIEM) with 5 reviews while Splunk Enterprise Security is ranked 1st in Security Information and Event Management (SIEM) with 235 reviews. ArcSight Intelligence is rated 8.0, while Splunk Enterprise Security is rated 8.4. The top reviewer of ArcSight Intelligence writes "A user-friendly solution that can be used to integrate the logs properly with different connectors". On the other hand, the top reviewer of Splunk Enterprise Security writes "It has a drag-and-drop interface, so you don't need to know SQL or Java to construct a query ". ArcSight Intelligence is most compared with ArcSight Enterprise Security Manager (ESM) and Exabeam Fusion SIEM, whereas Splunk Enterprise Security is most compared with Wazuh, Dynatrace, IBM Security QRadar, Elastic Security and Datadog. See our ArcSight Intelligence vs. Splunk Enterprise Security report.
See our list of best Security Information and Event Management (SIEM) vendors.
We monitor all Security Information and Event Management (SIEM) reviews to prevent fraudulent reviews and keep review quality high. We do not post reviews by company employees or direct competitors. We validate each review for authenticity via cross-reference with LinkedIn, and personal follow-up with the reviewer when necessary.