We performed a comparison between ClearSkies SaaS NG SIEM and Splunk Enterprise Security based on real PeerSpot user reviews.
Find out what your peers are saying about Microsoft, Splunk, Wazuh and others in Security Information and Event Management (SIEM)."Sentinel is a Microsoft product, so they provide very robust use cases and analytic groups, which are very beneficial for the security team. I also like the ability to integrate data sources into the software for on-premise and cloud-based solutions."
"It has basic out-of-the-box integrations with multiple log sources."
"Its inbuilt Kusto Query Language is a valuable feature. It provides the flexibility needed to leverage advanced data analytics rules and policies and enables us to easily navigate all our security events in a single view. It helps any user easily understand the data or any security lags in their data and applications."
"Sentinel's most important feature is the ability to centralize all the logs in one place. There's no need to search multiple systems for information."
"It is quite efficient. It helps our clients in identifying their security issues and respond quickly. Our clients want to automate incident response and all those things."
"Investigations are something really remarkable. We can drill down right to the raw logs by running different queries and getting those on the console itself."
"It is able to connect to an ever-growing number of platforms and systems within the Microsoft ecosystem, such as Azure Active Directory and Microsoft 365 or Office 365, as well as to external services and systems that can be brought in and managed. We can manage on-premises infrastructure. We can manage not just the things that are running in Azure in the public cloud, but through Azure Arc and the hybrid capabilities, we can monitor on-premises servers and endpoints. We can monitor VMware infrastructure, for instance, running as part of a hybrid environment."
"The scalability is great. You can put unlimited logs in, as long as you can pay for it. There are commitment tiers, up to six terabytes per day, which is nowhere close to what any one of our customers is running."
"The correlation rules and the user platform are most valuable."
"The solution helped reduce our alert volume."
"It gives us the liberty to do more in terms of use cases."
"Splunk's advantage is its search capability. Its search is notably faster. With Splunk, I can search easily on keywords. That is great."
"The level of robustness on offer is very good."
"The product provides visibility and enables us to correlate data and generate alerts."
"The UI of Splunk makes it easier for our analysts to move around and see what they need to see."
"From the class that I took this week, being able to create notable events from whatever you find in the data set is pretty useful."
"The additional vendors we've brought on board, particularly the elastic, have been quite beneficial."
"Sentinel provides decent visibility, but it's sometimes a little cumbersome to get to the information I want because there is so much information. I would also like to see more seamless integration between Sentinel and third-party security products."
"If we want to use more features, we have to pay more. There are multiple solutions on the cloud itself, but the pricing model package isn't consistent, which is confusing to clients."
"There is room for improvement in entity behavior and the integration site."
"The solution could be more user-friendly; some query languages are required to operate it."
"I would like to be able to monitor applications outside of the Azure Cloud."
"I would like to see more AI used in processes."
"Microsoft Sentinel should provide an alternative query language to KQL for users who lack KQL expertise."
"The AI capabilities must be improved."
"They can add behavior analytics and AI or machine learning technology. They also improve their correlation engine. In addition to collecting logs from devices, they can collect the traffic and then correlate these logs and the traffic information."
"Splunk could enhance its services by providing more comprehensive professional assistance aimed at optimizing our investment."
"The threat detection system has room for improvement."
"Its setup is a little bit complex for a distributed environment. Their support can also be better. If we miss the response for more than a week, they usually close the case. Sometimes, it can take us more than a week to reply."
"The search could be improved. Now, it is a bit difficult to write search queries because they become quite long, then maintaining those long search queries is a quite challenging."
"The product is relatively expensive."
"Splunk needs to be able to hold more days of data. At the moment it only holds three months of data."
"Licensing costs can be a barrier for those with limited budgets."
"Writing queries is a bit complicated sometimes."
Earn 20 points
ClearSkies SaaS NG SIEM is ranked 56th in Security Information and Event Management (SIEM) while Splunk Enterprise Security is ranked 2nd in Security Information and Event Management (SIEM) with 228 reviews. ClearSkies SaaS NG SIEM is rated 8.0, while Splunk Enterprise Security is rated 8.4. The top reviewer of ClearSkies SaaS NG SIEM writes "Good correlation rules, competitive pricing, and good stability". On the other hand, the top reviewer of Splunk Enterprise Security writes "It has a drag-and-drop interface, so you don't need to know SQL or Java to construct a query ". ClearSkies SaaS NG SIEM is most compared with , whereas Splunk Enterprise Security is most compared with Wazuh, Dynatrace, IBM Security QRadar, Elastic Security and Azure Monitor.
See our list of best Security Information and Event Management (SIEM) vendors.
We monitor all Security Information and Event Management (SIEM) reviews to prevent fraudulent reviews and keep review quality high. We do not post reviews by company employees or direct competitors. We validate each review for authenticity via cross-reference with LinkedIn, and personal follow-up with the reviewer when necessary.