We performed a comparison between Splunk Enterprise Security and VMware Aria Operations for Applications based on real PeerSpot user reviews.
Find out in this report how the two Security Information and Event Management (SIEM) solutions compare in terms of features, pricing, service and support, easy of deployment, and ROI."Sentinel is a Microsoft product, so they provide very robust use cases and analytic groups, which are very beneficial for the security team. I also like the ability to integrate data sources into the software for on-premise and cloud-based solutions."
"The machine learning and artificial intelligence on offer are great."
"I've worked on most of the top SIEM solutions, and Sentinel has an edge in most areas. For example, it has built-in SOAR capabilities, allowing you to run playbooks automatically. Other vendors typically offer SOAR as a separate licensed solution or module, but you get it free with Sentinel. In-depth incident integration is available out of the box."
"The analytic rule is the most valuable feature."
"Sentinel uses Azure Logic Apps for automation, which is really powerful. This allows us to easily automate responses to incidents."
"You can fine-tune the SOAR and you'll be charged only when your playbooks are triggered. That is the beauty of the solution because the SOAR is the costliest component in the market today... but with Sentinel it is upside-down: the SOAR is the lowest-hanging fruit. It's the least costly and it delivers more value to the customer."
"Sentinel is a SIEM and SOAR tool, so its automation is the best feature; we can reduce human interaction, freeing up our human resources."
"The features that stand out are the detection engine and its integration with multiple data sources."
"You can integrate Splunk with third-party security automation solutions and set rules for automatic response."
"The additional vendors we've brought on board, particularly the elastic, have been quite beneficial."
"Great platform with user-friendly interface and GUI."
"It scales better in the cloud than on-premise."
"We were able to create a catalog of dashboards and have a holistic view at all levels. We could understand our business much better. Real-time errors, which were buried in emails before now, surfaced up on dashboards."
"We are using Microsoft 365 and we're using the Exchange Mail Service. It's good for monitoring that in particular."
"The SIEM is the most valuable feature of the product."
"Compared to IBM QRadar, Splunk Enterprise Security offers faster alert resolution."
"The features I find most valuable is the querying and alerting capabilities."
"The solution is great for virtualization and preparing the infrastructure in Tanzu to test products. It's very fast and has good visibility."
"Tanzu itself, integrated with multiple solutions, bestows support and security upon a container platform, especially when it comes to managing open-source container platforms such as Kubernetes."
"People are very pleased with the implementation."
"No issues with stability."
"This solution allows me to have true visibility for any metrics when it comes to my cloud, and private."
"VMware comes with a support team, and if you have trouble, you can easily create a ticket, and VMware will help you. Therefore, the best aspect is the support."
"For us, the ease of deployment in combination with TMZ was the most important part because we don't have to manually deploy a complex monitoring solution. We can more or less do that with the click of a button, and we are not dependent on the developers to provide us with all the necessary features and functions to make that work. We can just deploy it on a workload cluster and monitor at least a good part of the workload. If we want to go into detail, we clearly need to make changes, but for a good part of application monitoring, it gives us good insights."
"Its documentation is not so simple. It is easy for somebody who is Microsoft certified or more closely attached to Microsoft solutions. It is not easy for those who are working on open-source platforms. There isn't a central point where everything is documented, and there is no specific training or certification."
"Azure Sentinel will be directly competing with tools such as Splunk or Qradar. These are very established kinds of a product that have been around for the last seven, eight years or more."
"The product can be improved by reducing the cost to use AI machine learning."
"The data connectors for third-party tools could be improved, as some aren't available in Sentinel. They need to be available in the data connector panel."
"Not all information shows up in Sentinel. Sometimes there are items provided in 365 and if you looked in Sentinel you would not see them and therefore think they do not exist. There can be discrepancies between Microsoft tools."
"If I see an alert and I want to drill down and get more details about the alert, it's not just one click. In other SIEM tools, you just have to click the IP address of the entity and they give you the complete picture. In Sentinel, you have to write queries or use saved queries to get details."
"The solution should allow for a streamlined CI/CD procedure."
"There are certain delays. For example, if an alert has been rated on Microsoft Defender for Endpoint, it might take up to an hour for that alert to reach Sentinel. This should ideally take no more than one or two seconds."
"The support that is included with the standard licensing fee is very bad."
"The search could be improved. Now, it is a bit difficult to write search queries because they become quite long, then maintaining those long search queries is a quite challenging."
"We are waiting for Dashboard Studio to mature a little bit more. There are some things that we are using with Classic Dashboards which have not yet made it to Dashboard Studio. We are waiting for that."
"I would like additional features in different programming models with the support for writing queries in SQL or other languages, such as C#, Java, or some other type of query definitions."
"It is a good product, but the Achilles heel for a lot of organizations is the cost model for it because it gets expensive. That's because the model is based on how much data it processes a day, which can be prohibitive, especially if you have a lot of data. A lot of customers may not be ready for the sticker shock on how to fully leverage the product. I realized that the reason for that is that when it was originally designed, it was kind of like a big data modeling application. If they want to have a bigger customer base, they can come out with subsets of their product that are focused on specific things and have different pricing models. It may help with the cost."
"We'd like to have the number of devices covered under the license to be increased."
"Splunk is more expensive than other solutions."
"Some of the search functions can be better. There has been a lot of talk at the conference about the update of SPL before each iteration. That will be a lot of help."
"The main problem I have is that the license cost is very high."
"Its billing model is consumption-based. I understand the consumption-based model, but it is not necessarily easy to estimate and guess how many points or how much we are going to consume on a specific application up until we get to that point. So, for us, it would be helpful to have more insights or predictability into what we can expect from a cost perspective if we are starting to use specific features. This can potentially also drive our consumption a bit more."
"It could use a URL document server. Everything in the market is moving towards automation and everybody's looking for the single click operations as well relational data locality."
"The documentation and integration with Kubernetes could be improved."
"In the new version, I would love to see more prediction capabilities. It would be great if one could see the alerts get a little more enriched with information and become more human-friendly instead of the technical stuff that they put in there. I think those would be really awesome outcomes to get."
"The implementation is a long process that should be improved."
"The initial setup should be easier and more seamless."
"They could make it more easy to plug-in data so that a nontechnical person will be able to use it, like accountants or finance people. That way they don't have to ask us."
More VMware Aria Operations for Applications Pricing and Cost Advice →
Splunk Enterprise Security is ranked 2nd in Security Information and Event Management (SIEM) with 228 reviews while VMware Aria Operations for Applications is ranked 27th in Cloud Monitoring Software with 9 reviews. Splunk Enterprise Security is rated 8.4, while VMware Aria Operations for Applications is rated 7.6. The top reviewer of Splunk Enterprise Security writes "It has a drag-and-drop interface, so you don't need to know SQL or Java to construct a query ". On the other hand, the top reviewer of VMware Aria Operations for Applications writes "Easy to deploy, worth the money, and helpful for uptime monitoring and performance insights". Splunk Enterprise Security is most compared with Wazuh, Dynatrace, IBM Security QRadar, Elastic Security and Azure Monitor, whereas VMware Aria Operations for Applications is most compared with Grafana, Dynatrace, Datadog, Zabbix and Amazon CloudWatch. See our Splunk Enterprise Security vs. VMware Aria Operations for Applications report.
We monitor all Security Information and Event Management (SIEM) reviews to prevent fraudulent reviews and keep review quality high. We do not post reviews by company employees or direct competitors. We validate each review for authenticity via cross-reference with LinkedIn, and personal follow-up with the reviewer when necessary.