We performed a comparison between Splunk Enterprise Security and vRealize Network Insight based on real PeerSpot user reviews.
Find out what your peers are saying about Microsoft, Splunk, Wazuh and others in Security Information and Event Management (SIEM)."The data connectors that Microsoft Sentinel provides are easy to integrate when we work with a Microsoft agent."
"Another area where it is helping us is in creating a single dashboard for our environment. We can collect all the logs into a log analytics workset and run queries on top of it. We get all the results in the dashboard. Even a layman can understand this stuff. The way Microsoft presents it is really incredible."
"I believe one of the main advantages is Microsoft Sentinel's seamless integration with other Microsoft products."
"There are a lot of things you can explore as a user. You can even go and actively hunt for threats. You can go on the offensive rather than on the defensive."
"Sentinel is a SIEM and SOAR tool, so its automation is the best feature; we can reduce human interaction, freeing up our human resources."
"There are some very powerful features to Sentinel, such as the integration of various connectors. We have a lot of departments that use both IaaS and SaaS services, including M365 as well as Azure services. The ability to leverage connectors into these environments allows for large-scale data injection."
"The solution offers a lot of data on events. It helps us create specific detection strategies."
"The scalability is great. You can put unlimited logs in, as long as you can pay for it. There are commitment tiers, up to six terabytes per day, which is nowhere close to what any one of our customers is running."
"The level of robustness on offer is very good."
"The SIEM is the most valuable feature of the product."
"Splunk's strongest suit is its user interface. We can integrate multiple solutions and adjust settings in the Splunk interface."
"Its usability is the best part. It is easy for our developers to use if they want to search their logs, etc."
"Capability to expand the functionality through custom code for data inputs, commands, visualization, alerts, and machine learning."
"The most valuable feature of Splunk is the management and built-in workflows."
"I have also been able to take advantage of some of the more complex statistical capabilities when analyzing logs."
"It has virtual visualization, and other products do not."
"I find it user-friendly and intuitive. With the GUI interface that we do use on a regular basis, it's easy to navigate, it's easy to see, easy to query. We get reports. It's easy to use."
"It is user-friendly. It's pretty simple to deploy and to run. It gives you pretty easy-to-understand reports, very graphically intense, so you can visualize what's going on in your network."
"It's very user-friendly in the sense that the querying is just regular language like you and I speak or write. You don't need to know any SQL-query type of language to be able to get what you want out of it."
"It's a very powerful, very manageable product."
"It gives the visibility that was either broken or there in pieces only. This solution provides a unified view of the whole system, back and forth. It has helped to reduce time to value, increase performance, more easily manage networks, and provide deep visibility."
"compare-to-competition; I would recommend the product. I don't think there is any other product like this on the market right now."
"The best feature of this application is its ability to capture everything within the same application, as well as capture all the traffic."
"The tool's ease of configuration and use and the availability of information and artifacts through professional services and the web are key factors that customers find valuable."
"I would like to be able to monitor applications outside of the Azure Cloud."
"If Sentinel had a graphical user interface, it would be easier to use. I would also like it to be more customizable."
"They're giving us the queries so we can plug them right into Sentinel. They need to have a streamlined process for updating them in the tool and knowing when things are updated and knowing when there are new detections available from Microsoft."
"The performance could be improved. If I create 15 to 20 lines for a single-use case in KQL, sometimes it takes more time to execute. If I create use cases within a certain timeline, the result will show in .01 seconds. A complex query takes more time to get results."
"Microsoft Sentinel is relatively expensive, and its cost should be improved."
"While I appreciate the UI itself and the vast amount of information available on the platform, I'm finding the overall user experience to be frustrating due to frequent disconnections and the requirement to repeatedly re-authenticate."
"The troubleshooting has room for improvement."
"Sentinel should be improved with more connectors. At the moment, it only covers a few vendors. If I remember correctly, only 100 products are supported natively in Sentinel, although you can connect them with syslog. But Microsoft should increase the number of native connectors to get logs into Sentinel."
"AngularJS/ReactJS inclusion could be made easier in GUI."
"The solution could use a different licensing model."
"There are new services which are coming up. If Splunk can catch up with the speed of Amazon, and with the integration, instead of us waiting for another year or so, that would be good."
"Not even Splunk's support guy, who came to our firm, could help with defining proper role management."
"Splunk Enterprise Security could improve in automation, flexibility, and providing more content out of the box."
"The historical data extraction needs improvement. I would like the capability of taking data and having it trend longer."
"The support that is included with the standard licensing fee is very bad."
"I love the solution, but I would like to see more accessibility to the machine-learning capabilities that are sprinkled around Splunk."
"The only reason I would not give it a nine or a 10 is for cost reasons. It seems to be one of those things that really belongs as part of the product inherently and not as an add-on. That would be my only concern."
"I would like to see more reporting features, more dashboards."
"The only issue we have is that the solution does not always capture the host names."
"While it's not exactly a feature, what normally happens when we are trying to look at the VM flow portion is - although Network Insight does have options to integrate a few physical switches into it - we can't really get an end-to-end flow of the network. We might be using a few switches that are not supported by Network Insight. That is where they can improve, in the support for more physical switches and network devices."
"The compatibility with each and every component of the infrastructure is the main thing that I am looking for. I would like them to make sure that it's compatible with different kinds of storage systems, etc. I have seen the compatibility list. I feel it can be more compatible than it is right now."
"I want to see more in terms of microsegmentation. As of now, I can see the rules, but they are not in a readable format that I can convert to microsegmentation and can fit into NSX Manager."
"vRNI needs more remediation where it hooks into NSX."
"If it were more application-aware, more descriptive; if it were able to determine the application that is actually doing the communication, that would be easier. More application information: which user or account it's accessing, is it accessing this application, doing these calls, if it is accessing a script, what script is it accessing. Things like that would provide deeper analytics so I can track what's going on. It would not just be, "These people shouldn't be talking," but who is actually doing these calls."
Splunk Enterprise Security is ranked 2nd in Security Information and Event Management (SIEM) with 227 reviews while vRealize Network Insight is ranked 24th in IT Infrastructure Monitoring with 44 reviews. Splunk Enterprise Security is rated 8.4, while vRealize Network Insight is rated 8.6. The top reviewer of Splunk Enterprise Security writes "It has a drag-and-drop interface, so you don't need to know SQL or Java to construct a query ". On the other hand, the top reviewer of vRealize Network Insight writes "Provides deep analytical insights and makes migrations efficient with dependency mapping". Splunk Enterprise Security is most compared with Wazuh, Dynatrace, IBM Security QRadar, Elastic Security and Azure Monitor, whereas vRealize Network Insight is most compared with ThousandEyes, NETSCOUT vSTREAM, VMware Aria Operations for Applications, Zabbix and Cisco Secure Network Analytics.
We monitor all Security Information and Event Management (SIEM) reviews to prevent fraudulent reviews and keep review quality high. We do not post reviews by company employees or direct competitors. We validate each review for authenticity via cross-reference with LinkedIn, and personal follow-up with the reviewer when necessary.