We performed a comparison between SolarWinds Security Event Manager and Splunk Enterprise Security based on real PeerSpot user reviews.
Find out in this report how the two Security Information and Event Management (SIEM) solutions compare in terms of features, pricing, service and support, easy of deployment, and ROI."It is able to connect to an ever-growing number of platforms and systems within the Microsoft ecosystem, such as Azure Active Directory and Microsoft 365 or Office 365, as well as to external services and systems that can be brought in and managed. We can manage on-premises infrastructure. We can manage not just the things that are running in Azure in the public cloud, but through Azure Arc and the hybrid capabilities, we can monitor on-premises servers and endpoints. We can monitor VMware infrastructure, for instance, running as part of a hybrid environment."
"We can use Sentinel's playbook to block threats. It covers all of the environment, giving us great visibility."
"Its inbuilt Kusto Query Language is a valuable feature. It provides the flexibility needed to leverage advanced data analytics rules and policies and enables us to easily navigate all our security events in a single view. It helps any user easily understand the data or any security lags in their data and applications."
"Having your logs put all in one place with machine learning working on those logs is a good feature. I don't need to start thinking, "Where are my logs?" My logs are in a centralized repository, like Log Analytics, which is why you can't use Sentinel without Log Analytics. Having all those logs in one place is an advantage."
"Another area where it is helping us is in creating a single dashboard for our environment. We can collect all the logs into a log analytics workset and run queries on top of it. We get all the results in the dashboard. Even a layman can understand this stuff. The way Microsoft presents it is really incredible."
"The most valuable feature is the performance because unlike legacy SIEMs that were on-premises, it does not require as much maintenance."
"Sentinel's most important feature is the ability to centralize all the logs in one place. There's no need to search multiple systems for information."
"Free ingestion for Azure logs (with E5 licence)"
"The most valuable feature of this solution is the visibility into both attempted and failed logins."
"It performs network behavior monitoring, log monitoring, and disaster recovery monitoring."
"SolarWinds Security Event Manager has been generally working well."
"The graphical user interface is very user-friendly. SolarWinds is a hybrid solution so you can use it across many platforms."
"It has in-depth monitoring capabilities and an easy way for setting up dashboards. I can expand in various areas, or I can reduce areas. It supports different types of breakdowns, filters, and rules. It is very simple for an out-of-the-box type of product. It doesn't take a lot of time to figure it out, which is unlike some of the solutions that I have looked at. It meets all the aspects."
"The out of the box reports and dashboard. It was easy to trim down these windows to something we could quickly use."
"The most valuable feature of SolarWinds Security Event Manager is the analysis and the knowledge about the incidence that we trace."
"The most valuable feature is the ease of use for the end user."
"It is user-friendly. It is more effective than other solutions. The support and help for troubleshooting and the documentation from Splunk make it very effective."
"The ability to ingest different log types from many different products in our environment is most valuable."
"If I need to integrate devices for logs, it is easier with Splunk. We can integrate different applications, network devices, and databases. It is also very rich in documents. It is the best."
"Internal tracking is helpful because we do not like to deal with multiple ticketing systems, and I am not a fan of ServiceNow. We are able to keep everything internal and utilize Enterprise Security."
"The ability to manage large amounts of generated data and to protect all devices from unauthorized use are the most valuable features."
"Splunk Enterprise Security is able to process a huge amount of data without any issues."
"The most valuable features include agility and Splunk Enterprise Security's ability to quickly search for alerted items, as well as the capacity to create custom alerts using the SQL language employed by Splunk."
"Splunk can extract all kinds of data. There's no limitation on what kind of structured and unstructured data one needs to extract — it can access any kind of data, including machine-generated data."
"We'd like to see more connectors."
"When it comes to ingesting Azure native log sources, some of the log sources are specific to the subscription, and it is not always very clear."
"The reporting could be more structured."
"Sometimes, we are observing large ingestion delays. We expect logs within 5 minutes, but it takes about 10 to 15 minutes."
