We performed a comparison between NetWitness Platform and Splunk Enterprise Security based on real PeerSpot user reviews.
Find out in this report how the two Log Management solutions compare in terms of features, pricing, service and support, easy of deployment, and ROI."Sentinel pricing is good"
"We’ve got process improvement that's happened across multiple different fronts within the organization, within our IT organization based on this tool being in place."
"Mainly, this is a cloud-native product. So, there are zero concerns about managing the whole infrastructure on-premises."
"Native integration with Microsoft security products or other Microsoft software is also crucial. For example, we can integrate Sentinel with Office 365 with one click. Other integrations aren't as easy. Sometimes, we have to do it manually."
"The best feature is that onboarding to the SIM solution is quite easy. If you are using cloud-based solutions, it's just a few clicks to migrate it."
"I like the unified security console. You can close incidents using Sentinel in all other Microsoft Security portals, when it comes to incident response."
"Sentinel uses Azure Logic Apps for automation, which is really powerful. This allows us to easily automate responses to incidents."
"Azure Application Gateway makes things a lot easier. You can create dashboards, alert rules, hunting and custom queries, and functions with it."
"Alerting Module: It provides real-time event processing language on all the logs/packets stream for advanced alerting, i.e., using SQL LIKE statements."
"The software is scalable to whatever is required, and you can also put a lot of resources in the cloud."
"The most valuable features are the threat prediction and network forensics."
"The packet capture aspect of it is a valuable feature because it is quite different from a traditional SIEM solution that only carries out investigations based on captured logs."
"Incident management is its most valuable feature."
"The most valuable feature is the security that it provides."
"The most valuable features are the packet decoder, log decoder, and concentrator."
"The most valuable features are its ingestion of logs and raising of alerts based on those logs."
"We can present to our management in real time the security of the batch management for the PCs, security regarding the network equipment. We're currently working in the Azure Cloud project, so we can send any logs from the cloud to Splunk. We can monitor them and we can present to the managers and customers. It's a very good solution for reporting. We use Splunk for reporting and monitoring of any solution in the company."
"It has virtual visualization, and other products do not."
"The ability to manipulate data in Splunk is unparalleled. Splunk’s powerful, flexible query language can morph difficult to understand log formats into usable data."
"Our clients use the solution to find any threats or vulnerabilities inside their environment."
"It's better than IBM, in my opinion, because it's an independent entity."
"It allows for transparency into IT metrics for insightful business analytics."
"The most valuable features are how stable and easy to use Splunk is."
"Splunk works based on parsing log files."
"If Sentinel had a graphical user interface, it would be easier to use. I would also like it to be more customizable."
"The data connectors for third-party tools could be improved, as some aren't available in Sentinel. They need to be available in the data connector panel."
"I believe one of the challenges I encountered was the absence of live training sessions, even with the option to pay for them."
"We are invoiced according to the amount of data generated within each log."
"Its documentation is not so simple. It is easy for somebody who is Microsoft certified or more closely attached to Microsoft solutions. It is not easy for those who are working on open-source platforms. There isn't a central point where everything is documented, and there is no specific training or certification."
"When it comes to ingesting Azure native log sources, some of the log sources are specific to the subscription, and it is not always very clear."
"If Azure Sentinel had the ability to ingest Azure services from different tenants into another tenant that was hosting Azure Sentinel, and not lose any metadata, that would be a huge benefit to a lot of companies."
"Given that I am in the small business space, I wish they would make it easier to operate Sentinel without being a Sentinel expert. Examples of things that could be easier are creating alerts and automations from scratch and designing workbooks."
"The initial setup is very complex and should be simplified."
"An area for improvement would be better automation and more inbuilt use cases."
"The user interface is a little bit difficult for new users and it needs to be improved."
"The documentation is not as structured as I would like, personally, and I think that it can be improved and made much more user-friendly."
"The product's licensing models are complex to understand. This particular area needs improvement."
"I believe that integrating the solution with other products such as Oracle would be beneficial."
"The log system is a bit complex and has room for improvement."
"We have encountered issues with unresolved crashes."
"The threat detection system has room for improvement."
"The integration with all our tool sets felt like we were reinventing the wheel, which was a pain point for us."
"The support that is included with the standard licensing fee is very bad."
"Its interface could be improved."
"I would like additional features in different programming models with the support for writing queries in SQL or other languages, such as C#, Java, or some other type of query definitions."
"The GUI can be improved. Splunk has always suffered from having a kind of goofy UI, it needs some updating."
"We find that the maintenance process could be a lot better."
"The solution has a high learning curve for users. It's a little complicated when you're trying to figure out all the features and what they do."
NetWitness Platform is ranked 20th in Log Management with 36 reviews while Splunk Enterprise Security is ranked 1st in Log Management with 228 reviews. NetWitness Platform is rated 7.4, while Splunk Enterprise Security is rated 8.4. The top reviewer of NetWitness Platform writes "Can find out if there is lateral movement, but integration and workflow need improvement". On the other hand, the top reviewer of Splunk Enterprise Security writes "It has a drag-and-drop interface, so you don't need to know SQL or Java to construct a query ". NetWitness Platform is most compared with RSA enVision, IBM Security QRadar, Cisco Secure Network Analytics, Trellix Network Detection and Response and LogRhythm SIEM, whereas Splunk Enterprise Security is most compared with Wazuh, Dynatrace, IBM Security QRadar, Elastic Security and Azure Monitor. See our NetWitness Platform vs. Splunk Enterprise Security report.
See our list of best Log Management vendors and best Security Information and Event Management (SIEM) vendors.
We monitor all Log Management reviews to prevent fraudulent reviews and keep review quality high. We do not post reviews by company employees or direct competitors. We validate each review for authenticity via cross-reference with LinkedIn, and personal follow-up with the reviewer when necessary.