We performed a comparison between Oracle Security Monitoring and Analytics Cloud Service and Splunk Enterprise Security based on real PeerSpot user reviews.
Find out what your peers are saying about Microsoft, Splunk, Wazuh and others in Security Information and Event Management (SIEM)."Sentinel has features that have helped improve our security poster. It helped us in going ahead and identifying the gaps via analysis and focusing on the key elements."
"It is always correlating to IOCs for normal attacks, using Azure-related resources. For example, if any illegitimate IP starts unusual activity on our Azure firewall, then it automatically generates an alarm for us."
"The part that was very unexpected was Sentinel's ability to integrate with Azure Lighthouse, which, as a managed services solution provider, gives us the ability to also manage our customers' Sentinel environments or Sentinel workspaces. It is a big plus for us. With its integration with Lighthouse, we get the ability to monitor multiple workspaces from one portal. A lot of the Microsoft Sentinel workbooks already integrate with that capability, and we save countless amounts of money by simply being able to almost immediately realize multitenant capabilities. That alone is a big plus for us."
"The most valuable feature is the alert notifications, which are categorized by severity levels: informational, low, medium, and high."
"Microsoft Sentinel provides the capability to integrate different log sources. On top of having several data connectors in place, you can also do integration with a threat intelligence platform to enhance and enrich the data that's available. You can collect as many logs and build all the use cases."
"I believe one of the main advantages is Microsoft Sentinel's seamless integration with other Microsoft products."
"The solution has features that helped improve the security posture of our clients. It provides the ability to correlate a large variety of log sources very cost-effectively, especially for Microsoft sources."
"The log query feature has been the most valuable because it's very good. You can put your data on the cloud and run queues from Sentinel. It will do it all very fast. I love that I don't have to upload it to an Excel file and then manually look for a piece of information. Sentinel is much faster and is good for big databases."
"The security level that they are maintaining with the pre-authentication keys is very good."
More Oracle Security Monitoring and Analytics Cloud Service Pros →
"The solution has proven to be quite stable."
"The product is adept at log mining."
"Splunk allows us to customize processing and dashboards, which helps us take care of our customers' needs."
"With good domain knowledge, one can build almost anything. If you throw in Alert Manager or an integration with ServiceNow. Then, you have your own SIEM"
"Great platform with user-friendly interface and GUI."
"I am satisfied with the support."
"The initial setup is simple, not very complex. Initial deployment takes around 10 to 15 minutes to set up the entire base for Splunk including all three tiers."
"Splunk's interface is user-friendly, and it has apps and add-ons for most applications. We can easily normalize the data to make it readable and understand the logs. We easily get all the field extractions and enrichment done by using the apps and add-ons. This helps us understand the application logs because the raw data is useless unless we extract some useful information from it. These add-ons make it so much easier."
"If we want to use more features, we have to pay more. There are multiple solutions on the cloud itself, but the pricing model package isn't consistent, which is confusing to clients."
"The reporting could be more structured."
"Sentinel still has some anomalies. For example, sometimes when we write a query for log analysis with KQL, it doesn't give us the data in a proper way... Also, the fields or columns could be improved. Sometimes, it is not giving the desired results and there is a blank field."
"Sentinel can be used in two ways. With other tools like QRadar, I don't need to run queries. Using Sentinel requires users to learn KQL to run technical queries and check things. If they don't know KQL, they can't fully utilize the solution."
"The AI capabilities must be improved."
"It could have a better API to be able to automate many things more extensively and get more extensive data and more expensive deployment possibilities. It can gain some points on the automation part and the integration part. The API is very limited, and I would like to see it extended a bit more."
"They should integrate it with many other software-as-a-service providers and make connectors available so that you don't have to do any sort of log normalization."
"The solution could be more user-friendly; some query languages are required to operate it."
"The solution could improve by providing better documentation for beginners to learn, such as videos or other tutorials."
More Oracle Security Monitoring and Analytics Cloud Service Cons →
"The UI could be better. This is applicable to Splunk in general. I know that a lot of people who get their hands on Splunk are hesitant to use it just because they find it overwhelming. There are a lot of options."
"We were inundated with the amount of alerts and alarms that we could get out of it. It is also a resource hog and we didn't have the resources to support it on-prem so we're taking it offline now."
"A problem that we had recently had was we licensed it based on how much data you upload to them every day. Something changed in one our applications, and it started generating three to four times as many logs and. So now, we are trying to assemble something with parts of the Splunk API to warn ourselves, then turn it off and throttle it back more. However it would be better if they had something systematically built into the product that if you're getting close to your license, then to shut things down."
"Some of the terminology can be confusing, even for seasoned vets. Renaming components at this point would be a serious undertaking. However, it might be beneficial in the long run."
"When you get into large amounts of data, Splunk can get pretty slow. This is the same on-premise or AWS, it doesn't matter. The way that they handle large data sets could be improved."
"I have concerns about the architecture as well since I can see it is not very well defined."
"Splunk has a steeper learning curve, making it feel less user-friendly."
"Its pricing model and integration with third-party services can be improved. We had faced an issue with integration. The alerting feature is currently not available with Splunk, but it is definitely available with Datadog and PagerDuty. They should include this feature. A few dashboards in Splunk look quite old and are not that modern. They aren't bad, but improving these dashboards will definitely make Splunk more attractive and usable. I read in a few blog posts that there were a few security incidents related to Splunk agents. So, it can be made more secure."
More Oracle Security Monitoring and Analytics Cloud Service Pricing and Cost Advice →
Earn 20 points
Oracle Security Monitoring and Analytics Cloud Service is ranked 43rd in Security Information and Event Management (SIEM) while Splunk Enterprise Security is ranked 2nd in Security Information and Event Management (SIEM) with 227 reviews. Oracle Security Monitoring and Analytics Cloud Service is rated 7.0, while Splunk Enterprise Security is rated 8.4. The top reviewer of Oracle Security Monitoring and Analytics Cloud Service writes " Easy to install, highly secure standards, and reliable". On the other hand, the top reviewer of Splunk Enterprise Security writes "It has a drag-and-drop interface, so you don't need to know SQL or Java to construct a query ". Oracle Security Monitoring and Analytics Cloud Service is most compared with AWS Security Hub, LogRhythm SIEM, IBM Security QRadar, Exabeam Fusion SIEM and ArcSight Enterprise Security Manager (ESM), whereas Splunk Enterprise Security is most compared with Wazuh, Dynatrace, IBM Security QRadar, Elastic Security and Azure Monitor.
See our list of best Security Information and Event Management (SIEM) vendors.
We monitor all Security Information and Event Management (SIEM) reviews to prevent fraudulent reviews and keep review quality high. We do not post reviews by company employees or direct competitors. We validate each review for authenticity via cross-reference with LinkedIn, and personal follow-up with the reviewer when necessary.