"If we want to use more features, we have to pay more. There are multiple solutions on the cloud itself, but the pricing model package isn't consistent, which is confusing to clients."
"I think the number one area of improvement for Sentinel would be the cost."
"Improvement-wise, I would like to see more integration with third-party solutions or old-school antivirus products that have some kind of logging capability. I wouldn't mind having that exposed within Sentinel. We do have situations where certain companies have bought licensing or have made an investment in a product, and that product will be there for the next two or three years. To be able to view information from those legacy products would be great. We can then better leverage the Sentinel solution and its capabilities."
"There is room for improvement in entity behavior and the integration site."
"It can be difficult for users who are inexperienced with the solution."
"It won't tell you when your backups are failing, but it will give you hints when your database is running on full recovery."
"There are no multiple dashboards which would allow you to see information side-by-side."
"We used the support from SolarWinds Security Event Manager and they are knowledgeable but challenging to get in contact with them."
"I would like to be able to dig deeper into the visibility of events or incidents to determine whether they are malicious, such as by doing behavior analysis."
"Under the new system, it is not upgradable the way they say. When you try to do an upgrade, it doesn't really work unless you dump everything and start from scratch. You lose a lot of your nodes. Whenever you set your nodes up and everything else, they don't want to bring those nodes back in, so you have to really go back and restructure all your nodes. I went from version 6.5 to version 6.6 and then to version 6.7. I then went to version 2019, and now it is version 2020. It would be good if we can upgrade without having to delete everything and start from scratch. They can maybe build more KPIs and other things for the dashboard. Some of the other systems already have built-in KPIs. SolarWinds is starting to catch up, but it is not there yet. They can include some of the business or industry standards for tracking the time, that is, the meantime to detect (MTTD) and the meantime to resolve (MTTR). They can also find a way to build a KPI that measures the number of instances of port scans experienced in a week or a month."
"The reporting could be more robust. It can be a lot more granular and that will make it a lot more useful in comparison to how it is incorporated at the moment."
"There is no correlation made between log entries, so no threat information is presented."
"The integration with all our tool sets felt like we were reinventing the wheel, which was a pain point for us."
"The GUI can be improved. Splunk has always suffered from having a kind of goofy UI, it needs some updating."
"The security can be improved."
"The product must improve insider threat detection."
"It's difficult to set up initially, and their billing model is also a bit complicated."
"I would like to see ability to master management. In terms of clustering, how it manages clustering needs improvement."
"Technical support needs to be more responsive."
"The difficult part is related to integration with sources of data that are used to create the logs as this depends on the infrastructure of the client."
More SolarWinds Security Event Manager Pricing and Cost Advice →
SolarWinds Security Event Manager is ranked 21st in Security Information and Event Management (SIEM) with 24 reviews while Splunk Enterprise Security is ranked 2nd in Security Information and Event Management (SIEM) with 228 reviews. SolarWinds Security Event Manager is rated 7.8, while Splunk Enterprise Security is rated 8.4. The top reviewer of SolarWinds Security Event Manager writes "A comprehensive network security with robust technical capabilities, effective threat response, and centralized management". On the other hand, the top reviewer of Splunk Enterprise Security writes "It has a drag-and-drop interface, so you don't need to know SQL or Java to construct a query ". SolarWinds Security Event Manager is most compared with ManageEngine Log360, IBM Security QRadar, Wazuh, Microsoft Defender XDR and LogRhythm SIEM, whereas Splunk Enterprise Security is most compared with Wazuh, Dynatrace, IBM Security QRadar, Elastic Security and Azure Monitor. See our SolarWinds Security Event Manager vs. Splunk Enterprise Security report.
See our list of best Security Information and Event Management (SIEM) vendors.
We monitor all Security Information and Event Management (SIEM) reviews to prevent fraudulent reviews and keep review quality high. We do not post reviews by company employees or direct competitors. We validate each review for authenticity via cross-reference with LinkedIn, and personal follow-up with the reviewer when necessary.