We performed a comparison between NNT Log Tracker Enterprise and Splunk Enterprise Security based on real PeerSpot user reviews.
Find out in this report how the two Log Management solutions compare in terms of features, pricing, service and support, easy of deployment, and ROI."Sentinel is a Microsoft product, so they provide very robust use cases and analytic groups, which are very beneficial for the security team. I also like the ability to integrate data sources into the software for on-premise and cloud-based solutions."
"The solution has features that helped improve the security posture of our clients. It provides the ability to correlate a large variety of log sources very cost-effectively, especially for Microsoft sources."
"The dashboard that allows me to view all the incidents is the most valuable feature."
"The best feature is that onboarding to the SIM solution is quite easy. If you are using cloud-based solutions, it's just a few clicks to migrate it."
"Sentinel pricing is good"
"Sentinel improved how we investigate incidents. We can create watchlists and update them to align with the latest threat intelligence. The information Microsoft provides enables us to understand thoroughly and improve as we go along. It allows us to provide monthly reports to our clients on their security posture."
"The scalability is great. You can put unlimited logs in, as long as you can pay for it. There are commitment tiers, up to six terabytes per day, which is nowhere close to what any one of our customers is running."
"Sentinel has features that have helped improve our security poster. It helped us in going ahead and identifying the gaps via analysis and focusing on the key elements."
"This is a very easy-to-use interface with a quick ramp-up time."
"The most valuable feature is the predefined reports for PCI compliance."
"The FIM features in the Change Tracker and the Log Tracker are the most valuable."
"File integrity monitoring is a very important function."
"The ability to view all of these different logs, then drilling down into specific times or into specific data sources, has proved to be the greatest aspect in decreasing our troubleshooting overhead time."
"I like the search feature and the indexing. It's very fast and comprehensive."
"UBA, User Behavior Analytics, is a key feature."
"Splunk Enterprise Security comes with 300 pre-deployed use cases that can be easily customized to meet the specific needs of our organization, without the need to purchase additional tools."
"Integrity with many vendors: This simplifies the implementation and integration with different devices"
"Splunk provides immediate visibility into key business metrics and new business insights that deliver immediate value."
"The solution has made us more secure."
"It scales better in the cloud than on-premise."
"The built-in SOAR is not really good out-of-the-box. The SOAR relies on logic apps and you almost need to have some kind of developer background to be able to make these logic apps. Most security people cannot develop anything..."
"I would like Sentinel to have more out-of-the-box analytics rules. There are already more than 400 rules, but they could add more industry-specific ones. For example, you could have sets of out-of-the-box rules for banking, financial sector, insurance, automotive, etc., so it's easier for people to use it out of the box. Structuring the rules according to industry might help us."
"They only classify alerts into three categories: high, medium, and low. So, from the user's point of view, having another critical category would be awesome."
"Sentinel could improve its ticketing and management. A few customers I have worked with liked to take the data created in Sentinel. You can make some basic efforts around that, but the customers wanted to push it to a third-party system so they could set up a proper ticketing management system, like ServiceNow, Jira, etc."
"We do see continuous improvement all the time, however, I haven't got a specific feature that is lacking or not well designed."
"The data connectors for third-party tools could be improved, as some aren't available in Sentinel. They need to be available in the data connector panel."
"Documentation is the main thing that could be improved. In terms of product usage, the documentation is pretty good, but I'd like a lot more documentation on Kusto Query Language."
"We have been working with multiple customers, and every time we onboard a customer, we are missing an essential feature that surprisingly doesn't exist in Sentinel. We searched the forums and knowledge bases but couldn't find a solution. When you onboard new customers, you need to enable the data connectors. That part is easy, but you must create rules from scratch for every associated connector. You click "next," "next," "next," and it requires five clicks for each analytical rule. Imagine we have a customer with 150 rules."
"Only one minor deployment issue came up and it was resolved quickly. No other areas of improvement come to mind yet."
"It is able to identify the vulnerability, however, they need an option to auto-mitigate."
"I would like to see the integration of AI technology, so rather than manually monitoring the logs, the tool will understand it and take care of it."
"The correlation suite needs to be improved."
"The documentation is in definite need of improvement."
"It's difficult to set up initially, and their billing model is also a bit complicated."
"My company could benefit from doing more Splunk training with Splunk consultants teaching us how to use it."
"It does not give us permission to implement on-premise so we implement them on the cloud."
"I would like additional features in different programming models with the support for writing queries in SQL or other languages, such as C#, Java, or some other type of query definitions."
"The difficult part is related to integration with sources of data that are used to create the logs as this depends on the infrastructure of the client."
"The price has room for improvement."
"It needs integration with a configuration management solution."
NNT Log Tracker Enterprise is ranked 45th in Log Management with 4 reviews while Splunk Enterprise Security is ranked 1st in Log Management with 228 reviews. NNT Log Tracker Enterprise is rated 8.2, while Splunk Enterprise Security is rated 8.4. The top reviewer of NNT Log Tracker Enterprise writes "Great for PCI compliance but issues with stability and large amounts of data". On the other hand, the top reviewer of Splunk Enterprise Security writes "It has a drag-and-drop interface, so you don't need to know SQL or Java to construct a query ". NNT Log Tracker Enterprise is most compared with Cybereason Endpoint Detection & Response, whereas Splunk Enterprise Security is most compared with Wazuh, Dynatrace, IBM Security QRadar, Elastic Security and Azure Monitor. See our NNT Log Tracker Enterprise vs. Splunk Enterprise Security report.
See our list of best Log Management vendors and best Security Information and Event Management (SIEM) vendors.
We monitor all Log Management reviews to prevent fraudulent reviews and keep review quality high. We do not post reviews by company employees or direct competitors. We validate each review for authenticity via cross-reference with LinkedIn, and personal follow-up with the reviewer when necessary.