We performed a comparison between Splunk Enterprise Security and VMware Aria Operations for Applications based on real PeerSpot user reviews.
Find out in this report how the two Security Information and Event Management (SIEM) solutions compare in terms of features, pricing, service and support, easy of deployment, and ROI."We’ve got process improvement that's happened across multiple different fronts within the organization, within our IT organization based on this tool being in place."
"It is able to connect to an ever-growing number of platforms and systems within the Microsoft ecosystem, such as Azure Active Directory and Microsoft 365 or Office 365, as well as to external services and systems that can be brought in and managed. We can manage on-premises infrastructure. We can manage not just the things that are running in Azure in the public cloud, but through Azure Arc and the hybrid capabilities, we can monitor on-premises servers and endpoints. We can monitor VMware infrastructure, for instance, running as part of a hybrid environment."
"Investigations are something really remarkable. We can drill down right to the raw logs by running different queries and getting those on the console itself."
"Mainly, this is a cloud-native product. So, there are zero concerns about managing the whole infrastructure on-premises."
"We didn't have anything similar. So, it really provides value from the incidents and automation point of view. The overview of the security fabric is most valuable."
"The analytics has a lot of advantages because there are 300 default use cases for rules and we can modify them per our environment. We can create other rules as well. Analytics is a useful feature."
"Free ingestion for Azure logs (with E5 licence)"
"In Azure Sentinel, we have found, they do have a store in their capability. AI and intelligence features. We found that to be very helpful for us because some other things we do need to integrate again or find another vendor for the store"
"Splunk Enterprise Security helped us with faster detection of threats."
"It has helped us look at modern technology, as well as penetrate our legacy systems, to see where the bottlenecks are."
"From the class that I took this week, being able to create notable events from whatever you find in the data set is pretty useful."
"One of the most valuable features is threat hunting. We can do threat hunting and identify if there is any malicious activity happening within our environment, which is a key feature for us."
"The search lookups are useful."
"The speed of the search engine"
"The most valuable features are how stable and easy to use Splunk is."
"The most valuable feature is that it's very good for log aggregation."
"People are very pleased with the implementation."
"Tanzu itself, integrated with multiple solutions, bestows support and security upon a container platform, especially when it comes to managing open-source container platforms such as Kubernetes."
"The solution is great for virtualization and preparing the infrastructure in Tanzu to test products. It's very fast and has good visibility."
"The features I find most valuable is the querying and alerting capabilities."
"This solution allows me to have true visibility for any metrics when it comes to my cloud, and private."
"The most valuable aspects of the solution are its ease of use and its ease of implementation."
"For us, the ease of deployment in combination with TMZ was the most important part because we don't have to manually deploy a complex monitoring solution. We can more or less do that with the click of a button, and we are not dependent on the developers to provide us with all the necessary features and functions to make that work. We can just deploy it on a workload cluster and monitor at least a good part of the workload. If we want to go into detail, we clearly need to make changes, but for a good part of application monitoring, it gives us good insights."
"No issues with stability."
"We have been working with multiple customers, and every time we onboard a customer, we are missing an essential feature that surprisingly doesn't exist in Sentinel. We searched the forums and knowledge bases but couldn't find a solution. When you onboard new customers, you need to enable the data connectors. That part is easy, but you must create rules from scratch for every associated connector. You click "next," "next," "next," and it requires five clicks for each analytical rule. Imagine we have a customer with 150 rules."
"If Sentinel had a graphical user interface, it would be easier to use. I would also like it to be more customizable."
"They're giving us the queries so we can plug them right into Sentinel. They need to have a streamlined process for updating them in the tool and knowing when things are updated and knowing when there are new detections available from Microsoft."
"The reporting could be more structured."
"They need to work with other security vendors. For example, we replaced our email gateway with Symantec, but we couldn't collect these logs with Azure Sentinel. Instead of collecting these logs with Azure Sentinel, we are collecting them on Qradar. We couldn't do it with Sentinel, which is a problem for us."
"Microsoft Sentinel is relatively expensive, and its cost should be improved."
"The only thing is sometimes you can have a false positive."
"The troubleshooting has room for improvement."
"There are limitations with Splunk not detecting all user activity, especially on mainframes and network devices."
"From the commercial point of view, they have to bring down their costs."
"The GUI could be improved to include some of the capabilities that other BI solutions have. The layout is a little restrictive where you can’t resize all the panels to exactly how you would like them without tweaking some XML code."
"If you monitor too much, you can lose performance on your systems."
"Splunk does not provide any default threat intelligence like Microsoft Sentinel, but you can integrate any third-party threat intelligence with Splunk. By default, no threat intelligence suite is there, whereas, with IBM QRadar or Microsoft Sentinel, the default feature of threat intelligence is there. It is free. If Splunk can provide a default threat intelligence suite, it would be better."
"Splunk could enhance its services by providing more comprehensive professional assistance aimed at optimizing our investment."
"We will receive alerts only for the administrators and deployment servers, but not for all servers."
"Its pricing model and integration with third-party services can be improved. We had faced an issue with integration. The alerting feature is currently not available with Splunk, but it is definitely available with Datadog and PagerDuty. They should include this feature. A few dashboards in Splunk look quite old and are not that modern. They aren't bad, but improving these dashboards will definitely make Splunk more attractive and usable. I read in a few blog posts that there were a few security incidents related to Splunk agents. So, it can be made more secure."
"Its billing model is consumption-based. I understand the consumption-based model, but it is not necessarily easy to estimate and guess how many points or how much we are going to consume on a specific application up until we get to that point. So, for us, it would be helpful to have more insights or predictability into what we can expect from a cost perspective if we are starting to use specific features. This can potentially also drive our consumption a bit more."
"The main problem I have is that the license cost is very high."
"The documentation and integration with Kubernetes could be improved."
"The implementation is a long process that should be improved."
"In the new version, I would love to see more prediction capabilities. It would be great if one could see the alerts get a little more enriched with information and become more human-friendly instead of the technical stuff that they put in there. I think those would be really awesome outcomes to get."
"I would like to see integration with Kubernetes cluster and APIs so that you can manage the entire stack."
"They could make it more easy to plug-in data so that a nontechnical person will be able to use it, like accountants or finance people. That way they don't have to ask us."
"It could use a URL document server. Everything in the market is moving towards automation and everybody's looking for the single click operations as well relational data locality."
More VMware Aria Operations for Applications Pricing and Cost Advice →
Splunk Enterprise Security is ranked 1st in Security Information and Event Management (SIEM) with 228 reviews while VMware Aria Operations for Applications is ranked 28th in Cloud Monitoring Software with 9 reviews. Splunk Enterprise Security is rated 8.4, while VMware Aria Operations for Applications is rated 7.6. The top reviewer of Splunk Enterprise Security writes "It has a drag-and-drop interface, so you don't need to know SQL or Java to construct a query ". On the other hand, the top reviewer of VMware Aria Operations for Applications writes "Easy to deploy, worth the money, and helpful for uptime monitoring and performance insights". Splunk Enterprise Security is most compared with Wazuh, Dynatrace, IBM Security QRadar, Elastic Security and Datadog, whereas VMware Aria Operations for Applications is most compared with Dynatrace, Grafana, Zabbix, Datadog and Elastic Observability. See our Splunk Enterprise Security vs. VMware Aria Operations for Applications report.
We monitor all Security Information and Event Management (SIEM) reviews to prevent fraudulent reviews and keep review quality high. We do not post reviews by company employees or direct competitors. We validate each review for authenticity via cross-reference with LinkedIn, and personal follow-up with the reviewer when necessary.