We performed a comparison between Splunk Enterprise Security and Trellix ESM based on real PeerSpot user reviews.
Find out in this report how the two Security Information and Event Management (SIEM) solutions compare in terms of features, pricing, service and support, easy of deployment, and ROI."Microsoft Sentinel provides the capability to integrate different log sources. On top of having several data connectors in place, you can also do integration with a threat intelligence platform to enhance and enrich the data that's available. You can collect as many logs and build all the use cases."
"Sentinel is a SIEM and SOAR tool, so its automation is the best feature; we can reduce human interaction, freeing up our human resources."
"In Azure Sentinel, we have found, they do have a store in their capability. AI and intelligence features. We found that to be very helpful for us because some other things we do need to integrate again or find another vendor for the store"
"The data connectors that Microsoft Sentinel provides are easy to integrate when we work with a Microsoft agent."
"It's easy to use. It's a very good product. It can easily ingest data from anywhere. It has an easily understandable language to perform actions."
"One of the most valuable features is that it creates a kind of a single pane of glass for organizations that already use Microsoft software. So, when they have things like Microsoft 365, it is very easy for them to kind of plug in or enroll those endpoints into the Azure Sentinel service."
"The analytic rule is the most valuable feature."
"The Log analytics are useful."
"Great platform with user-friendly interface and GUI."
"To get visibility from your network devices, servers, and security devices is a great feature."
"The connections to the database are very good and updating the data files is simple to do. The dashboards are useful and user-friendly."
"The solution is very fast and succinct."
"It's the completeness of the solution that we like the most."
"The most valuable features for us include its robust log management capabilities, which allow us to efficiently handle and retain logs for extended periods as needed."
"It is a one stop shop as a full monitoring and alerting solution for operations and application analysis for most of our back-end systems."
"It is very stable. We have not had any problems."
"It is user-friendly. The notification part of McAfee ESM is very easy."
"Trellix ESM is very user-friendly."
"The most valuable feature in ESM is its search and reporting feature. It's really nice."
"The most valuable feature for us is that it comes with many correlations, reports, and dashboards already available. It's also very easy to use."
"Compared to other solutions, the user interface is good."
"It blocks the things which are not to be allowed. It has an adaptive mode where it learns for itself."
"The most valuable features of McAfee ESM are intrusion detection, malware protection, and the device controller."
"It has performed well and delivered the results that I have been looking for."
"If Azure Sentinel had the ability to ingest Azure services from different tenants into another tenant that was hosting Azure Sentinel, and not lose any metadata, that would be a huge benefit to a lot of companies."
"Sentinel can be used in two ways. With other tools like QRadar, I don't need to run queries. Using Sentinel requires users to learn KQL to run technical queries and check things. If they don't know KQL, they can't fully utilize the solution."
"There is some relatively advanced knowledge that you have to have to properly leverage Sentinel's full capabilities. I'm thinking about things like the creation of workbooks, how you do threat-hunting, and the kinds of notifications you're getting... It takes time for people to ramp up on that and develop a familiarity or expertise with it."
"Multi-tenancy, in my opinion, needs to be improved. I believe it can do better as a managed service provider."
"The solution could improve the playbooks."
"There is a wider thing called Jupyter Notebooks, which is around the automation side of things. It would be good if there are playbooks that you can utilize without having to have the developer experience to do it in-house. Microsoft could provide more playbooks or more Jupyter Notebooks around MITRE ATT&CK Framework."
"The product can be improved by reducing the cost to use AI machine learning."
"The playbook is a bit difficult and could be improved."
"The setup time is quite long."
"We'd like Splunk to reduce false positives."
"While scheduled reports can be embedded, Splunk dashboard can not be embedded directly without enabling cross origin."
"The product could be cheaper."
"Splunk should have more regional data centers in the Middle East."
"I would like to get visibility into the data pipelines on heavy forwarders and indexers to see exactly their source and the cause of saturation when it occurs. This would help us learn even more about our high use applications."
"I would like some additional AI capabilities to provide additional information about things going wrong and things going well."
"I'd say I am happy with the technical support, not elated. They provide great support, but sometimes they don't have the answers that I need."
"Update to user interface from version 9 is cosmetic in some aspects, and after a few clicks you are back on the old interface."
"We would welcome integrations with some of the new McAfee acquisitions, e.g., behavioural analytics."
"The solution needs to improve case management. The UI is confusing."
"Customized reports and alerting functionality could be included in the dashboard."
"The support from McAfee ESM could improve. They could improve the speed."
"I would like to see good analytics in future releases."
"There are always multiple bugs in the product. For example, the console page was hanging multiple times. Afterwards, they released multiple upgrades for the same, multiple patches from McAfee."
"The product's stability is an area of concern where improvements are required."
Splunk Enterprise Security is ranked 1st in Security Information and Event Management (SIEM) with 240 reviews while Trellix ESM is ranked 19th in Security Information and Event Management (SIEM) with 34 reviews. Splunk Enterprise Security is rated 8.4, while Trellix ESM is rated 7.4. The top reviewer of Splunk Enterprise Security writes "It has a drag-and-drop interface, so you don't need to know SQL or Java to construct a query ". On the other hand, the top reviewer of Trellix ESM writes "Provides visibility of all the traffic within the company infrastructure". Splunk Enterprise Security is most compared with Wazuh, Dynatrace, IBM Security QRadar, Elastic Security and Datadog, whereas Trellix ESM is most compared with ArcSight Enterprise Security Manager (ESM), IBM Security QRadar, LogRhythm SIEM, Trellix Helix and Cybereason Endpoint Detection & Response. See our Splunk Enterprise Security vs. Trellix ESM report.
See our list of best Security Information and Event Management (SIEM) vendors.
We monitor all Security Information and Event Management (SIEM) reviews to prevent fraudulent reviews and keep review quality high. We do not post reviews by company employees or direct competitors. We validate each review for authenticity via cross-reference with LinkedIn, and personal follow-up with the reviewer when necessary.