We performed a comparison between LogRhythm SIEM and Splunk Cloud Platform based on real PeerSpot user reviews.
Find out in this report how the two Security Information and Event Management (SIEM) solutions compare in terms of features, pricing, service and support, easy of deployment, and ROI."The automation rules and playbooks are the most useful that I've seen. A number of other places segregate the automation and playbook as separate tools, whereas Microsoft is a SIEM and SOAR tool in one."
"The UI of Sentinel is very good and easy to use, even for beginners."
"In Azure Sentinel, we have found, they do have a store in their capability. AI and intelligence features. We found that to be very helpful for us because some other things we do need to integrate again or find another vendor for the store"
"Another area where it is helping us is in creating a single dashboard for our environment. We can collect all the logs into a log analytics workset and run queries on top of it. We get all the results in the dashboard. Even a layman can understand this stuff. The way Microsoft presents it is really incredible."
"The solution offers a lot of data on events. It helps us create specific detection strategies."
"I've worked on most of the top SIEM solutions, and Sentinel has an edge in most areas. For example, it has built-in SOAR capabilities, allowing you to run playbooks automatically. Other vendors typically offer SOAR as a separate licensed solution or module, but you get it free with Sentinel. In-depth incident integration is available out of the box."
"Previously, it was a little bit difficult to find where an incident came from, including which IP address and which country. So in Sentinel, it's very easy to find where the incident came from since we can easily get the information from the dashboard, after which we take action quickly."
"Sentinel uses Azure Logic Apps for automation, which is really powerful. This allows us to easily automate responses to incidents."
"It has allowed us to dive deeper into our network and figure out what is going on by parsing logs properly and being able to reduce the time it takes to work cases down from seven days to approximately two days."
"File Integrity Monitoring is really valuable because we have it set up on our core assets. This is one of the key features that I utilize. We also use it quite a lot for event management to do reporting."
"It's reliable and the performance is good."
"As a SIEM, probably the best feature is that it can be tuned effectively. There are very few SIEMs out there that can be effectively tuned to provide you with meaningful information and not be overwhelmed."
"The most useful feature that I've found so far is the search function. I like all the different ways you're able to search through metadata and the different ways you're able to correlate or search through logs to find out what's going on."
"We integrated Azure logs with it and that makes it simpler. Rather than having to log into the portal, we can just check everything in one place. We can compare those to our Windows and host logs to see if any problems correlate between them."
"The most valuable features would be the automation, reporting, and the support."
"We use this solution to examine disparate log sources and provide a cohesive method to search for anomalous behavior."
"The solution is user friendly and has extensive uses."
"The Splunk Cloud Platform has reduced our mean time to resolve. It has easily saved 20 to 30 minutes every time someone gets locked out. We get 10 or 15 instances per day where people get locked out. It definitely saves a few hours per day."
"The most valuable feature for me is the flexibility of being able to send the log to the https endpoint."
"The most valuable feature of Splunk Cloud Platform is the alerting feature."
"It's made searching for data easier. Users like it. We're still in the migration process, but overall, it's a lot easier to use."
"The Splunk search is powerful compared to similar solutions. We get millions of data points within seconds."
"Its interconnectivity with the cloud platforms, such as Azure and AWS, was valuable."
"The most valuable feature of Splunk Cloud is the quick setup."
"The on-prem log sources still require a lot of development."
"If Sentinel had a graphical user interface, it would be easier to use. I would also like it to be more customizable."
"The KQL query does not function effectively with Windows 11 machines, and in the majority of machine-based investigations, KQL queries are essential for organizing the data during investigations."
"The AI capabilities must be improved."
"For certain vendors, some of the data that Microsoft Sentinel captures is redacted due to privacy reasons."
"Sentinel can be used in two ways. With other tools like QRadar, I don't need to run queries. Using Sentinel requires users to learn KQL to run technical queries and check things. If they don't know KQL, they can't fully utilize the solution."
"The playbook development environment is not as rich as it should be. There are multiple occasions when we face problems while creating the playbook."
"We do have in-built or out-of-the-box metrics that are shown on the dashboard, but it doesn't give the kind of metrics that we need from our environment whereby we need to check the meantime to detect and meantime to resolve an incident. I have to do it manually. I have to pull all the logs or all the alerts that are fed into Sentinel over a certain period. We do this on a monthly basis, so I go into Microsoft Sentinel and pull all the alerts or incidents we closed over a period of thirty days."
"We've had issues with scaling and local support."
"We use Windows Event Forwarding to collect the logs from our Windows clients, and the logs get aggregated as one data source on that collector. Therefore, finding logs specific to one particular Windows system requires some creativity in how we search the SIEM."
"More detail in the alerts given to avoid additional searches, as often the source or destination associated with the alert is not evidenced."
"There is room for improvement with separate running sources or better integration."
"I would like to see APIs well-documented and public facing, so we can get to them all."
"I have probably submitted half a dozen log parser requests, and I keep finding more stuff that we need to keep an eye on that doesn't have a definition in LogRhythm."
"The initial setup is not so easy because it is quite a process."
"It should be improved for automated setup and auto-configuration. There should be ease of integration and ease of setup."
"Splunk currently manages the components, which restricts our ability to access them directly."
"The administration could use improvement. We have to rely on support more often than we're used to."
"The security connection should have a seamless integration. Other than that, the way we are using it, so far, it seems quite good."
"From an enterprise standpoint, we are more limited in terms of what data we can export and how we can present it."
"Splunk should increase the frequency of new feature releases, particularly those related to real-time operational flow monitoring and analytics reporting."
"There is sometimes no documentation or updated documentation available."
"Support is the bigger issue when we have a problem. When we need their help, it takes weeks or months to actually get resolved."
"I have not come across anything that I would consider missing as such. If anything, sometimes we have dashboards that would not go into the dark mode. It is a minor issue, but it is the only thing that I wish was there. The dark mode would definitely help."
LogRhythm SIEM is ranked 6th in Security Information and Event Management (SIEM) with 166 reviews while Splunk Cloud Platform is ranked 3rd in Data Visualization with 34 reviews. LogRhythm SIEM is rated 8.4, while Splunk Cloud Platform is rated 8.0. The top reviewer of LogRhythm SIEM writes "The solution reduced our investigation time from days to hours and assists in managing our workflows". On the other hand, the top reviewer of Splunk Cloud Platform writes "Does not require backend maintenance, is easily integrated and utilized". LogRhythm SIEM is most compared with IBM Security QRadar, Splunk Enterprise Security, Wazuh, Fortinet FortiSIEM and LogRhythm Axon, whereas Splunk Cloud Platform is most compared with Wazuh, Splunk Enterprise Security, Check Point Security Management, AppInsights and Fortinet FortiAnalyzer. See our LogRhythm SIEM vs. Splunk Cloud Platform report.
We monitor all Security Information and Event Management (SIEM) reviews to prevent fraudulent reviews and keep review quality high. We do not post reviews by company employees or direct competitors. We validate each review for authenticity via cross-reference with LinkedIn, and personal follow-up with the reviewer when necessary.