We performed a comparison between Splunk Enterprise Security and Tintri Global Center [EOL] based on real PeerSpot user reviews.
Find out what your peers are saying about Microsoft, Splunk, Wazuh and others in Security Information and Event Management (SIEM)."The initial setup is very simple and straightforward."
"I've worked on most of the top SIEM solutions, and Sentinel has an edge in most areas. For example, it has built-in SOAR capabilities, allowing you to run playbooks automatically. Other vendors typically offer SOAR as a separate licensed solution or module, but you get it free with Sentinel. In-depth incident integration is available out of the box."
"Previously, it was a little bit difficult to find where an incident came from, including which IP address and which country. So in Sentinel, it's very easy to find where the incident came from since we can easily get the information from the dashboard, after which we take action quickly."
"The native integration of the Microsoft security solution has been essential because it helps reduce some false positives, especially with some of the impossible travel rules that may be configured in Microsoft 365. For some organizations, that might be benign because they're using VPNs, etc."
"The in-built SOAR of Sentinel is valuable. Kusto Query Language is also valuable for the ease of writing queries and ease of getting insights from the logs. Schedule-based queries within Sentinel are also valuable. I found these three features most useful for my projects."
"The Identity Behavior tab furnishes us with the entire history linked to each IP or domain that has either accessed or attempted to access our system."
"The automation feature is valuable."
"If you know how to do KQL (kusto query language) queries, which are how you query the log data inside Sentinel, the information is pretty rich. You can get down to a good level of detail regarding event information or notifications."
"On the cloud, we are pushing through less than half a petabyte of data. So far, it has been fairly stable because it runs on all the underlying AWS infrastructures."
"Our clients use the solution to find any threats or vulnerabilities inside their environment."
"It is user-friendly. It is more effective than other solutions. The support and help for troubleshooting and the documentation from Splunk make it very effective."
"The most valuable features are the logs, which allow us to identify what happened and who interacted with the web repository."
"The most valuable feature of Splunk Enterprise Security is website activity monitoring."
"It is a one stop shop as a full monitoring and alerting solution for operations and application analysis for most of our back-end systems."
"Correlating data across different systems via one interface will allow you to know your environment or identify incident data in ways you never imagined."
"You can check up on security from the dashboards."
"The Tintri product line as a whole has freed up a lot of resources from constant administration of legacy enterprise storage."
"Sentinel should be improved with more connectors. At the moment, it only covers a few vendors. If I remember correctly, only 100 products are supported natively in Sentinel, although you can connect them with syslog. But Microsoft should increase the number of native connectors to get logs into Sentinel."
"The playbook development environment is not as rich as it should be. There are multiple occasions when we face problems while creating the playbook."
"The interface could be more user-friendly. It''s a small improvement that they could make if they wanted to."
"Sentinel still has some anomalies. For example, sometimes when we write a query for log analysis with KQL, it doesn't give us the data in a proper way... Also, the fields or columns could be improved. Sometimes, it is not giving the desired results and there is a blank field."
"Some of the data connectors are outdated, at least the ones that utilize Linux machines for log forwarding. I believe that Microsoft is already working on improving this."
"If you're looking to use canned queries, the interface could be a little more straightforward. It's not immediately intuitive regarding how you use it. You have to take a canned query and paste it into an operational box and then you hit a button... They could improve the ease of deploying these queries."
"Multi-tenancy, in my opinion, needs to be improved. I believe it can do better as a managed service provider."
"Add more out-of-the-box connectors with other SaaS platforms/applications."
"DMC should be a little more intuitive with better dashboarding. Seeing the cause of data flow can be tough to track down."
"I think the machine learning should be emphasized. Now, it's really important to analyze Big Data, data mining. A SIEM solution, like Splunk, needs an improved data mining solution, artificial intelligence."
"It needs a better way to export dynamic views without requiring a ton of code and user/pw."
"Splunk Enterprise Security can be improved by including backup network detection and response and safe management to the paid platform."
"On the technical side, it would be nice to see aspects of the recent acquisition of Phantom make it into the core Splunk Enterprise, not just become a part of the premium Enterprise Security."
"It needs to improve the way to install third-party apps and enable installation without logging into splunk.com."
"They can incorporate the SOAR solution within the actual product so that we do not require two different products, two different installations, and two different pricing methods. In regards to UBA, I am familiar with the UBA that existed two years ago. I am not updated about it today, but two years ago, UBA required such an amount of data that from a cost perspective, it was not worth it. When you compare it to what you get out of the box with Microsoft Sentinel without additional costs, there is no match."
"The price has room for improvement."
"A better Tintri would be a "cheaper" one to get things started again."
Earn 20 points
Splunk Enterprise Security is ranked 2nd in Security Information and Event Management (SIEM) with 227 reviews while Tintri Global Center [EOL] doesn't meet the minimum requirements to be ranked in Security Information and Event Management (SIEM). Splunk Enterprise Security is rated 8.4, while Tintri Global Center [EOL] is rated 10.0. The top reviewer of Splunk Enterprise Security writes "It has a drag-and-drop interface, so you don't need to know SQL or Java to construct a query ". On the other hand, the top reviewer of Tintri Global Center [EOL] writes "Provides VM protection with scheduled snapshots and replication". Splunk Enterprise Security is most compared with Wazuh, Dynatrace, IBM Security QRadar, Elastic Security and Azure Monitor, whereas Tintri Global Center [EOL] is most compared with .
We monitor all Security Information and Event Management (SIEM) reviews to prevent fraudulent reviews and keep review quality high. We do not post reviews by company employees or direct competitors. We validate each review for authenticity via cross-reference with LinkedIn, and personal follow-up with the reviewer when necessary.