We performed a comparison between AlienVault OSSIM and Splunk Enterprise Security based on real PeerSpot user reviews.
Find out in this report how the two Security Information and Event Management (SIEM) solutions compare in terms of features, pricing, service and support, easy of deployment, and ROI."You can fine-tune the SOAR and you'll be charged only when your playbooks are triggered. That is the beauty of the solution because the SOAR is the costliest component in the market today... but with Sentinel it is upside-down: the SOAR is the lowest-hanging fruit. It's the least costly and it delivers more value to the customer."
"What is most useful, is that it has a good connection to the Microsoft ecosystem, and I think that's the key part."
"One of the most valuable features is that it creates a kind of a single pane of glass for organizations that already use Microsoft software. So, when they have things like Microsoft 365, it is very easy for them to kind of plug in or enroll those endpoints into the Azure Sentinel service."
"The dashboard that allows me to view all the incidents is the most valuable feature."
"Sentinel has an intuitive, user-friendly way to visualize the data properly. It gives me a solid overview of all the logs. We get a more detailed view that I can't get from the other SIEM tools. It has some IP and URL-specific allow listing"
"The product can integrate with any device."
"The scalability is great. You can put unlimited logs in, as long as you can pay for it. There are commitment tiers, up to six terabytes per day, which is nowhere close to what any one of our customers is running."
"Sentinel is a SIEM and SOAR tool, so its automation is the best feature; we can reduce human interaction, freeing up our human resources."
"The most valuable features of this solution are the data correlation and vulnerability assessment."
"The open vault component and the checking of vulnerabilities are the most valuable features. The page management helps with this. If you know how your device is vulnerable at least you can do something about it."
"The solution has a very good open source community, and whenever we have problems, we are always able to resolve it online."
"The most valuable feature is the logging capability."
"Better than other SIEM solutions because almost everything can be integrated."
"With AlienVault you get everything in one box."
"The tool's security detection is good. It helps us with login tracking and generating reports. We aim to identify potential issues, such as brute-force attacks on user accounts or server-level anomalies. For instance, if I receive a report indicating a server is at an abnormal level, I investigate and address the issue."
"The solution is free to use."
"Splunk would be my choice for the presentation layer because it comes with inbuilt reports and a dashboard that you can customize."
"Splunk's visualizations make it easy for users to understand the data."
"The visibility is amazing with easy dashboard creation."
"You can use it to gather syslog messages from anything."
"It's the completeness of the solution that we like the most."
"It has a drag-and-drop interface, so you don't need to know SQL or Java to construct a query on Splunk. The resolution time is about the same, but it took longer to discover the issue with ArcSight. Our previous solution took about an hour or more, but Splunk can do it within a few minutes or an hour at most."
"The flexibility of the solution is quite good."
"Splunk Enterprise Security's dashboards are a key asset."
"The playbook is a bit difficult and could be improved."
"We'd like to see more connectors."
"Currently, the watchlist feature is being utilized, and although there have been improvements, it is still not fully optimized."
"Multi-tenancy, in my opinion, needs to be improved. I believe it can do better as a managed service provider."
"There is a wider thing called Jupyter Notebooks, which is around the automation side of things. It would be good if there are playbooks that you can utilize without having to have the developer experience to do it in-house. Microsoft could provide more playbooks or more Jupyter Notebooks around MITRE ATT&CK Framework."
"The built-in SOAR is not really good out-of-the-box. The SOAR relies on logic apps and you almost need to have some kind of developer background to be able to make these logic apps. Most security people cannot develop anything..."
"Documentation is the main thing that could be improved. In terms of product usage, the documentation is pretty good, but I'd like a lot more documentation on Kusto Query Language."
"Sentinel should be improved with more connectors. At the moment, it only covers a few vendors. If I remember correctly, only 100 products are supported natively in Sentinel, although you can connect them with syslog. But Microsoft should increase the number of native connectors to get logs into Sentinel."
"The solution needs more integration with cyber intelligence systems."
"There needs to be more support or some kind of training program so users can self-learn the system more effectively."
"The price of this solution is very high and it could be cheaper."
"The incidence reporting could be better."
"When comparing AlienVault OSSIM to other solutions it looks a bit outdated. Additionally, they need to improve their integration."
"It's under heavy traffic. If you have heavy traffic, the system is slow."
"The user interface needs to be friendlier across the board."
"We need more dashboards and we need more customization for dashboards."
"We do have to educate developers on how to not blow it up. It is a little to easy to write an expensive query and overly stress the system. This could be improved."
"You do need a lot of training and certification with this product."
"The solution could improve by making it more business analysis oriented. The way it is now is designed more for developers."
"The GUI could be improved to include some of the capabilities that other BI solutions have. The layout is a little restrictive where you can’t resize all the panels to exactly how you would like them without tweaking some XML code."
"The historical data extraction needs improvement. I would like the capability of taking data and having it trend longer."
"I would like to see more SIEM functionality and a better ticket tool."
"The cluster environment should be improved. We have a cluster. In the Splunk cluster environment, in the case of heavy searches and heavy load, the Splunk cluster goes down, and we have to put it in the maintenance mode to get it back. We are not able to find the actual culprit for this issue. I know that cluster has RF and SF, but it has been down so many times. There should be something in Splunk to help users to find the reason and the solution for such issues."
"Its reporting can be improved. That's the only complaint I have heard. I don't need the reporting part, but I know that other people in the organization need it."
AlienVault OSSIM is ranked 14th in Security Information and Event Management (SIEM) with 26 reviews while Splunk Enterprise Security is ranked 2nd in Security Information and Event Management (SIEM) with 228 reviews. AlienVault OSSIM is rated 7.4, while Splunk Enterprise Security is rated 8.4. The top reviewer of AlienVault OSSIM writes "An easy-to-scale open-source solution used for monitoring events on devices ". On the other hand, the top reviewer of Splunk Enterprise Security writes "It has a drag-and-drop interface, so you don't need to know SQL or Java to construct a query ". AlienVault OSSIM is most compared with Wazuh, Elastic Security, USM Anywhere, Fortinet FortiSIEM and AWS Security Hub, whereas Splunk Enterprise Security is most compared with Wazuh, Dynatrace, IBM Security QRadar, Elastic Security and Azure Monitor. See our AlienVault OSSIM vs. Splunk Enterprise Security report.
See our list of best Security Information and Event Management (SIEM) vendors.
We monitor all Security Information and Event Management (SIEM) reviews to prevent fraudulent reviews and keep review quality high. We do not post reviews by company employees or direct competitors. We validate each review for authenticity via cross-reference with LinkedIn, and personal follow-up with the reviewer when necessary.