We performed a comparison between Splunk Enterprise Security and WhatsUp Gold based on real PeerSpot user reviews.
Find out in this report how the two Security Information and Event Management (SIEM) solutions compare in terms of features, pricing, service and support, easy of deployment, and ROI."The connectivity and analytics are great."
"The analytic rule is the most valuable feature."
"The AI and ML of Azure Sentinel are valuable. We can use machine learning models at the tenant level and within Office 365 and Microsoft stack. We don't need to depend upon any other connectors. It automatically provisions the native Microsoft products."
"Sentinel is a SIEM and SOAR tool, so its automation is the best feature; we can reduce human interaction, freeing up our human resources."
"The most valuable features in my experience are the UEBA, LDAP, the threat scheduler, and integration with third-party straight perform like the MISP."
"The best functionality that you can get from Azure Sentinel is the SOAR capability. So, you can estimate any type of activity, such as when an alert was triggered or an incident was found."
"The solution offers a lot of data on events. It helps us create specific detection strategies."
"Microsoft Sentinel enables you to ingest data from the entire ecosystem and that connection of data helps you to monitor critical resources and to know what's happening in the environment."
"The technical support is among the best in the market."
"It's better than IBM, in my opinion, because it's an independent entity."
"My favorite example of improving of organization is saving a $60k/mo in payroll fraud and $10k/mo in wasted API credits by using simple searches and clear reports."
"It has a rapid response search environment in the event of an incident."
"The product is good, it satisfies our customers."
"Correlating data across different systems via one interface will allow you to know your environment or identify incident data in ways you never imagined."
"The initial setup is pretty straightforward."
"There are lots of free learning materials on their website."
"The documentation is very good."
"The user interface is good enough."
"We no longer have to manually search for problems because we are alerted when something in the network goes down."
"The interface in the last few years it has been a lot greater, they are much more user-friendly. I like the interface."
"It handles the basics of monitoring."
"The solution effectively monitors network devices and servers."
"The installation and configuration process are easy."
"Auto scanning is most valuable. It looks for rogue devices on your network."
"There is some relatively advanced knowledge that you have to have to properly leverage Sentinel's full capabilities. I'm thinking about things like the creation of workbooks, how you do threat-hunting, and the kinds of notifications you're getting... It takes time for people to ramp up on that and develop a familiarity or expertise with it."
"It could have a better API to be able to automate many things more extensively and get more extensive data and more expensive deployment possibilities. It can gain some points on the automation part and the integration part. The API is very limited, and I would like to see it extended a bit more."
"When it comes to ingesting Azure native log sources, some of the log sources are specific to the subscription, and it is not always very clear."
"Sentinel should be improved with more connectors. At the moment, it only covers a few vendors. If I remember correctly, only 100 products are supported natively in Sentinel, although you can connect them with syslog. But Microsoft should increase the number of native connectors to get logs into Sentinel."
"I would like to be able to monitor applications outside of the Azure Cloud."
"Sentinel's alerts and notifications are not fully optimized for mobile devices. The overall reporting and the analytics processes for the end user should also be improved. Also, the compatibility and availability of data sources and reports are not always perfect."
"Currently, the watchlist feature is being utilized, and although there have been improvements, it is still not fully optimized."
"They need to work with other security vendors. For example, we replaced our email gateway with Symantec, but we couldn't collect these logs with Azure Sentinel. Instead of collecting these logs with Azure Sentinel, we are collecting them on Qradar. We couldn't do it with Sentinel, which is a problem for us."
"The Web Application Firewall will send you too much information because it's more dedicated to security than a normal firewall."
"The biggest problem is data compression. Splunk is an outstanding product, but it is a resource hog. There should be better data compression for being able to maintain our data repositories. We end up having to buy lots of additional storage just to house our Splunk data. This is my only complaint about it."
"The UI could be better. This is applicable to Splunk in general. I know that a lot of people who get their hands on Splunk are hesitant to use it just because they find it overwhelming. There are a lot of options."
"It is important to make sure that everything is built off of the threat models and all the underlying items within Splunk."
"The UI can be difficult to understand for non-technical people."
"The user access control could be much more granular, so that the admins can control r/w/x access for specific features of the product like dashboards, etc."
"Sometimes, there is latency in the logs."
"Splunk could enhance its services by providing more comprehensive professional assistance aimed at optimizing our investment."
"The licensing model could be improved. Right now, the levels are too far apart. This causes the solution to be more expensive than it needs to be."
"The initial setup of WhatsUp Gold is a medium range of difficulty levels. However, if it is your first time it could be difficult."
"The interface needs some work."
"I might like to see a better interface in the future."
"Importing the maps and being able to customize them could be easier."
"I think there are a few bugs now. Although they give some resolution for this, we cannot share the network remotely because of our company policy."
"Regional product team support is not very good."
"We can never achieve or get a good picture of the network topology."
Splunk Enterprise Security is ranked 2nd in Security Information and Event Management (SIEM) with 228 reviews while WhatsUp Gold is ranked 36th in Application Performance Monitoring (APM) and Observability with 22 reviews. Splunk Enterprise Security is rated 8.4, while WhatsUp Gold is rated 7.8. The top reviewer of Splunk Enterprise Security writes "It has a drag-and-drop interface, so you don't need to know SQL or Java to construct a query ". On the other hand, the top reviewer of WhatsUp Gold writes "If CPU, memory, or disk space is over-utilized, it alerts us immediately via text or email if there is an issue". Splunk Enterprise Security is most compared with Wazuh, Dynatrace, IBM Security QRadar, Elastic Security and Azure Monitor, whereas WhatsUp Gold is most compared with SolarWinds NPM, Zabbix, Grafana, PRTG Network Monitor and Centreon. See our Splunk Enterprise Security vs. WhatsUp Gold report.
We monitor all Security Information and Event Management (SIEM) reviews to prevent fraudulent reviews and keep review quality high. We do not post reviews by company employees or direct competitors. We validate each review for authenticity via cross-reference with LinkedIn, and personal follow-up with the reviewer when necessary.