We performed a comparison between ClearSkies SaaS NG SIEM and Splunk Enterprise Security based on real PeerSpot user reviews.
Find out what your peers are saying about Microsoft, Splunk, Wazuh and others in Security Information and Event Management (SIEM)."It is easy to implement (turn on) - does need a skilled analyst to develop queries and playbooks."
"The automation feature is valuable."
"The Identity Behavior tab furnishes us with the entire history linked to each IP or domain that has either accessed or attempted to access our system."
"Log aggregation and data connectors are the most valuable features."
"Having your logs put all in one place with machine learning working on those logs is a good feature. I don't need to start thinking, "Where are my logs?" My logs are in a centralized repository, like Log Analytics, which is why you can't use Sentinel without Log Analytics. Having all those logs in one place is an advantage."
"It is able to connect to an ever-growing number of platforms and systems within the Microsoft ecosystem, such as Azure Active Directory and Microsoft 365 or Office 365, as well as to external services and systems that can be brought in and managed. We can manage on-premises infrastructure. We can manage not just the things that are running in Azure in the public cloud, but through Azure Arc and the hybrid capabilities, we can monitor on-premises servers and endpoints. We can monitor VMware infrastructure, for instance, running as part of a hybrid environment."
"Investigations are something really remarkable. We can drill down right to the raw logs by running different queries and getting those on the console itself."
"The product can integrate with any device."
"The correlation rules and the user platform are most valuable."
"It is user-friendly. It is more effective than other solutions. The support and help for troubleshooting and the documentation from Splunk make it very effective."
"Aggregation searches have reduced time and difficulty of identifying trends and conditions which need to reviewed."
"Splunk provides immediate visibility into key business metrics and new business insights that deliver immediate value."
"You can check up on security from the dashboards."
"The completeness of the solution is what we like the most."
"The solution is very fast and succinct."
"It's extremely scalable. It's a very robust solution and certainly has the capability of handling far bigger data requirements than a lot of the other tools. Generally what ends up happening with me is that my clients tend, for the most part, to be mid-tier organizations where the cost of that solutions would be accompanying requirements for people just becomes way too prohibitive. Especially considering the model that they use for costing, which is based on the volume of data. Of course, they're going to put everything including the Coke machine as the ability to collect data off of it, because of course the more they can put through the tool the more money they make."
"I like Splunk's data aggregation and search capabilities."
"The troubleshooting has room for improvement."
"We are invoiced according to the amount of data generated within each log."
"There is a wider thing called Jupyter Notebooks, which is around the automation side of things. It would be good if there are playbooks that you can utilize without having to have the developer experience to do it in-house. Microsoft could provide more playbooks or more Jupyter Notebooks around MITRE ATT&CK Framework."
"If their UI was a bit more streamlined and easy to find when I need it, then that would be a great improvement."
"The built-in SOAR is not really good out-of-the-box. The SOAR relies on logic apps and you almost need to have some kind of developer background to be able to make these logic apps. Most security people cannot develop anything..."
"I can't think of anything other than just getting the name out there. I think a lot of customers don't fully understand the full capabilities of Azure Sentinel yet. It is kind of like when they're first starting to use Azure, it might not be something they first think about. So, they should just kind of get to the point where it is more widely used."
"For certain vendors, some of the data that Microsoft Sentinel captures is redacted due to privacy reasons."
"Sentinel still has some anomalies. For example, sometimes when we write a query for log analysis with KQL, it doesn't give us the data in a proper way... Also, the fields or columns could be improved. Sometimes, it is not giving the desired results and there is a blank field."
"They can add behavior analytics and AI or machine learning technology. They also improve their correlation engine. In addition to collecting logs from devices, they can collect the traffic and then correlate these logs and the traffic information."
"It's difficult to set up initially, and their billing model is also a bit complicated."
"It's costly."
"I would like Splunk to add more integration. QRadar has many indications with more products than Splunk."
"Their technical support sucks."
"The support that is included with the standard licensing fee is very bad."
"Splunk could have more built-in use case presets that customers can build on and customize."
"Professional support is great, but too expensive."
"The training was mostly sales-focused, like how to monitor your sales. It was hard to then come back from doing the training and try to switch it to a cybersecurity focus because all the training we did was sales oriented. The basic training didn't really touch on any kind of cybersecurity use cases or anything like that. That would have been great to see in the training."
Earn 20 points
ClearSkies SaaS NG SIEM is ranked 56th in Security Information and Event Management (SIEM) while Splunk Enterprise Security is ranked 2nd in Security Information and Event Management (SIEM) with 228 reviews. ClearSkies SaaS NG SIEM is rated 8.0, while Splunk Enterprise Security is rated 8.4. The top reviewer of ClearSkies SaaS NG SIEM writes "Good correlation rules, competitive pricing, and good stability". On the other hand, the top reviewer of Splunk Enterprise Security writes "It has a drag-and-drop interface, so you don't need to know SQL or Java to construct a query ". ClearSkies SaaS NG SIEM is most compared with , whereas Splunk Enterprise Security is most compared with Wazuh, Dynatrace, IBM Security QRadar, Elastic Security and Azure Monitor.
See our list of best Security Information and Event Management (SIEM) vendors.
We monitor all Security Information and Event Management (SIEM) reviews to prevent fraudulent reviews and keep review quality high. We do not post reviews by company employees or direct competitors. We validate each review for authenticity via cross-reference with LinkedIn, and personal follow-up with the reviewer when necessary.