We performed a comparison between ConnectWise SIEM and Splunk Enterprise Security based on real PeerSpot user reviews.
Find out what your peers are saying about Splunk, Microsoft, Wazuh and others in Security Information and Event Management (SIEM)."The best feature is that onboarding to the SIM solution is quite easy. If you are using cloud-based solutions, it's just a few clicks to migrate it."
"It's easy to use. It's a very good product. It can easily ingest data from anywhere. It has an easily understandable language to perform actions."
"Microsoft Sentinel comes preloaded with templates for teaching and analytics rules."
"Having your logs put all in one place with machine learning working on those logs is a good feature. I don't need to start thinking, "Where are my logs?" My logs are in a centralized repository, like Log Analytics, which is why you can't use Sentinel without Log Analytics. Having all those logs in one place is an advantage."
"Free ingestion for Azure logs (with E5 licence)"
"One of the most valuable features is that it creates a kind of a single pane of glass for organizations that already use Microsoft software. So, when they have things like Microsoft 365, it is very easy for them to kind of plug in or enroll those endpoints into the Azure Sentinel service."
"The UI-based analytics are excellent."
"One of the most valuable features of Microsoft Sentinel is that it's cloud-based."
"We have found the solution has great functionality and it is easy to use."
"One valuable feature of ConnectWise Fortify is the ability to add other teams and receive notifications when customers make changes or remove multi-factor authentication in Microsoft or SAP environments."
"Splunk has facilitated the correlation of information security logs to look for incidents which could cause damage to the company's infrastructure, as well as financial losses from leaks."
"Splunk's advantage is its search capability. Its search is notably faster. With Splunk, I can search easily on keywords. That is great."
"The initial setup is pretty straightforward."
"It has a big user base, so the community is useful."
"On the cloud, we are pushing through less than half a petabyte of data. So far, it has been fairly stable because it runs on all the underlying AWS infrastructures."
"Its integration is most valuable. Its UI is also pretty much easy."
"We have a one stop dashboard for health of some of our services where you can click in and it takes you to other dashboards that have custom near real-time metrics that show the application's health."
"Splunk's interface is user-friendly, and it has apps and add-ons for most applications. We can easily normalize the data to make it readable and understand the logs. We easily get all the field extractions and enrichment done by using the apps and add-ons. This helps us understand the application logs because the raw data is useless unless we extract some useful information from it. These add-ons make it so much easier."
"Sometimes, we are observing large ingestion delays. We expect logs within 5 minutes, but it takes about 10 to 15 minutes."
"We'd like also a better ticketing system, which is older."
"They could use some kind of workbook. There is some limitation doing the editing and creating the workbook."
"Sometimes, it is hard for us to estimate the costs of Microsoft Sentinel."
"There is some relatively advanced knowledge that you have to have to properly leverage Sentinel's full capabilities. I'm thinking about things like the creation of workbooks, how you do threat-hunting, and the kinds of notifications you're getting... It takes time for people to ramp up on that and develop a familiarity or expertise with it."
"Everyone has their favorites. There is always room for improvement, and everybody will say, "I wish you could do this for me or that for me." It is a personal thing based on how you use the tool. I do not necessarily have those thoughts, and they are probably not really valuable because they are unique to the context of the user, but broadly, where it can continue to improve is by adding more connectors to more systems."
"Sentinel can be used in two ways. With other tools like QRadar, I don't need to run queries. Using Sentinel requires users to learn KQL to run technical queries and check things. If they don't know KQL, they can't fully utilize the solution."
"When it comes to ingesting Azure native log sources, some of the log sources are specific to the subscription, and it is not always very clear."
"The manage portion of the solution is complicated and should be simplified by having different versions to meet the needs of different size companies."
"ConnectWise Fortify could work on covering more areas, like phishing messages, which have become more complicated to detect."
"The product is relatively expensive."
"Sometimes the communication with support happens with multiple staff. They should reduce the time to resolution."
"Splunk ES could have more pre-built integrations and rules. The detection is fairly accurate, but it depends on the rules you create. Splunk's out-of-the-box configuration isn't that useful."
"We do have to educate developers on how to not blow it up. It is a little to easy to write an expensive query and overly stress the system. This could be improved."
"Splunk is not very user-friendly. It has a complex architecture in comparison to other solutions on the market."
"The search could be improved. Now, it is a bit difficult to write search queries because they become quite long, then maintaining those long search queries is a quite challenging."
"On-premises scaling of the solution is a bit more limited than it is on the cloud."
"The pricing can be better."
ConnectWise SIEM is ranked 30th in Security Information and Event Management (SIEM) with 2 reviews while Splunk Enterprise Security is ranked 1st in Security Information and Event Management (SIEM) with 228 reviews. ConnectWise SIEM is rated 10.0, while Splunk Enterprise Security is rated 8.4. The top reviewer of ConnectWise SIEM writes "Efficiently monitoring and detecting suspicious activities". On the other hand, the top reviewer of Splunk Enterprise Security writes "It has a drag-and-drop interface, so you don't need to know SQL or Java to construct a query ". ConnectWise SIEM is most compared with SentinelOne Vigilance, Huntress, CrowdStrike Falcon Complete, Wazuh and Sophos MDR, whereas Splunk Enterprise Security is most compared with Wazuh, Dynatrace, IBM Security QRadar, Elastic Security and Datadog.
See our list of best Security Information and Event Management (SIEM) vendors.
We monitor all Security Information and Event Management (SIEM) reviews to prevent fraudulent reviews and keep review quality high. We do not post reviews by company employees or direct competitors. We validate each review for authenticity via cross-reference with LinkedIn, and personal follow-up with the reviewer when necessary.