We performed a comparison between Splunk Enterprise Security and Splunk On-Call based on real PeerSpot user reviews.
Find out what your peers are saying about Microsoft, Splunk, Wazuh and others in Security Information and Event Management (SIEM)."Having your logs put all in one place with machine learning working on those logs is a good feature. I don't need to start thinking, "Where are my logs?" My logs are in a centralized repository, like Log Analytics, which is why you can't use Sentinel without Log Analytics. Having all those logs in one place is an advantage."
"The UI-based analytics are excellent."
"The dashboard that allows me to view all the incidents is the most valuable feature."
"The solution offers a lot of data on events. It helps us create specific detection strategies."
"We’ve got process improvement that's happened across multiple different fronts within the organization, within our IT organization based on this tool being in place."
"The Log analytics are useful."
"Sentinel has an intuitive, user-friendly way to visualize the data properly. It gives me a solid overview of all the logs. We get a more detailed view that I can't get from the other SIEM tools. It has some IP and URL-specific allow listing"
"The ability of all these solutions to work together natively is essential. We have an Azure subscription, including Log Analytics. This feature automatically acts as one of the security baselines and detects recommendations because it also integrates with Defender. We can pull the sysadmin logs from Azure. It's all seamless and native."
"It allows us to digest the information, the data, the different data streams, so we can make decisions based upon information that we receive, and it is pretty robust."
"We are using Microsoft 365 and we're using the Exchange Mail Service. It's good for monitoring that in particular."
"The completeness of the solution is what we like the most."
"The reporting aspect is good and it does what I need it to do."
"The ability to digest any information and then correlate it in accordance with what you need is valuable. The ability to connect to pretty much everything and bring the information in the same format is also valuable. On top of that, we can use their language in order to create and customize the dashboards, correlations, or analytics that we want to incorporate."
"You can use it to gather syslog messages from anything."
"Splunk's strongest suit is its user interface. We can integrate multiple solutions and adjust settings in the Splunk interface."
"One key advantage of Splunk over competitors like IBM QRadar is its superior device integration capabilities."
"The alert calling feature is the best because notifications are delivered via phone messages."
"The flexible schedule is the most valuable feature. It was very easy to set out a rotation."
"The most valuable feature of the solution is helpdesk escalation."
"VictorOps has been good enough for us and it's effective for our needs in case of an on-call escalation process."
"Transmogrifier and automatic solution report gives me a report with the solution and the way to solve issues when an error occurred."
"The AI capabilities must be improved."
"They need to work with other security vendors. For example, we replaced our email gateway with Symantec, but we couldn't collect these logs with Azure Sentinel. Instead of collecting these logs with Azure Sentinel, we are collecting them on Qradar. We couldn't do it with Sentinel, which is a problem for us."
"Sentinel provides decent visibility, but it's sometimes a little cumbersome to get to the information I want because there is so much information. I would also like to see more seamless integration between Sentinel and third-party security products."
"I can't think of anything other than just getting the name out there. I think a lot of customers don't fully understand the full capabilities of Azure Sentinel yet. It is kind of like when they're first starting to use Azure, it might not be something they first think about. So, they should just kind of get to the point where it is more widely used."
"Microsoft Sentinel is relatively expensive, and its cost should be improved."
"The learning curve could be improved. I am still learning it. We were able to implement the basic features to get them up and running, but there are still so many things that I don't know about all its features. They have a lot of features that we have not been able to use or apply. If they could work on reducing the solution's learning curve, that would be good. While there is a training course held by Microsoft to learn more about this solution, there is a cost associated with it."
"If we want to use more features, we have to pay more. There are multiple solutions on the cloud itself, but the pricing model package isn't consistent, which is confusing to clients."
"The reporting could be more structured."
"The product is relatively expensive."
"Make it easy to use and the cost cheaper. This will help all organisations to implement Splunk."
"Certain sections of the developer documentation could use some updating and clarification."
"The security can be improved."
"We would like more integrations with other cloud products, not just AWS, e.g., Azure."
"In the next releases, I would like to see more pricing flexibility."
"Splunk is not very user-friendly. It has a complex architecture in comparison to other solutions on the market."
"I would like to see future development in terms of ML (Machine Learning)."
"There could be improvements with communicating an incident or alert."
"Should have more YouTube webinars."
"The third-party configuration tool could be easier to use."
"The solution can be improved by including a wider list of permissions."
"At that stage, all our needs are fulfilled, but at the beginning, we had some feature requests and they were deployed during their roadmap."
Splunk Enterprise Security is ranked 2nd in Security Information and Event Management (SIEM) with 228 reviews while Splunk On-Call is ranked 8th in IT Alerting and Incident Management with 10 reviews. Splunk Enterprise Security is rated 8.4, while Splunk On-Call is rated 8.6. The top reviewer of Splunk Enterprise Security writes "It has a drag-and-drop interface, so you don't need to know SQL or Java to construct a query ". On the other hand, the top reviewer of Splunk On-Call writes "Allows us to create flexible schedules for on-call rotations". Splunk Enterprise Security is most compared with Wazuh, Dynatrace, IBM Security QRadar, Elastic Security and Azure Monitor, whereas Splunk On-Call is most compared with PagerDuty Operations Cloud, Opsgenie, New Relic, Everbridge IT Alerting and ServiceNow.
We monitor all Security Information and Event Management (SIEM) reviews to prevent fraudulent reviews and keep review quality high. We do not post reviews by company employees or direct competitors. We validate each review for authenticity via cross-reference with LinkedIn, and personal follow-up with the reviewer when necessary.