We performed a comparison between Splunk Enterprise Security and Zenoss Cloud based on real PeerSpot user reviews.
Find out what your peers are saying about Microsoft, Splunk, Wazuh and others in Security Information and Event Management (SIEM)."The pricing of the product is excellent."
"The analytic rule is the most valuable feature."
"Sentinel uses Azure Logic Apps for automation, which is really powerful. This allows us to easily automate responses to incidents."
"The scalability is great. You can put unlimited logs in, as long as you can pay for it. There are commitment tiers, up to six terabytes per day, which is nowhere close to what any one of our customers is running."
"Native integration with Microsoft security products or other Microsoft software is also crucial. For example, we can integrate Sentinel with Office 365 with one click. Other integrations aren't as easy. Sometimes, we have to do it manually."
"The AI and ML of Azure Sentinel are valuable. We can use machine learning models at the tenant level and within Office 365 and Microsoft stack. We don't need to depend upon any other connectors. It automatically provisions the native Microsoft products."
"The best functionality that you can get from Azure Sentinel is the SOAR capability. So, you can estimate any type of activity, such as when an alert was triggered or an incident was found."
"The data connectors that Microsoft Sentinel provides are easy to integrate when we work with a Microsoft agent."
"UBA, User Behavior Analytics, is a key feature."
"This is a straightforward solution, easy to configure."
"Good for log collection and log management."
"Capability to expand the functionality through custom code for data inputs, commands, visualization, alerts, and machine learning."
"The ability to ingest any data and display it in a way that anyone can understand."
"The consolidated overview of all the events that come in through our environment and an easy-to-access interface for all our end users are valuable."
"Our clients are easily able to modify and evolve their implementations."
"Easy to deploy and simple to use."
"The custom built integration is one of the most valuable features because you can see all the especially critical items."
"Its Docker Container concept is mind blowing. It is the first monitoring tool which comes with Docker features."
"The most valuable feature is the flexible discovery mechanism."
"What I like most about Zenoss Service Dynamics is that it monitors the devices and gives close to real-time alerts. For example, in case the device is not available, Zenoss Service Dynamics generates an alert so my team can resolve the issue."
"The product offers good documentation that helps with initial training."
"It's easy to use."
"They have also accommodated many state-of-the-art technologies like Docker and ZooKeeper."
"It could have a better API to be able to automate many things more extensively and get more extensive data and more expensive deployment possibilities. It can gain some points on the automation part and the integration part. The API is very limited, and I would like to see it extended a bit more."
"Microsoft should improve Sentinel, considering that from the legacy systems, it cannot collect logs."
"The solution could be more user-friendly; some query languages are required to operate it."
"They can work on the EDR side of things... Every time we need to onboard these kinds of machines into the EDR, we need to do it with the help of Intune, to sync up the devices, and do the configuration. I'm looking for something on the EDR side that will reduce this kind of work."
"Sentinel still has some anomalies. For example, sometimes when we write a query for log analysis with KQL, it doesn't give us the data in a proper way... Also, the fields or columns could be improved. Sometimes, it is not giving the desired results and there is a blank field."
"Not all information shows up in Sentinel. Sometimes there are items provided in 365 and if you looked in Sentinel you would not see them and therefore think they do not exist. There can be discrepancies between Microsoft tools."
"The built-in SOAR is not really good out-of-the-box. The SOAR relies on logic apps and you almost need to have some kind of developer background to be able to make these logic apps. Most security people cannot develop anything..."
"In terms of features I would like to see in future releases, I'm interested in a few more use cases around automation. I do believe a lot of automation is available, and more is in progress, but that would be my area of interest."
"Licensing costs can be a barrier for those with limited budgets."
"Writing queries is a bit complicated sometimes."
"The tool itself is very difficult to configure. It's great for its number of inputs, for the different types of systems devices, and things that it could collect information from. To actually make good use of it, you need a fairly dedicated team of people that have some reasonably good programming or modeling skills to be able to do the things that you need to do with it. Whereas a lot of the other tools are better packaged for that, and so require a lot less training and a lot less dedication."
"They can incorporate the SOAR solution within the actual product so that we do not require two different products, two different installations, and two different pricing methods. In regards to UBA, I am familiar with the UBA that existed two years ago. I am not updated about it today, but two years ago, UBA required such an amount of data that from a cost perspective, it was not worth it. When you compare it to what you get out of the box with Microsoft Sentinel without additional costs, there is no match."
"It currently has limited default rules and customizations. If they can concentrate more on the compliance part and the security information part, it would be helpful. The platform part is good, but it requires many features from the security aspect."
"The price has room for improvement."
"I haven't found a way for me to create my own plugins and integrate them into Splunk, but this isn't necessarily a limitation; it could simply be a lack of knowledge on my part."
"I'd like to see more integration with more antivirus systems."
"As Zenoss Service Dynamics is more for network-centric devices and you want to monitor, for example, a server, its services, IP addresses, and interfaces, if it's a network and you're going to monitor multiple items, you'll be charged multiple times. This is what Zenoss Service Dynamics needs to improve to make sure that customers pay just one fee to monitor the entire server. What I'd like to see in Zenoss Service Dynamics in the future is a public cloud monitoring feature, particularly for the Azure public cloud. Another additional feature I'd like to see in the next release of the solution is integration with the Azure public cloud because I know that there are some services from Azure that Zenoss Service Dynamics is currently unable to monitor."
"There is room for improvement with the administrative part. They introduced Control Center to manage things in Zenoss 5. The services that Zenoss provides remained the same, but the administrative part, since they introduced Docker, etc., has become a little complex"
"The inclusion of a feature to show a graphical view of the network would be a helpful improvement."
"It would be ideal if the product offered sound alerts."
"There was a problem with Zenoss and storage monitoring."
"Now it is stable, but they should design threshold parameters in percentage instead of raw values."
"The AI aspect needs to improve."
Splunk Enterprise Security is ranked 2nd in Security Information and Event Management (SIEM) with 228 reviews while Zenoss Cloud is ranked 20th in Application Infrastructure with 8 reviews. Splunk Enterprise Security is rated 8.4, while Zenoss Cloud is rated 8.4. The top reviewer of Splunk Enterprise Security writes "It has a drag-and-drop interface, so you don't need to know SQL or Java to construct a query ". On the other hand, the top reviewer of Zenoss Cloud writes "Generates close to real-time alerts so users can resolve issues, but needs more integration and public cloud monitoring features". Splunk Enterprise Security is most compared with Wazuh, Dynatrace, IBM Security QRadar, Elastic Security and Azure Monitor, whereas Zenoss Cloud is most compared with Zabbix, Nagios XI, ServiceNow IT Operations Management, ScienceLogic and Amazon CloudWatch.
We monitor all Security Information and Event Management (SIEM) reviews to prevent fraudulent reviews and keep review quality high. We do not post reviews by company employees or direct competitors. We validate each review for authenticity via cross-reference with LinkedIn, and personal follow-up with the reviewer when necessary.