We performed a comparison between Splunk Enterprise Security and Yellowfin based on real PeerSpot user reviews.
Find out what your peers are saying about Splunk, Microsoft, Wazuh and others in Security Information and Event Management (SIEM)."Sentinel has an intuitive, user-friendly way to visualize the data properly. It gives me a solid overview of all the logs. We get a more detailed view that I can't get from the other SIEM tools. It has some IP and URL-specific allow listing"
"I've worked on most of the top SIEM solutions, and Sentinel has an edge in most areas. For example, it has built-in SOAR capabilities, allowing you to run playbooks automatically. Other vendors typically offer SOAR as a separate licensed solution or module, but you get it free with Sentinel. In-depth incident integration is available out of the box."
"The most valuable features are its threat handling and detection. It's a powerful tool because it's based on machine learning and on the behavior of malware."
"The pricing of the product is excellent."
"The AI and ML of Azure Sentinel are valuable. We can use machine learning models at the tenant level and within Office 365 and Microsoft stack. We don't need to depend upon any other connectors. It automatically provisions the native Microsoft products."
"The Log analytics are useful."
"Microsoft Sentinel provides the capability to integrate different log sources. On top of having several data connectors in place, you can also do integration with a threat intelligence platform to enhance and enrich the data that's available. You can collect as many logs and build all the use cases."
"We can use Sentinel's playbook to block threats. It covers all of the environment, giving us great visibility."
"The ability to ingest different log types from many different products in our environment is most valuable."
"The solution has proven to be quite stable."
"Splunk Enterprise Security comes with 300 pre-deployed use cases that can be easily customized to meet the specific needs of our organization, without the need to purchase additional tools."
"Being able to track impossible travel logins and things of that nature is valuable. We can track user logins from various IPs, various countries, and at various times to see if everything adds up."
"This solution helps us increase our productivity."
"The data representation options in the dashboards are excellent."
"The ability to ingest any data and display it in a way that anyone can understand."
"The product provides visibility and enables us to correlate data and generate alerts."
"It is a central source of up-to-date data and information."
"It reduces time to reproduce reports, provides easy access to organisational data, and has the ability to generate a wide range of reports and analysis."
"It is able to create information dashboards for various users' throughout."
"There is room for improvement in entity behavior and the integration site."
"They need to work with other security vendors. For example, we replaced our email gateway with Symantec, but we couldn't collect these logs with Azure Sentinel. Instead of collecting these logs with Azure Sentinel, we are collecting them on Qradar. We couldn't do it with Sentinel, which is a problem for us."
"I would like Sentinel to have more out-of-the-box analytics rules. There are already more than 400 rules, but they could add more industry-specific ones. For example, you could have sets of out-of-the-box rules for banking, financial sector, insurance, automotive, etc., so it's easier for people to use it out of the box. Structuring the rules according to industry might help us."
"Sometimes, it is hard for us to estimate the costs of Microsoft Sentinel."
"The only thing is sometimes you can have a false positive."
"It has been a challenge with Azure Sentinel to onboard the Syslog server from FortiGate. Azure Sentinel can work better on that shift between the Syslog server and a firewall."
"The playbook development environment is not as rich as it should be. There are multiple occasions when we face problems while creating the playbook."
"We do have in-built or out-of-the-box metrics that are shown on the dashboard, but it doesn't give the kind of metrics that we need from our environment whereby we need to check the meantime to detect and meantime to resolve an incident. I have to do it manually. I have to pull all the logs or all the alerts that are fed into Sentinel over a certain period. We do this on a monthly basis, so I go into Microsoft Sentinel and pull all the alerts or incidents we closed over a period of thirty days."
"The security can be improved."
"Endpoint access is the only issue I can think to mention, even though the endpoint access we have with Cisco is fine."
"The historical data extraction needs improvement. I would like the capability of taking data and having it trend longer."
"The GUI can be improved. Splunk has always suffered from having a kind of goofy UI, it needs some updating."
"I find the graphical options really limited and you don't have enough control over how to display the data that you want to see."
"Their technical support sucks."
"The only thing which can be improved is that they are too subjective on whom their Splunk4Good initiative can be applied. They market it as you only need to be a nonprofit, but there is more to it."
"I would like to see more SIEM functionality and a better ticket tool."
"It needs more presentation/charting capabilities and integration with GIS."
Earn 20 points
Splunk Enterprise Security is ranked 1st in Security Information and Event Management (SIEM) with 228 reviews while Yellowfin is ranked 36th in BI (Business Intelligence) Tools. Splunk Enterprise Security is rated 8.4, while Yellowfin is rated 8.0. The top reviewer of Splunk Enterprise Security writes "It has a drag-and-drop interface, so you don't need to know SQL or Java to construct a query ". On the other hand, the top reviewer of Yellowfin writes "Very scalable design and easy to implement. It can reside alongside more complex enterprise systems". Splunk Enterprise Security is most compared with Wazuh, Dynatrace, IBM Security QRadar, Elastic Security and Datadog, whereas Yellowfin is most compared with Microsoft Power BI, Apache Superset, 9 Spokes and Tableau.
We monitor all Security Information and Event Management (SIEM) reviews to prevent fraudulent reviews and keep review quality high. We do not post reviews by company employees or direct competitors. We validate each review for authenticity via cross-reference with LinkedIn, and personal follow-up with the reviewer when necessary.