We performed a comparison between Splunk Enterprise Security and VMware Aria Operations for Applications based on real PeerSpot user reviews.
Find out in this report how the two Security Information and Event Management (SIEM) solutions compare in terms of features, pricing, service and support, easy of deployment, and ROI."The log query feature has been the most valuable because it's very good. You can put your data on the cloud and run queues from Sentinel. It will do it all very fast. I love that I don't have to upload it to an Excel file and then manually look for a piece of information. Sentinel is much faster and is good for big databases."
"The product can integrate with any device."
"The most valuable feature is the performance because unlike legacy SIEMs that were on-premises, it does not require as much maintenance."
"Sentinel has features that have helped improve our security poster. It helped us in going ahead and identifying the gaps via analysis and focusing on the key elements."
"We can use Sentinel's playbook to block threats. It covers all of the environment, giving us great visibility."
"The automation rules and playbooks are the most useful that I've seen. A number of other places segregate the automation and playbook as separate tools, whereas Microsoft is a SIEM and SOAR tool in one."
"The UI of Sentinel is very good and easy to use, even for beginners."
"The most valuable feature is the onboarding of the workloads. You can see all that has been onboarded in your account on the dashboards."
"From my experience, the visual aid that it provides is most valuable. There are charts and other means to provide information."
"We have found all the features useful. However, the dashboarding and logging have been very helpful. Additionally, the log analysis does a great job."
"The product is good, it satisfies our customers."
"The solution is very fast and succinct."
"The stock analysts and security people use one single dashboard (one single location) to check our logs."
"The ability to ingest different log types from many different products in our environment is most valuable."
"The product provides visibility and enables us to correlate data and generate alerts."
"It has a drag-and-drop interface, so you don't need to know SQL or Java to construct a query on Splunk. The resolution time is about the same, but it took longer to discover the issue with ArcSight. Our previous solution took about an hour or more, but Splunk can do it within a few minutes or an hour at most."
"The solution is great for virtualization and preparing the infrastructure in Tanzu to test products. It's very fast and has good visibility."
"For us, the ease of deployment in combination with TMZ was the most important part because we don't have to manually deploy a complex monitoring solution. We can more or less do that with the click of a button, and we are not dependent on the developers to provide us with all the necessary features and functions to make that work. We can just deploy it on a workload cluster and monitor at least a good part of the workload. If we want to go into detail, we clearly need to make changes, but for a good part of application monitoring, it gives us good insights."
"The most valuable aspects of the solution are its ease of use and its ease of implementation."
"The features I find most valuable is the querying and alerting capabilities."
"VMware comes with a support team, and if you have trouble, you can easily create a ticket, and VMware will help you. Therefore, the best aspect is the support."
"People are very pleased with the implementation."
"No issues with stability."
"Tanzu itself, integrated with multiple solutions, bestows support and security upon a container platform, especially when it comes to managing open-source container platforms such as Kubernetes."
"They can work on the EDR side of things... Every time we need to onboard these kinds of machines into the EDR, we need to do it with the help of Intune, to sync up the devices, and do the configuration. I'm looking for something on the EDR side that will reduce this kind of work."
"It could have a better API to be able to automate many things more extensively and get more extensive data and more expensive deployment possibilities. It can gain some points on the automation part and the integration part. The API is very limited, and I would like to see it extended a bit more."
"They should integrate it with many other software-as-a-service providers and make connectors available so that you don't have to do any sort of log normalization."
"They could use some kind of workbook. There is some limitation doing the editing and creating the workbook."
"The performance could be improved. If I create 15 to 20 lines for a single-use case in KQL, sometimes it takes more time to execute. If I create use cases within a certain timeline, the result will show in .01 seconds. A complex query takes more time to get results."
"They're giving us the queries so we can plug them right into Sentinel. They need to have a streamlined process for updating them in the tool and knowing when things are updated and knowing when there are new detections available from Microsoft."
"Some of the data connectors are outdated, at least the ones that utilize Linux machines for log forwarding. I believe that Microsoft is already working on improving this."
"The KQL query does not function effectively with Windows 11 machines, and in the majority of machine-based investigations, KQL queries are essential for organizing the data during investigations."
"Splunk does not provide any default threat intelligence like Microsoft Sentinel, but you can integrate any third-party threat intelligence with Splunk. By default, no threat intelligence suite is there, whereas, with IBM QRadar or Microsoft Sentinel, the default feature of threat intelligence is there. It is free. If Splunk can provide a default threat intelligence suite, it would be better."
"It does not give us permission to implement on-premise so we implement them on the cloud."
"Its pricing model and integration with third-party services can be improved. We had faced an issue with integration. The alerting feature is currently not available with Splunk, but it is definitely available with Datadog and PagerDuty. They should include this feature. A few dashboards in Splunk look quite old and are not that modern. They aren't bad, but improving these dashboards will definitely make Splunk more attractive and usable. I read in a few blog posts that there were a few security incidents related to Splunk agents. So, it can be made more secure."
"The Enterprise Security app could be improved. We have had trouble with it working from the first day."
"I would like to see more SIEM functionality and a better ticket tool."
"When we do a rollout from the server or host or anything, we'd like to see more automation. It would save us time."
"I would like to get visibility into the data pipelines on heavy forwarders and indexers to see exactly their source and the cause of saturation when it occurs. This would help us learn even more about our high use applications."
"Sometimes the communication with support happens with multiple staff. They should reduce the time to resolution."
"I would like to see integration with Kubernetes cluster and APIs so that you can manage the entire stack."
"In the new version, I would love to see more prediction capabilities. It would be great if one could see the alerts get a little more enriched with information and become more human-friendly instead of the technical stuff that they put in there. I think those would be really awesome outcomes to get."
"The main problem I have is that the license cost is very high."
"The initial setup should be easier and more seamless."
"Its billing model is consumption-based. I understand the consumption-based model, but it is not necessarily easy to estimate and guess how many points or how much we are going to consume on a specific application up until we get to that point. So, for us, it would be helpful to have more insights or predictability into what we can expect from a cost perspective if we are starting to use specific features. This can potentially also drive our consumption a bit more."
"It could use a URL document server. Everything in the market is moving towards automation and everybody's looking for the single click operations as well relational data locality."
"They could make it more easy to plug-in data so that a nontechnical person will be able to use it, like accountants or finance people. That way they don't have to ask us."
"The implementation is a long process that should be improved."
More VMware Aria Operations for Applications Pricing and Cost Advice →
Splunk Enterprise Security is ranked 2nd in Security Information and Event Management (SIEM) with 65 reviews while VMware Aria Operations for Applications is ranked 28th in Cloud Monitoring Software with 4 reviews. Splunk Enterprise Security is rated 8.4, while VMware Aria Operations for Applications is rated 7.6. The top reviewer of Splunk Enterprise Security writes "Can be used to find any threats or vulnerabilities inside a user’s environment". On the other hand, the top reviewer of VMware Aria Operations for Applications writes "Easy to deploy, worth the money, and helpful for uptime monitoring and performance insights". Splunk Enterprise Security is most compared with Wazuh, Dynatrace, IBM Security QRadar, Elastic Security and Azure Monitor, whereas VMware Aria Operations for Applications is most compared with Dynatrace, Grafana, Datadog, Zabbix and Amazon CloudWatch. See our Splunk Enterprise Security vs. VMware Aria Operations for Applications report.
We monitor all Security Information and Event Management (SIEM) reviews to prevent fraudulent reviews and keep review quality high. We do not post reviews by company employees or direct competitors. We validate each review for authenticity via cross-reference with LinkedIn, and personal follow-up with the reviewer when necessary.