We performed a comparison between RSA enVision and Splunk Enterprise Security based on real PeerSpot user reviews.
Find out what your peers are saying about Microsoft, Splunk, Wazuh and others in Security Information and Event Management (SIEM)."The most valuable feature is the alert notifications, which are categorized by severity levels: informational, low, medium, and high."
"I like the ability to run custom KQL queries. I don't know if that feature is specific to Sentinel. As far as I know, they are using technology built into Azure's Log Analytics app. Sentinel integrates with that, and we use this functionality heavily."
"The most valuable feature is the UEBA. It's very easy for a security operations analyst. It has a one-touch analysis where you can search for a particular entity, and you can get a complete overview of that entity or user."
"The log query feature has been the most valuable because it's very good. You can put your data on the cloud and run queues from Sentinel. It will do it all very fast. I love that I don't have to upload it to an Excel file and then manually look for a piece of information. Sentinel is much faster and is good for big databases."
"Microsoft Sentinel provides the capability to integrate different log sources. On top of having several data connectors in place, you can also do integration with a threat intelligence platform to enhance and enrich the data that's available. You can collect as many logs and build all the use cases."
"It's easy to use. It's a very good product. It can easily ingest data from anywhere. It has an easily understandable language to perform actions."
"Native integration with Microsoft security products or other Microsoft software is also crucial. For example, we can integrate Sentinel with Office 365 with one click. Other integrations aren't as easy. Sometimes, we have to do it manually."
"Sentinel also enables you to ingest data from your entire ecosystem and not just from the Microsoft ecosystem. It can receive data from third-party vendors' products such firewalls, network devices, and antivirus solutions. It's not only a Microsoft solution, it's for everything."
"The most valuable feature of this solution is the reporting."
"The most valuable feature is the management features. It's capable of managing large enterprises."
"The configuration part is very easy...The technical support was sincere in their responses...I rate the technical support a nine out of ten."
"The most valuable features include agility and Splunk Enterprise Security's ability to quickly search for alerted items, as well as the capacity to create custom alerts using the SQL language employed by Splunk."
"The client site login is pretty extensible and probably cost-effective."
"Support is quick and competent."
"I like the search feature and the indexing. It's very fast and comprehensive."
"The SIEM is the most valuable feature of the product."
"The technical support has been very good. They are very responsive and have been helpful."
"The solution is the market leader."
"We can present to our management in real time the security of the batch management for the PCs, security regarding the network equipment. We're currently working in the Azure Cloud project, so we can send any logs from the cloud to Splunk. We can monitor them and we can present to the managers and customers. It's a very good solution for reporting. We use Splunk for reporting and monitoring of any solution in the company."
"There is some relatively advanced knowledge that you have to have to properly leverage Sentinel's full capabilities. I'm thinking about things like the creation of workbooks, how you do threat-hunting, and the kinds of notifications you're getting... It takes time for people to ramp up on that and develop a familiarity or expertise with it."
"One key area that can be improved is by building a strong integration with our XDR platform."
"Everyone has their favorites. There is always room for improvement, and everybody will say, "I wish you could do this for me or that for me." It is a personal thing based on how you use the tool. I do not necessarily have those thoughts, and they are probably not really valuable because they are unique to the context of the user, but broadly, where it can continue to improve is by adding more connectors to more systems."
"When it comes to ingesting Azure native log sources, some of the log sources are specific to the subscription, and it is not always very clear."
"They should integrate it with many other software-as-a-service providers and make connectors available so that you don't have to do any sort of log normalization."
"Its documentation is not so simple. It is easy for somebody who is Microsoft certified or more closely attached to Microsoft solutions. It is not easy for those who are working on open-source platforms. There isn't a central point where everything is documented, and there is no specific training or certification."
"Sentinel still has some anomalies. For example, sometimes when we write a query for log analysis with KQL, it doesn't give us the data in a proper way... Also, the fields or columns could be improved. Sometimes, it is not giving the desired results and there is a blank field."
"The solution should allow for a streamlined CI/CD procedure."
"In general, the solution currently isn't user-friendly."
"The integration could be easier, it should support more products."
"RSA enVision log manager is out of date and is not in use anymore."
"The use cases provided by Splunk are a good starting point, but could cover many additional topics to ensure that a smaller or less experienced shop might maximize the value of an ES deployment."
"If you monitor too much, you can lose performance on your systems."
"The GUI can be improved. Splunk has always suffered from having a kind of goofy UI, it needs some updating."
"Its user interface for everything other than the charts can be improved. Some parts of it can be simplified a bit, such as when importing documents that have the network traffic. When you're going through the information about the network traffic, you have to have the expertise, but even if a program is supposed to be for IT support, it is good to make it user-friendly because it gets easier to train people. When something goes wrong, the more difficult a program is in terms of UI, the harder it is to fix the issue."
"I would like to get visibility into the data pipelines on heavy forwarders and indexers to see exactly their source and the cause of saturation when it occurs. This would help us learn even more about our high use applications."
"We'd like to have the number of devices covered under the license to be increased."
"The solution should also have more advanced capabilities in comparison with QRadar, which offers Watson."
"I would like to see more SIEM functionality and a better ticket tool."
RSA enVision is ranked 36th in Security Information and Event Management (SIEM) with 5 reviews while Splunk Enterprise Security is ranked 2nd in Security Information and Event Management (SIEM) with 228 reviews. RSA enVision is rated 6.8, while Splunk Enterprise Security is rated 8.4. The top reviewer of RSA enVision writes "Though the solution offers good technical support, it needs to be made more user-friendly ". On the other hand, the top reviewer of Splunk Enterprise Security writes "It has a drag-and-drop interface, so you don't need to know SQL or Java to construct a query ". RSA enVision is most compared with NetWitness Platform and IBM Security QRadar, whereas Splunk Enterprise Security is most compared with Wazuh, Dynatrace, IBM Security QRadar, Elastic Security and Azure Monitor.
See our list of best Security Information and Event Management (SIEM) vendors.
We monitor all Security Information and Event Management (SIEM) reviews to prevent fraudulent reviews and keep review quality high. We do not post reviews by company employees or direct competitors. We validate each review for authenticity via cross-reference with LinkedIn, and personal follow-up with the reviewer when necessary.