We performed a comparison between Splunk Enterprise Security and Trellix ESM based on real PeerSpot user reviews.
Find out in this report how the two Security Information and Event Management (SIEM) solutions compare in terms of features, pricing, service and support, easy of deployment, and ROI."It's pretty powerful and its performance is pretty good."
"The log query feature has been the most valuable because it's very good. You can put your data on the cloud and run queues from Sentinel. It will do it all very fast. I love that I don't have to upload it to an Excel file and then manually look for a piece of information. Sentinel is much faster and is good for big databases."
"It is easy to implement (turn on) - does need a skilled analyst to develop queries and playbooks."
"Microsoft Sentinel provides the capability to integrate different log sources. On top of having several data connectors in place, you can also do integration with a threat intelligence platform to enhance and enrich the data that's available. You can collect as many logs and build all the use cases."
"One of the most valuable features of Microsoft Sentinel is that it's cloud-based."
"It is quite efficient. It helps our clients in identifying their security issues and respond quickly. Our clients want to automate incident response and all those things."
"I like the unified security console. You can close incidents using Sentinel in all other Microsoft Security portals, when it comes to incident response."
"The Identity Behavior tab furnishes us with the entire history linked to each IP or domain that has either accessed or attempted to access our system."
"This solution helps us increase our productivity."
"It is easy to use in any environment."
"The correlation searches (properly configured) populate the Incident Management dashboard and provide me a quick birds-eye view of my most important concerns."
"Splunk allows us to find insights that we were not able to with traditional BI tools using ETL. It allows us to dig into raw events."
"Splunk has improved our operations by giving us access to more information and allowing us to deploy more use cases."
"My favorite example of improving of organization is saving a $60k/mo in payroll fraud and $10k/mo in wasted API credits by using simple searches and clear reports."
"The client site login is pretty extensible and probably cost-effective."
"It has a big user base, so the community is useful."
"It blocks the things which are not to be allowed. It has an adaptive mode where it learns for itself."
"The most valuable feature is that if the scanning does find something, it quarantines it. Then you can decide what you are going to do with it."
"This solution integrates easily and very well with other technologies."
"It enables us to detect malicious threats, issues, or vulnerabilities in our network."
"It is easy to use."
"The most valuable features of McAfee ESM are intrusion detection, malware protection, and the device controller."
"The most valuable feature in ESM is its search and reporting feature. It's really nice."
"The most valuable feature for us is that it comes with many correlations, reports, and dashboards already available. It's also very easy to use."
"They need to work with other security vendors. For example, we replaced our email gateway with Symantec, but we couldn't collect these logs with Azure Sentinel. Instead of collecting these logs with Azure Sentinel, we are collecting them on Qradar. We couldn't do it with Sentinel, which is a problem for us."
"Sentinel's reporting is complex and can be more user-friendly."
"Everyone has their favorites. There is always room for improvement, and everybody will say, "I wish you could do this for me or that for me." It is a personal thing based on how you use the tool. I do not necessarily have those thoughts, and they are probably not really valuable because they are unique to the context of the user, but broadly, where it can continue to improve is by adding more connectors to more systems."
"They could use some kind of workbook. There is some limitation doing the editing and creating the workbook."
"We have been working with multiple customers, and every time we onboard a customer, we are missing an essential feature that surprisingly doesn't exist in Sentinel. We searched the forums and knowledge bases but couldn't find a solution. When you onboard new customers, you need to enable the data connectors. That part is easy, but you must create rules from scratch for every associated connector. You click "next," "next," "next," and it requires five clicks for each analytical rule. Imagine we have a customer with 150 rules."
"There is some relatively advanced knowledge that you have to have to properly leverage Sentinel's full capabilities. I'm thinking about things like the creation of workbooks, how you do threat-hunting, and the kinds of notifications you're getting... It takes time for people to ramp up on that and develop a familiarity or expertise with it."
"The following would be a challenge for any product in the market, but we have some in-house apps in our environment... our apps were built with different parameters and the APIs for them are not present in Sentinel. We are working with Microsoft to build those custom APIs that we require. That is currently in progress."
"They can work on the EDR side of things... Every time we need to onboard these kinds of machines into the EDR, we need to do it with the help of Intune, to sync up the devices, and do the configuration. I'm looking for something on the EDR side that will reduce this kind of work."
"The user access control could be much more granular, so that the admins can control r/w/x access for specific features of the product like dashboards, etc."
"I love the solution, but I would like to see more accessibility to the machine-learning capabilities that are sprinkled around Splunk."
"The tool itself is very difficult to configure. It's great for its number of inputs, for the different types of systems devices, and things that it could collect information from. To actually make good use of it, you need a fairly dedicated team of people that have some reasonably good programming or modeling skills to be able to do the things that you need to do with it. Whereas a lot of the other tools are better packaged for that, and so require a lot less training and a lot less dedication."
"The glass table feature does not perform as expected."
"The product was difficult to back up the first time."
"Its search or filtering capability is nice, but it can be improved. It is currently a bit complicated, and it should be simplified. If we can write the search filter in a more simplified way, it would be better."
"There are limitations with Splunk not detecting all user activity, especially on mainframes and network devices."
"DMC should be a little more intuitive with better dashboarding. Seeing the cause of data flow can be tough to track down."
"The only drawback is that they don't have any packet capturing or network behavior analysis."
"I have to purchase a new box now. Its existing box is not scalable and I can't use it anymore."
"I would like to see improvements to the user interface."
"The initial setup is difficult and could improve."
"There should be support for multitenancy in the product."
"The user interface could be more user-friendly."
"We acquired the IBM product because McAfee is slightly confusing to use, and it's broader."
"We cannot add new data sources to the most recent version."
Splunk Enterprise Security is ranked 2nd in Security Information and Event Management (SIEM) with 228 reviews while Trellix ESM is ranked 18th in Security Information and Event Management (SIEM) with 34 reviews. Splunk Enterprise Security is rated 8.4, while Trellix ESM is rated 7.4. The top reviewer of Splunk Enterprise Security writes "It has a drag-and-drop interface, so you don't need to know SQL or Java to construct a query ". On the other hand, the top reviewer of Trellix ESM writes "Provides visibility of all the traffic within the company infrastructure". Splunk Enterprise Security is most compared with Wazuh, Dynatrace, IBM Security QRadar, Elastic Security and Azure Monitor, whereas Trellix ESM is most compared with ArcSight Enterprise Security Manager (ESM), IBM Security QRadar, LogRhythm SIEM, Trellix Helix and Cybereason Endpoint Detection & Response. See our Splunk Enterprise Security vs. Trellix ESM report.
See our list of best Security Information and Event Management (SIEM) vendors.
We monitor all Security Information and Event Management (SIEM) reviews to prevent fraudulent reviews and keep review quality high. We do not post reviews by company employees or direct competitors. We validate each review for authenticity via cross-reference with LinkedIn, and personal follow-up with the reviewer when necessary.