We performed a comparison between Splunk Enterprise Security and Splunk ITSI (IT Service Intelligence) based on real PeerSpot user reviews.
Find out in this report how the two Security Information and Event Management (SIEM) solutions compare in terms of features, pricing, service and support, easy of deployment, and ROI."The connectivity and analytics are great."
"The most valuable feature is the performance because unlike legacy SIEMs that were on-premises, it does not require as much maintenance."
"Its inbuilt Kusto Query Language is a valuable feature. It provides the flexibility needed to leverage advanced data analytics rules and policies and enables us to easily navigate all our security events in a single view. It helps any user easily understand the data or any security lags in their data and applications."
"One of the most valuable features of Microsoft Sentinel is that it's cloud-based."
"Having your logs put all in one place with machine learning working on those logs is a good feature. I don't need to start thinking, "Where are my logs?" My logs are in a centralized repository, like Log Analytics, which is why you can't use Sentinel without Log Analytics. Having all those logs in one place is an advantage."
"It's easy to use. It's a very good product. It can easily ingest data from anywhere. It has an easily understandable language to perform actions."
"The standout feature of Sentinel is that, because it's cloud-based and because it's from Microsoft, it integrates really well with all the other Microsoft products. It's really simple to set up and get going."
"The solution offers a lot of data on events. It helps us create specific detection strategies."
"Positive features include replication capabilities, software development kits, and the architecture."
"The breadth of the data sources that Splunk can ingest data from is broad and deep and it does an exemplary job at handling structured data."
"The ability to manage large amounts of generated data and to protect all devices from unauthorized use are the most valuable features."
"It definitely does help with both auditing and as well as regular monitoring. SOC does more monitoring, but ES also gives you other features that are auditing-related. The dashboards are also beneficial."
"Our clients are easily able to modify and evolve their implementations."
"It's very flexible. If you look from the cloud implementation it is there. Reports are made quickly. Unlike other tools, it caters to all kinds of technical information on the front very easily. There's no need to put in any technical information. You can pull on the reports very easily, take action, and notify stakeholders."
"Splunk has machine learning which is a valuable feature."
"The most useful feature for me is the ability to create different kinds of alerts and set a different kind of denominator that will capture the real event. That is helpful for a power user like me."
"The most valuable aspect lies in its utilization of predictive analytics to anticipate and prevent incidents within a window of twenty to thirty minutes."
"The glass tables are very helpful."
"The solution is easy to scale."
"Alerts and episodes are valuable to me."
"In my opinion, Splunk IT Service Intelligence (ITSI) is better than QRadar. With the help of Splunk, we can get results."
"The KPS used to automate the integration policy is the most valuable feature of Splunk ITSI."
"ITSI's most valuable feature is that it's easy to integrate DLP."
"The flexibility to develop and consolidate many solutions into one platform is great."
"While I appreciate the UI itself and the vast amount of information available on the platform, I'm finding the overall user experience to be frustrating due to frequent disconnections and the requirement to repeatedly re-authenticate."
"When we pass KPIs to the governance department, there's no option to provide rights to the data or dashboard to colleagues. We can use Power BI for this, but it isn't easy or convenient. They should just come up with a way to provide limited role-based access to auditing personnel"
"I think the number one area of improvement for Sentinel would be the cost."
"The solution could improve the playbooks."
"Documentation is the main thing that could be improved. In terms of product usage, the documentation is pretty good, but I'd like a lot more documentation on Kusto Query Language."
"The interface could be more user-friendly. It''s a small improvement that they could make if they wanted to."
"There is room for improvement in entity behavior and the integration site."
"It has been a challenge with Azure Sentinel to onboard the Syslog server from FortiGate. Azure Sentinel can work better on that shift between the Syslog server and a firewall."
"It's costly."
"An area of improvement would be the licensing of the solution. They need a free license, which would allow faster lead times."
"Splunk could improve its default machine-learning models. Also, Splunk Enterprise's native threat intelligence isn't that good. I prefer a custom threat intelligence model."
"Writing queries is a bit complicated sometimes."
"There is a definite learning curve to starting out."
"I love the solution, but I would like to see more accessibility to the machine-learning capabilities that are sprinkled around Splunk."
"The ingestion happens quickly, so you can run up the data costs if you use the default settings. It isn't a problem for government agencies in the Saudi market, but many of the corporations in India are small or medium-sized enterprises that cannot afford that kind of ingestion system."
"While Splunkbase (the app repository) has a lot of great content, some apps are terribly old and could stand to be updated or purged."
"After upgrading Splunk ITSI from version 4.11 to 4.13, the analyzer stopped finding values for KPS and services."
"The cost of the license could be lower."
"If the product had some prebuilt machine learning features, it would add value to our use cases."
"Splunk ITSI generates numerous false positives and has the potential for enhancement."
"Quality-of-life features have room for improvement."
"I believe the refresh time should be faster."
"It would be advantageous to enhance the dashboard by incorporating sections for monitoring, service health, and a filter for the KPIs."
"It could be a little easier to use with the thresholding. We've struggled a little bit with thresholding."
More Splunk ITSI (IT Service Intelligence) Pricing and Cost Advice →
Splunk Enterprise Security is ranked 2nd in Security Information and Event Management (SIEM) with 228 reviews while Splunk ITSI (IT Service Intelligence) is ranked 5th in IT Alerting and Incident Management with 28 reviews. Splunk Enterprise Security is rated 8.4, while Splunk ITSI (IT Service Intelligence) is rated 8.2. The top reviewer of Splunk Enterprise Security writes "It has a drag-and-drop interface, so you don't need to know SQL or Java to construct a query ". On the other hand, the top reviewer of Splunk ITSI (IT Service Intelligence) writes "Provides great end-to-end visibility into our network environment and helped us reduce alert noise". Splunk Enterprise Security is most compared with Wazuh, Dynatrace, IBM Security QRadar, Elastic Security and Azure Monitor, whereas Splunk ITSI (IT Service Intelligence) is most compared with ServiceNow IT Operations Management, Grafana, Dynatrace, Splunk APM and Datadog. See our Splunk Enterprise Security vs. Splunk ITSI (IT Service Intelligence) report.
We monitor all Security Information and Event Management (SIEM) reviews to prevent fraudulent reviews and keep review quality high. We do not post reviews by company employees or direct competitors. We validate each review for authenticity via cross-reference with LinkedIn, and personal follow-up with the reviewer when necessary.
