We performed a comparison between Snare and Splunk Enterprise Security based on real PeerSpot user reviews.
Find out in this report how the two Log Management solutions compare in terms of features, pricing, service and support, easy of deployment, and ROI."The data connectors that Microsoft Sentinel provides are easy to integrate when we work with a Microsoft agent."
"The connectivity and analytics are great."
"The automation feature is valuable."
"Free ingestion for Azure logs (with E5 licence)"
"Azure Application Gateway makes things a lot easier. You can create dashboards, alert rules, hunting and custom queries, and functions with it."
"The product can integrate with any device."
"It has a lot of great features."
"It's pretty powerful and its performance is pretty good."
"The best thing about Snare is its format and consistency."
"The most valuable feature of Snare is flexibility or the ability to filter all things you don't want and don't have security value."
"Snare has good agents, especially for Windows."
"The graph visualization is the most valuable feature."
"The initial setup is really straightforward. It's one of the easiest installations."
"It is the best tool if you have a complex environment or if data ingestion is too huge."
"The speed of the search engine"
"We can quickly search for almost anything across many log sources in seconds."
"The product is good, it satisfies our customers."
"Splunk has significantly helped with aggregation and correlation of critical logs. Not having to grep on each individual server has made everyone more efficient."
"You can check up on security from the dashboards."
"It could have a better API to be able to automate many things more extensively and get more extensive data and more expensive deployment possibilities. It can gain some points on the automation part and the integration part. The API is very limited, and I would like to see it extended a bit more."
"Improvement-wise, I would like to see more integration with third-party solutions or old-school antivirus products that have some kind of logging capability. I wouldn't mind having that exposed within Sentinel. We do have situations where certain companies have bought licensing or have made an investment in a product, and that product will be there for the next two or three years. To be able to view information from those legacy products would be great. We can then better leverage the Sentinel solution and its capabilities."
"There are certain delays. For example, if an alert has been rated on Microsoft Defender for Endpoint, it might take up to an hour for that alert to reach Sentinel. This should ideally take no more than one or two seconds."
"I believe one of the challenges I encountered was the absence of live training sessions, even with the option to pay for them."
"If I see an alert and I want to drill down and get more details about the alert, it's not just one click. In other SIEM tools, you just have to click the IP address of the entity and they give you the complete picture. In Sentinel, you have to write queries or use saved queries to get details."
"Given that I am in the small business space, I wish they would make it easier to operate Sentinel without being a Sentinel expert. Examples of things that could be easier are creating alerts and automations from scratch and designing workbooks."
"The following would be a challenge for any product in the market, but we have some in-house apps in our environment... our apps were built with different parameters and the APIs for them are not present in Sentinel. We are working with Microsoft to build those custom APIs that we require. That is currently in progress."
"Microsoft should improve Sentinel, considering that from the legacy systems, it cannot collect logs."
"Snare should modernize its GUI a little bit."
"Users will initially find it difficult to identify the event types and installation in Snare."
"The solution is now developing a SIEM-like feature on Snare Central Server, but it's not complete yet."
"Splunk's ability to analyze malicious activities scores an 8 out of 10, but there's room for improvement. By analyzing emerging patterns, Splunk could identify and predict potential threats more effectively."
"An area of improvement would be the licensing of the solution. They need a free license, which would allow faster lead times."
"Previously, they developed custom connectors or add-ons for a lot of applications. But that number can be upgraded still. There are a lot of applications in the world that are not supported."
"The integration with all our tool sets felt like we were reinventing the wheel, which was a pain point for us."
"It's difficult to set up initially, and their billing model is also a bit complicated."
"It needs a better way to export dynamic views without requiring a ton of code and user/pw."
"The glass table feature does not perform as expected."
"We do have to educate developers on how to not blow it up. It is a little to easy to write an expensive query and overly stress the system. This could be improved."
Snare is ranked 41st in Log Management with 3 reviews while Splunk Enterprise Security is ranked 1st in Log Management with 228 reviews. Snare is rated 8.0, while Splunk Enterprise Security is rated 8.4. The top reviewer of Snare writes "A highly scalable solution that is easy to manage and super easy to set up". On the other hand, the top reviewer of Splunk Enterprise Security writes "It has a drag-and-drop interface, so you don't need to know SQL or Java to construct a query ". Snare is most compared with syslog-ng, SolarWinds Kiwi Syslog Server, LogRhythm SIEM, ArcSight Enterprise Security Manager (ESM) and Elastic Security, whereas Splunk Enterprise Security is most compared with Wazuh, Dynatrace, IBM Security QRadar, Elastic Security and Azure Monitor. See our Snare vs. Splunk Enterprise Security report.
See our list of best Log Management vendors and best Security Information and Event Management (SIEM) vendors.
We monitor all Log Management reviews to prevent fraudulent reviews and keep review quality high. We do not post reviews by company employees or direct competitors. We validate each review for authenticity via cross-reference with LinkedIn, and personal follow-up with the reviewer when necessary.