We performed a comparison between Splunk Enterprise Security and Splunk On-Call based on real PeerSpot user reviews.
Find out what your peers are saying about Splunk, Microsoft, Wazuh and others in Security Information and Event Management (SIEM)."The best functionality that you can get from Azure Sentinel is the SOAR capability. So, you can estimate any type of activity, such as when an alert was triggered or an incident was found."
"The Identity Behavior tab furnishes us with the entire history linked to each IP or domain that has either accessed or attempted to access our system."
"The standout feature of Sentinel is that, because it's cloud-based and because it's from Microsoft, it integrates really well with all the other Microsoft products. It's really simple to set up and get going."
"The UI-based analytics are excellent."
"The AI and ML of Azure Sentinel are valuable. We can use machine learning models at the tenant level and within Office 365 and Microsoft stack. We don't need to depend upon any other connectors. It automatically provisions the native Microsoft products."
"The pricing of the product is excellent."
"The in-built SOAR of Sentinel is valuable. Kusto Query Language is also valuable for the ease of writing queries and ease of getting insights from the logs. Schedule-based queries within Sentinel are also valuable. I found these three features most useful for my projects."
"The machine learning and artificial intelligence on offer are great."
"The ability to manipulate data in Splunk is unparalleled. Splunk’s powerful, flexible query language can morph difficult to understand log formats into usable data."
"Splunk's advantage is its search capability. Its search is notably faster. With Splunk, I can search easily on keywords. That is great."
"Ease of correlation, creating correlation searches are easy and you can combine multiple sources with little effort"
"The most valuable features are the logs, which allow us to identify what happened and who interacted with the web repository."
"Splunk allows us to customize processing and dashboards, which helps us take care of our customers' needs."
"The most valuable features are how stable and easy to use Splunk is."
"With good domain knowledge, one can build almost anything. If you throw in Alert Manager or an integration with ServiceNow. Then, you have your own SIEM"
"Splunk's strongest suit is its user interface. We can integrate multiple solutions and adjust settings in the Splunk interface."
"The alert calling feature is the best because notifications are delivered via phone messages."
"Transmogrifier and automatic solution report gives me a report with the solution and the way to solve issues when an error occurred."
"The most valuable feature of the solution is helpdesk escalation."
"The flexible schedule is the most valuable feature. It was very easy to set out a rotation."
"VictorOps has been good enough for us and it's effective for our needs in case of an on-call escalation process."
"I can't think of anything other than just getting the name out there. I think a lot of customers don't fully understand the full capabilities of Azure Sentinel yet. It is kind of like when they're first starting to use Azure, it might not be something they first think about. So, they should just kind of get to the point where it is more widely used."
"They can work on the EDR side of things... Every time we need to onboard these kinds of machines into the EDR, we need to do it with the help of Intune, to sync up the devices, and do the configuration. I'm looking for something on the EDR side that will reduce this kind of work."
"One key area that can be improved is by building a strong integration with our XDR platform."
"There is room for improvement in entity behavior and the integration site."
"If Sentinel had a graphical user interface, it would be easier to use. I would also like it to be more customizable."
"When we pass KPIs to the governance department, there's no option to provide rights to the data or dashboard to colleagues. We can use Power BI for this, but it isn't easy or convenient. They should just come up with a way to provide limited role-based access to auditing personnel"
"Sometimes, it is hard for us to estimate the costs of Microsoft Sentinel."
"Currently, the watchlist feature is being utilized, and although there have been improvements, it is still not fully optimized."
"Previously, they developed custom connectors or add-ons for a lot of applications. But that number can be upgraded still. There are a lot of applications in the world that are not supported."
"Search head clustering is often temperamental in its current state and should be improved, replaced by something better, or be reverted to search head pooling."
"The use cases provided by Splunk are a good starting point, but could cover many additional topics to ensure that a smaller or less experienced shop might maximize the value of an ES deployment."
"The solution could use a different licensing model."
"Better directions on search head clusters."
"An improved user interface along with multi-tenancy support would be beneficial."
". Having a trial version or more training on Splunk would be helpful."
"The cluster environment should be improved. We have a cluster. In the Splunk cluster environment, in the case of heavy searches and heavy load, the Splunk cluster goes down, and we have to put it in the maintenance mode to get it back. We are not able to find the actual culprit for this issue. I know that cluster has RF and SF, but it has been down so many times. There should be something in Splunk to help users to find the reason and the solution for such issues."
"Should have more YouTube webinars."
"There could be improvements with communicating an incident or alert."
"The solution can be improved by including a wider list of permissions."
"At that stage, all our needs are fulfilled, but at the beginning, we had some feature requests and they were deployed during their roadmap."
"The third-party configuration tool could be easier to use."
Splunk Enterprise Security is ranked 1st in Security Information and Event Management (SIEM) with 228 reviews while Splunk On-Call is ranked 8th in IT Alerting and Incident Management with 10 reviews. Splunk Enterprise Security is rated 8.4, while Splunk On-Call is rated 8.6. The top reviewer of Splunk Enterprise Security writes "It has a drag-and-drop interface, so you don't need to know SQL or Java to construct a query ". On the other hand, the top reviewer of Splunk On-Call writes "Allows us to create flexible schedules for on-call rotations". Splunk Enterprise Security is most compared with Wazuh, Dynatrace, IBM Security QRadar, Elastic Security and Datadog, whereas Splunk On-Call is most compared with PagerDuty Operations Cloud, Opsgenie, New Relic, Everbridge IT Alerting and xMatters .
We monitor all Security Information and Event Management (SIEM) reviews to prevent fraudulent reviews and keep review quality high. We do not post reviews by company employees or direct competitors. We validate each review for authenticity via cross-reference with LinkedIn, and personal follow-up with the reviewer when necessary.