We performed a comparison between Google Chronicle Suite and Splunk Enterprise Security based on real PeerSpot user reviews.
Find out in this report how the two Security Information and Event Management (SIEM) solutions compare in terms of features, pricing, service and support, easy of deployment, and ROI."The product can integrate with any device."
"It has a lot of great features."
"The automation rules and playbooks are the most useful that I've seen. A number of other places segregate the automation and playbook as separate tools, whereas Microsoft is a SIEM and SOAR tool in one."
"The solution offers a lot of data on events. It helps us create specific detection strategies."
"The part that was very unexpected was Sentinel's ability to integrate with Azure Lighthouse, which, as a managed services solution provider, gives us the ability to also manage our customers' Sentinel environments or Sentinel workspaces. It is a big plus for us. With its integration with Lighthouse, we get the ability to monitor multiple workspaces from one portal. A lot of the Microsoft Sentinel workbooks already integrate with that capability, and we save countless amounts of money by simply being able to almost immediately realize multitenant capabilities. That alone is a big plus for us."
"The initial setup is very simple and straightforward."
"Having your logs put all in one place with machine learning working on those logs is a good feature. I don't need to start thinking, "Where are my logs?" My logs are in a centralized repository, like Log Analytics, which is why you can't use Sentinel without Log Analytics. Having all those logs in one place is an advantage."
"The in-built SOAR of Sentinel is valuable. Kusto Query Language is also valuable for the ease of writing queries and ease of getting insights from the logs. Schedule-based queries within Sentinel are also valuable. I found these three features most useful for my projects."
"The product's most valuable feature is threat hunting. We can detect the threats directly from the console from the past data as well."
"The log folder is fairly simple."
"The support team is responsive."
"Google Chronicle Suite provides useful APIs."
"What sets Chronicle apart from other solutions is its emphasis on threat hunting rather than solely serving as a monitoring tool."
"The platform's most valuable features are multiple connectors and data output flexibility regarding dashboards and user experience."
"The tool's most valuable feature is the search option, allowing easy navigation."
"Google Chronicle Suite is a highly scalable solution with good search capabilities."
"The solution allows easy gathering and ingestion of the data."
"The correlation searches are most valuable just because we are able to do things like RBA."
"It has a rapid response search environment in the event of an incident."
"The dashboard and reporting are very good... It provides very good visibility in a hybrid cloud environment, and you can build custom utilization APIs using Splunk."
"You can integrate Splunk with third-party security automation solutions and set rules for automatic response."
"What I really like is that even if you have already collected the data, you can extract fields and can build searches."
"We can present to our management in real time the security of the batch management for the PCs, security regarding the network equipment. We're currently working in the Azure Cloud project, so we can send any logs from the cloud to Splunk. We can monitor them and we can present to the managers and customers. It's a very good solution for reporting. We use Splunk for reporting and monitoring of any solution in the company."
"We have a more secure, robust environment, which keeps the harmful software out of the zone required."
"We've seen delays in getting the logs from third-party solutions and sometimes Microsoft products as well. It would be helpful if Microsoft created a list of the delays. That would make things more transparent for customers."
"Microsoft Sentinel is relatively expensive, and its cost should be improved."
"The AI capabilities must be improved."
"We do have in-built or out-of-the-box metrics that are shown on the dashboard, but it doesn't give the kind of metrics that we need from our environment whereby we need to check the meantime to detect and meantime to resolve an incident. I have to do it manually. I have to pull all the logs or all the alerts that are fed into Sentinel over a certain period. We do this on a monthly basis, so I go into Microsoft Sentinel and pull all the alerts or incidents we closed over a period of thirty days."
"Add more out-of-the-box connectors with other SaaS platforms/applications."
"The solution could improve the playbooks."
"We do see continuous improvement all the time, however, I haven't got a specific feature that is lacking or not well designed."
"At the network level, there is a limitation in integrating some of the switches or routers with Microsoft Sentinel. Currently, SPAN traffic monitoring is not available in Microsoft Sentinel. I have heard that it is available in Defender for Identity, which is a different product. It would be good if LAN traffic monitoring or SPAN traffic monitoring is available in Microsoft Sentinel. It would add a lot of value. It is available in some of the competitor products in the market."
"The product's default dashboard feature has a few limitations regarding availability."
"The tool needs to improve tasking packages. Its GUI needs to be improved. The product needs to include time-based filtration. We can only see the alert detection timeline now."
"The tool is complicated for a first-time user. It should also include newer APIs."
"A few areas are difficult to understand for someone who has less experience using the product."
"The solution's graphical user interface (GUI) should be more user-friendly."
"In terms of improvement, the UI can be a bit challenging for beginners."
"The tool is a little bit difficult to use compared to Microsoft Sentinel."
"The configuration is not optimal."
"Some of the search functions can be better. There has been a lot of talk at the conference about the update of SPL before each iteration. That will be a lot of help."
"It requires a significant amount of relatively complex architecture once you push past the single server instance."
"Features related to content management must be improved."
"Many of my clients want to get better at Splunk, but they're afraid of using the tool because they feel it's too complex for them."
"You do need a lot of training and certification with this product."
"Queries are not always as easy or straightforward as they might be, so it can be difficult to figure out what you need to look for."
"Configuring a few apps is complex, not straightforward."
"It works as intended for us, and we are getting everything that we need out of it. If anything, its initial setup can be improved a bit."
Google Chronicle Suite is ranked 28th in Security Information and Event Management (SIEM) with 8 reviews while Splunk Enterprise Security is ranked 1st in Security Information and Event Management (SIEM) with 240 reviews. Google Chronicle Suite is rated 7.8, while Splunk Enterprise Security is rated 8.4. The top reviewer of Google Chronicle Suite writes "Swiftly navigates and analyzes extensive datasets without significant delays ". On the other hand, the top reviewer of Splunk Enterprise Security writes "It has a drag-and-drop interface, so you don't need to know SQL or Java to construct a query ". Google Chronicle Suite is most compared with AWS Security Hub, Sentinel, IBM Security QRadar, Elastic Security and Rapid7 InsightIDR, whereas Splunk Enterprise Security is most compared with Wazuh, Dynatrace, IBM Security QRadar, Elastic Security and Sentinel. See our Google Chronicle Suite vs. Splunk Enterprise Security report.
See our list of best Security Information and Event Management (SIEM) vendors.
We monitor all Security Information and Event Management (SIEM) reviews to prevent fraudulent reviews and keep review quality high. We do not post reviews by company employees or direct competitors. We validate each review for authenticity via cross-reference with LinkedIn, and personal follow-up with the reviewer when necessary.