We performed a comparison between RSA enVision and Splunk Enterprise Security based on real PeerSpot user reviews.
Find out what your peers are saying about Microsoft, Splunk, Wazuh and others in Security Information and Event Management (SIEM)."It is always correlating to IOCs for normal attacks, using Azure-related resources. For example, if any illegitimate IP starts unusual activity on our Azure firewall, then it automatically generates an alarm for us."
"Having your logs put all in one place with machine learning working on those logs is a good feature. I don't need to start thinking, "Where are my logs?" My logs are in a centralized repository, like Log Analytics, which is why you can't use Sentinel without Log Analytics. Having all those logs in one place is an advantage."
"The Log analytics are useful."
"Sentinel's most important feature is the ability to centralize all the logs in one place. There's no need to search multiple systems for information."
"The automation feature is valuable."
"The log analysis is excellent; it can predict what can or will happen regarding use patterns and vulnerabilities."
"Microsoft Sentinel comes preloaded with templates for teaching and analytics rules."
"The most valuable feature is the UEBA. It's very easy for a security operations analyst. It has a one-touch analysis where you can search for a particular entity, and you can get a complete overview of that entity or user."
"The configuration part is very easy...The technical support was sincere in their responses...I rate the technical support a nine out of ten."
"The most valuable feature of this solution is the reporting."
"The most valuable feature is the management features. It's capable of managing large enterprises."
"The most valuable feature of Splunk is the management and built-in workflows."
"Splunk is stable, and this is why many customers want it."
"The most valuable feature is the custom dashboard feature."
"Compared to IBM QRadar, Splunk Enterprise Security offers faster alert resolution."
"The speed of the search engine"
"What is nice about the solution is that it makes it easy to build the queries, search for the events and then do analysis."
"We can present to our management in real time the security of the batch management for the PCs, security regarding the network equipment. We're currently working in the Azure Cloud project, so we can send any logs from the cloud to Splunk. We can monitor them and we can present to the managers and customers. It's a very good solution for reporting. We use Splunk for reporting and monitoring of any solution in the company."
"My favorite example of improving of organization is saving a $60k/mo in payroll fraud and $10k/mo in wasted API credits by using simple searches and clear reports."
"In terms of features I would like to see in future releases, I'm interested in a few more use cases around automation. I do believe a lot of automation is available, and more is in progress, but that would be my area of interest."
"I would like to be able to monitor applications outside of the Azure Cloud."
"If Azure Sentinel had the ability to ingest Azure services from different tenants into another tenant that was hosting Azure Sentinel, and not lose any metadata, that would be a huge benefit to a lot of companies."
"We're satisfied with the comprehensiveness of the security protection. That said, we do have issues sometimes where there have been global outages and we need to raise a ticket with Microsoft."
"The troubleshooting has room for improvement."
"I would like to see more AI used in processes."
"Sentinel could improve its ticketing and management. A few customers I have worked with liked to take the data created in Sentinel. You can make some basic efforts around that, but the customers wanted to push it to a third-party system so they could set up a proper ticketing management system, like ServiceNow, Jira, etc."
"The solution should allow for a streamlined CI/CD procedure."
"The integration could be easier, it should support more products."
"In general, the solution currently isn't user-friendly."
"RSA enVision log manager is out of date and is not in use anymore."
"Sometimes, there is latency in the logs."
"I would like additional features in different programming models with the support for writing queries in SQL or other languages, such as C#, Java, or some other type of query definitions."
"Custom visualizations are real hard. While the default visualizations are good, creating enhanced visualizations are complex."
"We had some connections issues with the solution at the beginning."
"There are new services which are coming up. If Splunk can catch up with the speed of Amazon, and with the integration, instead of us waiting for another year or so, that would be good."
"Technical support needs to be more responsive."
"It would be nice if Splunk reduced the cost of training. Their training sessions are way too costly."
"They should make data onboarding easier."
RSA enVision is ranked 36th in Security Information and Event Management (SIEM) with 5 reviews while Splunk Enterprise Security is ranked 2nd in Security Information and Event Management (SIEM) with 227 reviews. RSA enVision is rated 6.8, while Splunk Enterprise Security is rated 8.4. The top reviewer of RSA enVision writes "Though the solution offers good technical support, it needs to be made more user-friendly ". On the other hand, the top reviewer of Splunk Enterprise Security writes "It has a drag-and-drop interface, so you don't need to know SQL or Java to construct a query ". RSA enVision is most compared with NetWitness Platform and IBM Security QRadar, whereas Splunk Enterprise Security is most compared with Wazuh, Dynatrace, IBM Security QRadar, Elastic Security and Azure Monitor.
See our list of best Security Information and Event Management (SIEM) vendors.
We monitor all Security Information and Event Management (SIEM) reviews to prevent fraudulent reviews and keep review quality high. We do not post reviews by company employees or direct competitors. We validate each review for authenticity via cross-reference with LinkedIn, and personal follow-up with the reviewer when necessary.