We compared Splunk Enterprise Security and Microsoft Sentinel based on our users' reviews using several parameters.
Splunk Enterprise Security is praised for its threat intelligence, analytics, and user-friendly interface. Users mention improvements needed in user-friendliness, search query language, and performance. Pricing is considered high but justified by the value. Microsoft Sentinel is affordable and has a simpler setup process. Users appreciate the advanced threat visibility, integration with other Microsoft products, and machine learning capabilities. Improvement suggestions include a more intuitive interface, better customization options, and enhanced integration with third-party tools. Users find both products valuable with positive impacts on their organization.
Features: Splunk Enterprise Security stands out for its customizable analytics and real-time monitoring, while Microsoft Sentinel excels in advanced threat visibility and machine learning integration. Splunk focuses on scalability and customization, whereas Sentinel emphasizes centralizing alerts and actionable insights.
Pricing and ROI: Splunk Enterprise Security tends to have higher pricing and high setup costs initially, but users find the value and benefits worth the investment. Microsoft Sentinel is noted for its reasonable pricing, minimal setup costs, and flexible licensing options. Splunk Enterprise Security offers improved operational efficiency, threat detection, and incident response, while Microsoft Sentinel provides enhanced security, reduced incident response time, and seamless integration.
Room for Improvement: Splunk Enterprise Security users seek a more user-friendly interface and simplified search query language. They desire enhanced alerting and reporting features to improve performance. Microsoft Sentinel users want a more intuitive platform, better customization options, enhanced integration capabilities, and improved reporting and documentation.
Deployment and customer support: While Splunk Enterprise Security had varying implementation durations, users found Microsoft Sentinel quicker to deploy. However, some noted that Sentinel's setup was more complex compared to Splunk's faster implementation and simpler setup process. Splunk Enterprise Security stands out for its prompt response times and knowledgeable staff, enhancing the overall user experience. Microsoft Sentinel impresses with quick issue resolution and effective, helpful support, leading to positive user experiences.
The summary above is based on 201 interviews we conducted recently with Splunk Enterprise Security and Microsoft Sentinel users. To access the review's full transcripts, download our report.
"The product can integrate with any device."
"The Identity Behavior tab furnishes us with the entire history linked to each IP or domain that has either accessed or attempted to access our system."
"I've worked on most of the top SIEM solutions, and Sentinel has an edge in most areas. For example, it has built-in SOAR capabilities, allowing you to run playbooks automatically. Other vendors typically offer SOAR as a separate licensed solution or module, but you get it free with Sentinel. In-depth incident integration is available out of the box."
"There are some very powerful features to Sentinel, such as the integration of various connectors. We have a lot of departments that use both IaaS and SaaS services, including M365 as well as Azure services. The ability to leverage connectors into these environments allows for large-scale data injection."
"Sentinel has an intuitive, user-friendly way to visualize the data properly. It gives me a solid overview of all the logs. We get a more detailed view that I can't get from the other SIEM tools. It has some IP and URL-specific allow listing"
"The in-built SOAR of Sentinel is valuable. Kusto Query Language is also valuable for the ease of writing queries and ease of getting insights from the logs. Schedule-based queries within Sentinel are also valuable. I found these three features most useful for my projects."
"It is able to connect to an ever-growing number of platforms and systems within the Microsoft ecosystem, such as Azure Active Directory and Microsoft 365 or Office 365, as well as to external services and systems that can be brought in and managed. We can manage on-premises infrastructure. We can manage not just the things that are running in Azure in the public cloud, but through Azure Arc and the hybrid capabilities, we can monitor on-premises servers and endpoints. We can monitor VMware infrastructure, for instance, running as part of a hybrid environment."
"The data connectors that Microsoft Sentinel provides are easy to integrate when we work with a Microsoft agent."
"The Splunk user community and forum are most valuable."
"It is very stable. We have not had any problems."
"It allows for transparency into IT metrics for insightful business analytics."
"The ability to rapidly diagnose problems in production and non-production, across hundreds of log files, is the most valuable feature."
"Integrity with many vendors: This simplifies the implementation and integration with different devices"
"The technical support is among the best in the market."
"The ability to view all of these different logs, then drilling down into specific times or into specific data sources, has proved to be the greatest aspect in decreasing our troubleshooting overhead time."
"Splunk has a wide range of features that customers use to find and analyze all kinds of logs."
"The solution could improve the playbooks."
"They're giving us the queries so we can plug them right into Sentinel. They need to have a streamlined process for updating them in the tool and knowing when things are updated and knowing when there are new detections available from Microsoft."
"Some of the data connectors are outdated, at least the ones that utilize Linux machines for log forwarding. I believe that Microsoft is already working on improving this."
"If I can use Sentinel offline at home and use it on a local network, it would be great. I'm not sure if I can use Sentinel offline versus the tools I have."
"Microsoft Sentinel should provide an alternative query language to KQL for users who lack KQL expertise."
"Multi-tenancy, in my opinion, needs to be improved. I believe it can do better as a managed service provider."
"The solution could be more user-friendly; some query languages are required to operate it."
"They can work on the EDR side of things... Every time we need to onboard these kinds of machines into the EDR, we need to do it with the help of Intune, to sync up the devices, and do the configuration. I'm looking for something on the EDR side that will reduce this kind of work."
"We are waiting for Dashboard Studio to mature a little bit more. There are some things that we are using with Classic Dashboards which have not yet made it to Dashboard Studio. We are waiting for that."
"The upgrading process could be smoother."
"I would like some additional AI capabilities to provide additional information about things going wrong and things going well."
"The pricing can be better."
"DMC should be a little more intuitive with better dashboarding. Seeing the cause of data flow can be tough to track down."
"Being a SIEM solution with a centralized dashboard, we would like to have more options to customize it."
"Its interface could be improved."
"I find the graphical options really limited and you don't have enough control over how to display the data that you want to see."
Microsoft Sentinel is ranked 1st in Security Information and Event Management (SIEM) with 85 reviews while Splunk Enterprise Security is ranked 2nd in Security Information and Event Management (SIEM) with 228 reviews. Microsoft Sentinel is rated 8.2, while Splunk Enterprise Security is rated 8.4. The top reviewer of Microsoft Sentinel writes "Gives a comprehensive and holistic view of the ecosystem and improves visibility and the ability to respond". On the other hand, the top reviewer of Splunk Enterprise Security writes "It has a drag-and-drop interface, so you don't need to know SQL or Java to construct a query ". Microsoft Sentinel is most compared with AWS Security Hub, IBM Security QRadar, Microsoft Defender for Cloud, Elastic Security and Wazuh, whereas Splunk Enterprise Security is most compared with Wazuh, Dynatrace, IBM Security QRadar, Elastic Security and Azure Monitor. See our Microsoft Sentinel vs. Splunk Enterprise Security report.
See our list of best Security Information and Event Management (SIEM) vendors.
We monitor all Security Information and Event Management (SIEM) reviews to prevent fraudulent reviews and keep review quality high. We do not post reviews by company employees or direct competitors. We validate each review for authenticity via cross-reference with LinkedIn, and personal follow-up with the reviewer when necessary.