We performed a comparison between Splunk Enterprise Security and Zenoss Cloud based on real PeerSpot user reviews.
Find out what your peers are saying about Microsoft, Splunk, Wazuh and others in Security Information and Event Management (SIEM)."One of the most valuable features is that it creates a kind of a single pane of glass for organizations that already use Microsoft software. So, when they have things like Microsoft 365, it is very easy for them to kind of plug in or enroll those endpoints into the Azure Sentinel service."
"You can fine-tune the SOAR and you'll be charged only when your playbooks are triggered. That is the beauty of the solution because the SOAR is the costliest component in the market today... but with Sentinel it is upside-down: the SOAR is the lowest-hanging fruit. It's the least costly and it delivers more value to the customer."
"We are able to deploy within half an hour and we only require one person to complete the implementation."
"We can use Sentinel's playbook to block threats. It covers all of the environment, giving us great visibility."
"Sentinel has features that have helped improve our security poster. It helped us in going ahead and identifying the gaps via analysis and focusing on the key elements."
"The main benefit is the ease of integration."
"It is quite efficient. It helps our clients in identifying their security issues and respond quickly. Our clients want to automate incident response and all those things."
"The solution has features that helped improve the security posture of our clients. It provides the ability to correlate a large variety of log sources very cost-effectively, especially for Microsoft sources."
"The additional vendors we've brought on board, particularly the elastic, have been quite beneficial."
"It has quite extensive support in terms of integration. If you want to do anything, there are tools for that."
"It's basically one of the best SIEM products on the market."
"It is very simple to tweak or write a small piece of glue code to go ahead and create a new dashboard for a business unit to make near real-time decisions to focus more on other geographies when launching the product."
"It is very scalable."
"It allows us to digest the information, the data, the different data streams, so we can make decisions based upon information that we receive, and it is pretty robust."
"It is user-friendly. It is more effective than other solutions. The support and help for troubleshooting and the documentation from Splunk make it very effective."
"One of the most valuable features is threat hunting. We can do threat hunting and identify if there is any malicious activity happening within our environment, which is a key feature for us."
"The custom built integration is one of the most valuable features because you can see all the especially critical items."
"It's easy to use."
"They have also accommodated many state-of-the-art technologies like Docker and ZooKeeper."
"The most valuable feature is the flexible discovery mechanism."
"The product offers good documentation that helps with initial training."
"What I like most about Zenoss Service Dynamics is that it monitors the devices and gives close to real-time alerts. For example, in case the device is not available, Zenoss Service Dynamics generates an alert so my team can resolve the issue."
"Its Docker Container concept is mind blowing. It is the first monitoring tool which comes with Docker features."
"The AI capabilities must be improved."
"The KQL query does not function effectively with Windows 11 machines, and in the majority of machine-based investigations, KQL queries are essential for organizing the data during investigations."
"The learning curve could be improved. I am still learning it. We were able to implement the basic features to get them up and running, but there are still so many things that I don't know about all its features. They have a lot of features that we have not been able to use or apply. If they could work on reducing the solution's learning curve, that would be good. While there is a training course held by Microsoft to learn more about this solution, there is a cost associated with it."
"There is room for improvement in entity behavior and the integration site."
"At the network level, there is a limitation in integrating some of the switches or routers with Microsoft Sentinel. Currently, SPAN traffic monitoring is not available in Microsoft Sentinel. I have heard that it is available in Defender for Identity, which is a different product. It would be good if LAN traffic monitoring or SPAN traffic monitoring is available in Microsoft Sentinel. It would add a lot of value. It is available in some of the competitor products in the market."
"I can't think of anything other than just getting the name out there. I think a lot of customers don't fully understand the full capabilities of Azure Sentinel yet. It is kind of like when they're first starting to use Azure, it might not be something they first think about. So, they should just kind of get to the point where it is more widely used."
"Sentinel still has some anomalies. For example, sometimes when we write a query for log analysis with KQL, it doesn't give us the data in a proper way... Also, the fields or columns could be improved. Sometimes, it is not giving the desired results and there is a blank field."
"If I see an alert and I want to drill down and get more details about the alert, it's not just one click. In other SIEM tools, you just have to click the IP address of the entity and they give you the complete picture. In Sentinel, you have to write queries or use saved queries to get details."
"My company could benefit from doing more Splunk training with Splunk consultants teaching us how to use it."
"It could be more user friendly, in terms of the end-user experience."
"Delays in responses from the technical team can pose challenges for both vendors and clients, especially considering that Splunk applications and machine solutions are critical assets."
"Over time I will have more requirements and I can foresee the solution could improve the search algorithm to run and output the data faster."
"I find the graphical options really limited and you don't have enough control over how to display the data that you want to see."
"Certain sections of the developer documentation could use some updating and clarification."
"From the commercial point of view, they have to bring down their costs."
"The pricing can be better."
"Now it is stable, but they should design threshold parameters in percentage instead of raw values."
"The AI aspect needs to improve."
"The inclusion of a feature to show a graphical view of the network would be a helpful improvement."
"There is room for improvement with the administrative part. They introduced Control Center to manage things in Zenoss 5. The services that Zenoss provides remained the same, but the administrative part, since they introduced Docker, etc., has become a little complex"
"There was a problem with Zenoss and storage monitoring."
"As Zenoss Service Dynamics is more for network-centric devices and you want to monitor, for example, a server, its services, IP addresses, and interfaces, if it's a network and you're going to monitor multiple items, you'll be charged multiple times. This is what Zenoss Service Dynamics needs to improve to make sure that customers pay just one fee to monitor the entire server. What I'd like to see in Zenoss Service Dynamics in the future is a public cloud monitoring feature, particularly for the Azure public cloud. Another additional feature I'd like to see in the next release of the solution is integration with the Azure public cloud because I know that there are some services from Azure that Zenoss Service Dynamics is currently unable to monitor."
"It would be ideal if the product offered sound alerts."
Splunk Enterprise Security is ranked 2nd in Security Information and Event Management (SIEM) with 228 reviews while Zenoss Cloud is ranked 20th in Application Infrastructure with 8 reviews. Splunk Enterprise Security is rated 8.4, while Zenoss Cloud is rated 8.4. The top reviewer of Splunk Enterprise Security writes "It has a drag-and-drop interface, so you don't need to know SQL or Java to construct a query ". On the other hand, the top reviewer of Zenoss Cloud writes "Generates close to real-time alerts so users can resolve issues, but needs more integration and public cloud monitoring features". Splunk Enterprise Security is most compared with Wazuh, Dynatrace, IBM Security QRadar, Elastic Security and Azure Monitor, whereas Zenoss Cloud is most compared with Zabbix, Nagios XI, ServiceNow IT Operations Management, ScienceLogic and Amazon CloudWatch.
We monitor all Security Information and Event Management (SIEM) reviews to prevent fraudulent reviews and keep review quality high. We do not post reviews by company employees or direct competitors. We validate each review for authenticity via cross-reference with LinkedIn, and personal follow-up with the reviewer when necessary.