Try our new research platform with insights from 80,000+ expert users

Rapid7 InsightIDR vs Splunk Enterprise Security comparison

 

Comparison Buyer's Guide

Executive SummaryUpdated on Apr 6, 2025

Review summaries and opinions

We asked business professionals to review the solutions they use. Here are some excerpts of what they said:
 

Categories and Ranking

Rapid7 InsightIDR
Ranking in Security Information and Event Management (SIEM)
14th
Average Rating
8.4
Reviews Sentiment
7.4
Number of Reviews
32
Ranking in other categories
User Entity Behavior Analytics (UEBA) (5th), Endpoint Detection and Response (EDR) (25th), Threat Deception Platforms (5th), Extended Detection and Response (XDR) (16th)
Splunk Enterprise Security
Ranking in Security Information and Event Management (SIEM)
1st
Average Rating
8.4
Reviews Sentiment
7.6
Number of Reviews
315
Ranking in other categories
Log Management (2nd), IT Operations Analytics (1st)
 

Mindshare comparison

As of July 2025, in the Security Information and Event Management (SIEM) category, the mindshare of Rapid7 InsightIDR is 2.6%, down from 2.6% compared to the previous year. The mindshare of Splunk Enterprise Security is 9.4%, down from 12.1% compared to the previous year. It is calculated based on PeerSpot user engagement data.
Security Information and Event Management (SIEM)
 

Q&A Highlights

Navin Rehnius - PeerSpot reviewer
Aug 10, 2021
 

Featured Reviews

Asim Naeem - PeerSpot reviewer
Providing comprehensive insight into alerts while working towards AI enhancement
I definitely recommend Rapid7 InsightIDR. It is becoming better, with improvements being continuously made to the product. Right now, I do not have any advice about Rapid7 for other users because every organization or user has different criteria or multiple use cases, so I refrain from commenting on that. I rate the overall solution seven out of ten.
ROBERT-CHRISTIAN - PeerSpot reviewer
Has many predefined correlation rules and is brilliant for investigation and log analysis
It is very complicated to write your own correlation rules without the help of Splunk support. What Splunk could do better is to create an API to the standard SIEM tools, such as Microsoft Sentinel. The idea would be to make it less painful. In ELK Stack, Kibana is the query language with which you can search log files. I believe Splunk has also a query language in which they search their log files, but once you have identified the log file that you want to use for further security correlation, you want to very quickly transport that into your SIEM tool, such as Microsoft Sentinel. That is something that Splunk could make a little bit less painful because it is a lot of effort to find that log file and forward it. An API with Microsoft Sentinel or a similar SIEM tool would be a good idea.

Quotes from Members

We asked business professionals to review the solutions they use. Here are some excerpts of what they said:
 

Pros

"The web interface is great — very useful and user-friendly."
"Features for user behavior analytics and the rules for attack review are good."
"I like that it's a cloud-based solution."
"​​User behavioral analytics allows us to pinpoint abnormal or suspicious behavior among millions of events every day."
"Enables the use of honey pots, honey users, and honey files to monitor for suspicious patterns."
"The incident case management is the most valuable feature. Even though there's always something I find I would like to add to that feature, the ability to quickly sort through all the logs, network and endpoint data, etc., and add it to an incident case as part of the investigation, is nice. Having it automatically timeline that additional data into the original incident timeline, and correlate it to other notable events and activities on the network, results in a huge improvement in our overall confidence that we've quickly traced down the right source of an issue."
"Dashboards, including the main screen, provide much-needed information at a glance, without hours of coding and sifting through logs to find it. In case of an actual security incident, I have faith that insightIDR has retained all logs in a secure manner that prevents log tampering as well."
"I rate Rapid7 nine out of 10 for affordability"
"The stability of Splunk Enterprise Security is very impressive; it is a very stable product."
"The most valuable feature is the log aggregation, being able to scan through all of the logs."
"The indexing and data collection are valuable."
"The dashboards are the most valuable feature. We like the ability to drill in and see what queries are under the dashboard, build new visualizations, edit the querying, and see the reports."
"It has a drag-and-drop interface, so you don't need to know SQL or Java to construct a query on Splunk. The resolution time is about the same, but it took longer to discover the issue with ArcSight. Our previous solution took about an hour or more, but Splunk can do it within a few minutes or an hour at most."
"The risk-based alerting is excellent."
"Splunk has improved our operations by giving us access to more information and allowing us to deploy more use cases."
"Splunk Enterprise Security quickly gives us a view of an endpoint or a user or identity. If I want to look for an identity or an asset, I just quickly go into Splunk Enterprise Security. I know where to go and get a quick analysis for a respective object."
 

Cons

"Needs a better ability to customize the check within the console."
"Rapid7 doesn't integrate well with all our security tools from various vendors, so we plan to switch. Many of our solutions work with Rapid7, but some do not. We are already searching for a replacement already."
"The dashboard is an area that could be simplified."
"The main problem lies in the processes within the client's operating systems."
"There are certain limitations with Rapid7 that I am working on."
"It would be useful to import threat intelligence in YARA format along with known incorrect email addresses.​"
"They should add more configuration and security features to it."
"Tenable Nessus is easier to deal with. It's more efficient and accurate. InsightIDR is heavier than Tenable in terms of performance and scanning. Rapid7 would be much easier to use if it had a network connector like Tenable. Tenable's connector allows continuous monitoring over the B caps."
"Improving the infrastructure behind Splunk Enterprise Security is vital—enhanced cores, CPUs, and memory should be prioritized to support better processing power. When we execute heavy, resource-intensive queries over long periods, the performance dips."
"The UI can be difficult to understand for non-technical people."
"It currently has limited default rules and customizations. If they can concentrate more on the compliance part and the security information part, it would be helpful. The platform part is good, but it requires many features from the security aspect."
"The product must improve insider threat detection."
"The user interface is not user-friendly for non-technical users."
"Licensing costs can be a barrier for those with limited budgets."
"Although the technical support is adequate, there is still room for improvement."
"The Splunk platform is not unified. We have all of these different tools and they feel a bit disjointed."
 

