We performed a comparison between Splunk Cloud Platform and Sumo Logic Security based on real PeerSpot user reviews.
Find out what your peers are saying about Splunk, Microsoft, Wazuh and others in Security Information and Event Management (SIEM)."Sentinel has an intuitive, user-friendly way to visualize the data properly. It gives me a solid overview of all the logs. We get a more detailed view that I can't get from the other SIEM tools. It has some IP and URL-specific allow listing"
"The standout feature of Sentinel is that, because it's cloud-based and because it's from Microsoft, it integrates really well with all the other Microsoft products. It's really simple to set up and get going."
"It is easy to implement (turn on) - does need a skilled analyst to develop queries and playbooks."
"Microsoft Sentinel comes preloaded with templates for teaching and analytics rules."
"The connectivity and analytics are great."
"If you know how to do KQL (kusto query language) queries, which are how you query the log data inside Sentinel, the information is pretty rich. You can get down to a good level of detail regarding event information or notifications."
"The SOAR playbooks are Sentinel's most valuable feature. It gives you a unified toolset for detecting, investigating, and responding to incidents. That's what clearly differentiates Sentinels from its competitors. It's cloud-native, offering end-to-end coverage with more than 120 connectors. All types of data logs can be poured into the system so analysis can happen. That end-to-end visibility gives it the advantage."
"Having your logs put all in one place with machine learning working on those logs is a good feature. I don't need to start thinking, "Where are my logs?" My logs are in a centralized repository, like Log Analytics, which is why you can't use Sentinel without Log Analytics. Having all those logs in one place is an advantage."
"The most valuable feature of Splunk Cloud is the quick setup."
"The most valuable feature of Splunk Cloud Platform is the alerting feature."
"Its monitoring is completely automated."
"The most valuable feature of Splunk Cloud Platform is its flexibility and readiness because it's already prebuilt, and everything is click-to-go."
"Its interconnectivity with the cloud platforms, such as Azure and AWS, was valuable."
"It's made searching for data easier. Users like it. We're still in the migration process, but overall, it's a lot easier to use."
"Dashboards and alerting are the most valuable features. The dashboards let us see how the system looks in terms of anomalies, and the alerts trigger us to go and look at what possible problems are happening."
"The most valuable feature for me is the flexibility of being able to send the log to the https endpoint."
"The solution is quite stable."
"It provides easy visibility. I also like the shareable queries because we share a lot across groups."
"The features I found valuable with the Sumo Logic Security solution are the search option and the ability to customize the search for the information in the logs."
"It gives us a bird's eye view of what's happening from our connection's point of view."
"We can integrate threat intelligence solutions into the product."
"We are able to diagnose problems before our customers."
"Support has been excellent. Sumo Logic's support staff is really good, both their account management staff and direct support."
"The tool has key features like operability. It will alert the admins whenever a device is onboarded."
"If you're looking to use canned queries, the interface could be a little more straightforward. It's not immediately intuitive regarding how you use it. You have to take a canned query and paste it into an operational box and then you hit a button... They could improve the ease of deploying these queries."
"They can work on the EDR side of things... Every time we need to onboard these kinds of machines into the EDR, we need to do it with the help of Intune, to sync up the devices, and do the configuration. I'm looking for something on the EDR side that will reduce this kind of work."
"Its documentation is not so simple. It is easy for somebody who is Microsoft certified or more closely attached to Microsoft solutions. It is not easy for those who are working on open-source platforms. There isn't a central point where everything is documented, and there is no specific training or certification."
"I would like to be able to monitor applications outside of the Azure Cloud."
"We'd like also a better ticketing system, which is older."
"Not all information shows up in Sentinel. Sometimes there are items provided in 365 and if you looked in Sentinel you would not see them and therefore think they do not exist. There can be discrepancies between Microsoft tools."
"The solution could be more user-friendly; some query languages are required to operate it."
"Multi-tenancy, in my opinion, needs to be improved. I believe it can do better as a managed service provider."
"There could be better searches, but mainly, it needs to improve the performance with a vast amount of data. That will make it better and easier to use."
"Support is the bigger issue when we have a problem. When we need their help, it takes weeks or months to actually get resolved."
"Splunk should offer various options for real-time monitoring."
"Splunk Cloud Platform needs to be made more user-friendly because it's not user-friendly."
"They need to provide more training options."
"The dashboards should be easier to customize."
"It needs to mature; it's just getting established in the industry on a wider scale."
"The training models can only be accessed for 30 days, even if it is paid training."
"The API integration in Sumo Logic Security could improve. There are delayed connections or they stop and then automatically start. Having a seamless log collection would be beneficial."
"It took a bit of trial and error to get it set up correctly based on everything we had to do. In the end, we had to send everything over HTTP, which was sort of a stop-gap."
"I would like better UI-driven functionality to create alerts and reports. Now, we have to understand the syntax, so it is a little difficult for someone to pick it up without using the manuals. If there was more of a graphical user interface, it would be beneficial."
"The initial setup is the most stressful, like learning how to use it."
"It would be nice to have an improved ability to scroll through logs within a time frame. Right now, we can search for specific errors. However, if we want to look for "before and after" within a specific time frame, it's not easy using the tool. This would be an improvement."
"We would like to have some type of predefined setup for the logs, making the setup easier by default."
"The solution should improve its UI."
"Sumo Logic Security is expensive, and its pricing could be improved."
Splunk Cloud Platform is ranked 3rd in Data Visualization with 34 reviews while Sumo Logic Security is ranked 17th in Security Information and Event Management (SIEM) with 18 reviews. Splunk Cloud Platform is rated 8.0, while Sumo Logic Security is rated 8.6. The top reviewer of Splunk Cloud Platform writes "Does not require backend maintenance, is easily integrated and utilized". On the other hand, the top reviewer of Sumo Logic Security writes "Used to store and monitor application logs and VPC flow logs". Splunk Cloud Platform is most compared with Wazuh, Splunk Enterprise Security, AppInsights, Check Point Security Management and Fortinet FortiAnalyzer, whereas Sumo Logic Security is most compared with Wazuh, Rapid7 InsightIDR, Splunk Enterprise Security, VMware Aria Operations for Logs and IBM Security QRadar.
See our list of best Security Information and Event Management (SIEM) vendors.
We monitor all Security Information and Event Management (SIEM) reviews to prevent fraudulent reviews and keep review quality high. We do not post reviews by company employees or direct competitors. We validate each review for authenticity via cross-reference with LinkedIn, and personal follow-up with the reviewer when necessary.
