We performed a comparison between AWS Security Hub and Splunk Enterprise Security based on real PeerSpot user reviews.
Find out in this report how the two Security Information and Event Management (SIEM) solutions compare in terms of features, pricing, service and support, easy of deployment, and ROI."It has a lot of great features."
"The analytics has a lot of advantages because there are 300 default use cases for rules and we can modify them per our environment. We can create other rules as well. Analytics is a useful feature."
"One of the most valuable features of Microsoft Sentinel is that it's cloud-based."
"The most valuable features in my experience are the UEBA, LDAP, the threat scheduler, and integration with third-party straight perform like the MISP."
"It is always correlating to IOCs for normal attacks, using Azure-related resources. For example, if any illegitimate IP starts unusual activity on our Azure firewall, then it automatically generates an alarm for us."
"The main benefit is the ease of integration."
"I believe one of the main advantages is Microsoft Sentinel's seamless integration with other Microsoft products."
"The most valuable feature is the alert notifications, which are categorized by severity levels: informational, low, medium, and high."
"I find all of the features to be highly valuable."
"The most valuable feature of the solution stems from the fact that it is easy to manage...It is a scalable solution."
"I like that AWS Security Hub currently has several good features, around four or five. The technical support for AWS Security Hub is also responsive."
"Currently, our organization utilizes AWS for various purposes, including SaaS (Software as a Service), PaaS (Platform as a Service), and hosting applications in the cloud. We develop our applications and use AWS services as a platform for basic functions and secondary development needs. Additionally, we rely on PaaS for accounting services. Approximately, 50% of our applications are hosted in the cloud environment, making it a significant part of our current setup."
"The solution shows us our compliance score."
"The best feature of AWS Security Hub is that you can get compliance or your cloud's current security posture."
"Very good at detection and providing real-time alerts."
"AWS Security Hub provides comprehensive alerts about potential compliance issues with CIS standards. The integration with third-party tools is another excellent feature. All our workloads are on AWS."
"I haven't had the chance to properly sink my teeth into Enterprise Security but so far I like that they added the MITRE ATT&CK features."
"The connections to the database are very good and updating the data files is simple to do. The dashboards are useful and user-friendly."
"It has a drag-and-drop interface, so you don't need to know SQL or Java to construct a query on Splunk. The resolution time is about the same, but it took longer to discover the issue with ArcSight. Our previous solution took about an hour or more, but Splunk can do it within a few minutes or an hour at most."
"The ability to manipulate data in Splunk is unparalleled. Splunk’s powerful, flexible query language can morph difficult to understand log formats into usable data."
"There are lots of free learning materials on their website."
"Splunk's visualizations make it easy for users to understand the data."
"It has the ability to correlate data, analyze and review it."
"Ease of correlation, creating correlation searches are easy and you can combine multiple sources with little effort"
"They only classify alerts into three categories: high, medium, and low. So, from the user's point of view, having another critical category would be awesome."
"Microsoft Sentinel should provide an alternative query language to KQL for users who lack KQL expertise."
"I think the number one area of improvement for Sentinel would be the cost."
"The dashboards can be improved. Creating dashboards is very easy, but the visualizations are not as good as Microsoft Power BI. People who are using Microsoft Power BI do not like Sentinel's dashboards."
"There is room for improvement in entity behavior and the integration site."
"Its documentation is not so simple. It is easy for somebody who is Microsoft certified or more closely attached to Microsoft solutions. It is not easy for those who are working on open-source platforms. There isn't a central point where everything is documented, and there is no specific training or certification."
"Documentation is the main thing that could be improved. In terms of product usage, the documentation is pretty good, but I'd like a lot more documentation on Kusto Query Language."
"If we want to use more features, we have to pay more. There are multiple solutions on the cloud itself, but the pricing model package isn't consistent, which is confusing to clients."
"From an improvement perspective, there is a need to add more compliance since, right now, AWS Security Hub only provides four to five compliances to control the tool."
"The support must be quicker."
"It is not flexible for multi-cloud environments."
"Whenever my team gets some alarms from the central team, my team needs to initiate whether it's a real or false trigger. The central team needs to keep adjusting to the parameters or at least the concerned IPs, whether it's really from the company's pool of IPs, so the trigger process can be improved. In the next release of AWS Security Hub, I'd like a better dashboard that could result in better alert visibility."
"The telemetry doesn't always go into the control center. When you have multiple instances running in AWS, you need a control tower to take feeds from Security Hub and analyze your results. Sometimes exemptions aren't passed between the control tower and Security Hub. The configuration gets mixed up or you don't get the desired results."
"The user interface, graphs, and dashboards of the solution could improve in the future. They are not very sophisticated and could use an update."
"Although AWS Security Hub does a periodic scan of your overall infrastructure, it doesn't do it in real time."
"AWS Security Hub should improve the time it takes to update. It takes a long period of time when updating. It can take 24 hours sometimes to update. Additionally, when integrating this solution with more security tools, takes time."
"The GUI can be improved. Splunk has always suffered from having a kind of goofy UI, it needs some updating."
"It would be nice if they had a wizard to construct searches, including more complex searches that include math or statistics."
"We had an instance when Splunk failed and it took us a couple of days to recover."
"Being a SIEM solution with a centralized dashboard, we would like to have more options to customize it."
"The algorithms customization of Splunk could improve. They have limited algorithms for machine learning support. If they can allow the user to add more machine learning algorithms, such as the ability to choose the algorithm that a user might want. Additionally, they should provide the required libraries for those algorithms, and then analyzes the data for use."
"The Enterprise Security app could be improved. We have had trouble with it working from the first day."
"The upgrading process could be smoother."
"Splunk has a steeper learning curve, making it feel less user-friendly."
AWS Security Hub is ranked 9th in Security Information and Event Management (SIEM) with 16 reviews while Splunk Enterprise Security is ranked 2nd in Security Information and Event Management (SIEM) with 227 reviews. AWS Security Hub is rated 7.6, while Splunk Enterprise Security is rated 8.4. The top reviewer of AWS Security Hub writes "A centralized dashboard that enables efficient monitoring and management of possible security issues". On the other hand, the top reviewer of Splunk Enterprise Security writes "It has a drag-and-drop interface, so you don't need to know SQL or Java to construct a query ". AWS Security Hub is most compared with Prisma Cloud by Palo Alto Networks, Wiz, Microsoft Defender for Cloud, Google Chronicle Suite and Oracle Security Monitoring and Analytics Cloud Service, whereas Splunk Enterprise Security is most compared with Wazuh, Dynatrace, IBM Security QRadar, Elastic Security and Azure Monitor. See our AWS Security Hub vs. Splunk Enterprise Security report.
See our list of best Security Information and Event Management (SIEM) vendors.
We monitor all Security Information and Event Management (SIEM) reviews to prevent fraudulent reviews and keep review quality high. We do not post reviews by company employees or direct competitors. We validate each review for authenticity via cross-reference with LinkedIn, and personal follow-up with the reviewer when necessary.