We performed a comparison between Gurucul Next Gen SIEM and Splunk Enterprise Security based on real PeerSpot user reviews.
Find out in this report how the two Security Information and Event Management (SIEM) solutions compare in terms of features, pricing, service and support, easy of deployment, and ROI."Sentinel has features that have helped improve our security poster. It helped us in going ahead and identifying the gaps via analysis and focusing on the key elements."
"Microsoft Sentinel comes preloaded with templates for teaching and analytics rules."
"Sentinel is a Microsoft product, so they provide very robust use cases and analytic groups, which are very beneficial for the security team. I also like the ability to integrate data sources into the software for on-premise and cloud-based solutions."
"Sentinel's most important feature is the ability to centralize all the logs in one place. There's no need to search multiple systems for information."
"The log analysis is excellent; it can predict what can or will happen regarding use patterns and vulnerabilities."
"You can fine-tune the SOAR and you'll be charged only when your playbooks are triggered. That is the beauty of the solution because the SOAR is the costliest component in the market today... but with Sentinel it is upside-down: the SOAR is the lowest-hanging fruit. It's the least costly and it delivers more value to the customer."
"The scalability is great. You can put unlimited logs in, as long as you can pay for it. There are commitment tiers, up to six terabytes per day, which is nowhere close to what any one of our customers is running."
"Free ingestion for Azure logs (with E5 licence)"
"The customization of reporting rules, reporting configuration, and alerting configuration are good."
"Gurucul Next Gen SIEM stands out for its user-friendliness, making it accessible to business users."
"The initial setup is really straightforward. It's one of the easiest installations."
"The connections to the database are very good and updating the data files is simple to do. The dashboards are useful and user-friendly."
"The stock analysts and security people use one single dashboard (one single location) to check our logs."
"It provides logs in one place, so they are easy to find. It collects the logs from multiple places, then you have just one place where you see the whole flow from the front-end to the back-end."
"Splunk's interface is user-friendly, and it has apps and add-ons for most applications. We can easily normalize the data to make it readable and understand the logs. We easily get all the field extractions and enrichment done by using the apps and add-ons. This helps us understand the application logs because the raw data is useless unless we extract some useful information from it. These add-ons make it so much easier."
"Ease of correlation, creating correlation searches are easy and you can combine multiple sources with little effort"
"One key advantage of Splunk over competitors like IBM QRadar is its superior device integration capabilities."
"It allows us to digest the information, the data, the different data streams, so we can make decisions based upon information that we receive, and it is pretty robust."
"They need to work with other security vendors. For example, we replaced our email gateway with Symantec, but we couldn't collect these logs with Azure Sentinel. Instead of collecting these logs with Azure Sentinel, we are collecting them on Qradar. We couldn't do it with Sentinel, which is a problem for us."
"It has been a challenge with Azure Sentinel to onboard the Syslog server from FortiGate. Azure Sentinel can work better on that shift between the Syslog server and a firewall."
"The solution could be more user-friendly; some query languages are required to operate it."
"The interface could be more user-friendly. It''s a small improvement that they could make if they wanted to."
"The only thing is sometimes you can have a false positive."
"We do have in-built or out-of-the-box metrics that are shown on the dashboard, but it doesn't give the kind of metrics that we need from our environment whereby we need to check the meantime to detect and meantime to resolve an incident. I have to do it manually. I have to pull all the logs or all the alerts that are fed into Sentinel over a certain period. We do this on a monthly basis, so I go into Microsoft Sentinel and pull all the alerts or incidents we closed over a period of thirty days."
"They should integrate it with many other software-as-a-service providers and make connectors available so that you don't have to do any sort of log normalization."
"The troubleshooting has room for improvement."
"I would like Gurucul to identify the use cases that have already been reviewed by someone when detection occurs."
"The user interface could be made simpler."
"Sometimes, there is latency in the logs."
"I find the graphical options really limited and you don't have enough control over how to display the data that you want to see."
"Over time I will have more requirements and I can foresee the solution could improve the search algorithm to run and output the data faster."
"Spam has different plugins but by default, the logs are not organized, it shows that there are roll-ups that are out of the box. I saw many plugins that can help improve or extend Splunk's functionality but I haven't tried any of them."
"The UI can be improved. Dashboards and reports can be better in terms of graphics."
"The product must improve insider threat detection."
"The setup time is quite long."
"Being a SIEM solution with a centralized dashboard, we would like to have more options to customize it."
Gurucul Next Gen SIEM is ranked 40th in Security Information and Event Management (SIEM) with 2 reviews while Splunk Enterprise Security is ranked 1st in Security Information and Event Management (SIEM) with 228 reviews. Gurucul Next Gen SIEM is rated 7.0, while Splunk Enterprise Security is rated 8.4. The top reviewer of Gurucul Next Gen SIEM writes "Has a strong technical foundation and helps reduce our detection time, but the UI can be more user-friendly". On the other hand, the top reviewer of Splunk Enterprise Security writes "It has a drag-and-drop interface, so you don't need to know SQL or Java to construct a query ". Gurucul Next Gen SIEM is most compared with , whereas Splunk Enterprise Security is most compared with Wazuh, Dynatrace, IBM Security QRadar, Elastic Security and Datadog. See our Gurucul Next Gen SIEM vs. Splunk Enterprise Security report.
See our list of best Security Information and Event Management (SIEM) vendors.
We monitor all Security Information and Event Management (SIEM) reviews to prevent fraudulent reviews and keep review quality high. We do not post reviews by company employees or direct competitors. We validate each review for authenticity via cross-reference with LinkedIn, and personal follow-up with the reviewer when necessary.