Pricing and Cost Advice

"​I am sure that there are cheaper products out there, but none that meet so many of our needs whilst maintaining stability and usability.​"
"​Accurately predict your licensing counts as this is a subscription based product.​"
"Licensing is by endpoint and amount of retention time (at least ours is). Default retention was one year, but we are able to push the retention further if needed. There's also a provide-your-own-S3 option for longer retention if you don't want to pay for the additional retention years in your Rapid7 agreement."
"Rapid7 InsightIDR charges us based on the endpoints we connect to."
"The pricing is good, and it is not very expensive."
"It is a reasonably priced solution."
"Rapid7 InsightIDR's pricing is reasonable but we have challenges with the Minimum Order Quantity. It is not reasonable for customers who have less than one hundred devices. If they can reduce Minimum Order Quantity, it is good. You have to pay around 5000-6000 dollars per year for the product. The pricing includes maintenance and support costs."
"It is on a yearly basis. For our own company, for about 250 users, it was 16,000 euros a year."
"Splunk is costly but it’s worth it due to the high-end features."
"I assume that the pricing is reasonable, because if it was too costly, there are other alternatives."
"Splunk Enterprise Security is a worthwhile investment given the comprehensive range of features it offers."
"Free Splunk license for PoCs on personal machines and the ability to scale the PoC to an enterprise level app."
"We have seen ROI and improvements as we have continued to use the product, but they are more reactive."
"The price of Splunk is reasonable."
"Splunk has always been on the expensive side."
"Splunk is definitely not a cheap solution. It is an expensive product."
report
Use our free recommendation engine to learn which Security Information and Event Management (SIEM) solutions are best for your needs.
859,957 professionals have used our research since 2012.
 

Comparison Review

VS
Feb 26, 2015
HP ArcSight vs. IBM QRadar vs. ​McAfee Nitro vs. Splunk vs. RSA Security vs. LogRhythm
We at Infosecnirvana.com have done several posts on SIEM. After the Dummies Guide on SIEM, we are following it up with a SIEM Product Comparison – 101 deck. So, here it is for your viewing pleasure. Let me know what you think by posting your comments below. The key products compared here are…
 

Answers from the Community

Navin Rehnius - PeerSpot reviewer
Aug 10, 2021
Aug 10, 2021
For tools I’d recommend: -SIEM- LogRhythm -SOAR- Palo Alto XSOAR Doing commercial w/o both (or at least an XDR) is asking to miss details that are critical, and ending up a statistic. Also, remember that any EDR/XDR should integrate to the SIEM/SOAR and a strong threat intel source. If you consider SOC outsourcing take your time and find one you can integrate like a virtual team member. They a...
2 out of 12 answers
KM
Jul 26, 2021
I haven't used these big-name ones like Splunk etc. but I feel they're overpriced. I think they charge an arm and a leg for each module. The ROI justification is not there. Why not try a cheaper and robust alternative like Elasticsearch?
KA
Jul 26, 2021
We are using LogRthythm SIEM complete case management and offer SIEM/SOC as service.
 

Top Industries

By visitors reading reviews
Computer Software Company
15%
Financial Services Firm
8%
Manufacturing Company
8%
Government
6%
Computer Software Company
15%
Financial Services Firm
14%
Manufacturing Company
8%
Government
7%
 

Company Size

By reviewers
Large Enterprise
Midsize Enterprise
Small Business
 

Questions from the Community

What SOC product do you recommend?
For tools I’d recommend: -SIEM- LogRhythm -SOAR- Palo Alto XSOAR Doing commercial w/o both (or at least an XDR) is asking to miss details that are critical, and ending up a statistic. Also, rememb...
What do you like most about Rapid7 InsightIDR?
During simulations or demonstrations, the tool generates alerts, providing details such as the specific application, its origin, and potential threats. For instance, it can identify if an applicati...
What is a better choice, Splunk or Azure Sentinel?
It would really depend on (1) which logs you need to ingest and (2) what are your use cases Splunk is easy for ingestion of anything, but the charge per GB/Day Indexed and it gets expensive as log ...
How does Splunk compare with Azure Monitor?
Splunk handles a high amount of data very well. We use Splunk to capture information and as an aggregator for monitoring information from different sources. Splunk is very good at alerting us if we...
What do you like most about Splunk?
There are a lot of third-party applications that can be installed.
 

Also Known As

InsightIDR
No data available
 

Overview

 

Sample Customers

Liberty Wines, Pioneer Telephone, Visier
Splunk has more than 7,000 customers spread across over 90 countries. These customers include Telenor, UniCredit, ideeli, McKenney's, Tesco, and SurveyMonkey.
Find out what your peers are saying about Rapid7 InsightIDR vs. Splunk Enterprise Security and other solutions. Updated: June 2025.
859,957 professionals have used our research since 2012.