We performed a comparison between Splunk Enterprise Security and Zenoss Cloud based on real PeerSpot user reviews.
Find out what your peers are saying about Microsoft, Splunk, Wazuh and others in Security Information and Event Management (SIEM)."The SOAR playbooks are Sentinel's most valuable feature. It gives you a unified toolset for detecting, investigating, and responding to incidents. That's what clearly differentiates Sentinels from its competitors. It's cloud-native, offering end-to-end coverage with more than 120 connectors. All types of data logs can be poured into the system so analysis can happen. That end-to-end visibility gives it the advantage."
"We have no complaints about the features or functionality."
"The features that stand out are the detection engine and its integration with multiple data sources."
"What is most useful, is that it has a good connection to the Microsoft ecosystem, and I think that's the key part."
"Having your logs put all in one place with machine learning working on those logs is a good feature. I don't need to start thinking, "Where are my logs?" My logs are in a centralized repository, like Log Analytics, which is why you can't use Sentinel without Log Analytics. Having all those logs in one place is an advantage."
"Sentinel has features that have helped improve our security poster. It helped us in going ahead and identifying the gaps via analysis and focusing on the key elements."
"Sentinel also enables you to ingest data from your entire ecosystem and not just from the Microsoft ecosystem. It can receive data from third-party vendors' products such firewalls, network devices, and antivirus solutions. It's not only a Microsoft solution, it's for everything."
"Mainly, this is a cloud-native product. So, there are zero concerns about managing the whole infrastructure on-premises."
"You can use it to gather syslog messages from anything."
"Splunk is a user-friendly solution."
"The connections to the database are very good and updating the data files is simple to do. The dashboards are useful and user-friendly."
"The alerts are very effective."
"The ability to manage large amounts of generated data and to protect all devices from unauthorized use are the most valuable features."
"Splunk can extract all kinds of data. There's no limitation on what kind of structured and unstructured data one needs to extract — it can access any kind of data, including machine-generated data."
"The most valuable feature is the incident dashboard, and the extensive use of correlation searches, which isn't available with a standard Splunk search package. This feature is important to me because it enables SOC analysts to do their job more efficiently and be able to investigate or mediate incidents at a faster pace."
"There are lots of free learning materials on their website."
"The product offers good documentation that helps with initial training."
"The custom built integration is one of the most valuable features because you can see all the especially critical items."
"Its Docker Container concept is mind blowing. It is the first monitoring tool which comes with Docker features."
"The most valuable feature is the flexible discovery mechanism."
"They have also accommodated many state-of-the-art technologies like Docker and ZooKeeper."
"What I like most about Zenoss Service Dynamics is that it monitors the devices and gives close to real-time alerts. For example, in case the device is not available, Zenoss Service Dynamics generates an alert so my team can resolve the issue."
"It's easy to use."
"If I see an alert and I want to drill down and get more details about the alert, it's not just one click. In other SIEM tools, you just have to click the IP address of the entity and they give you the complete picture. In Sentinel, you have to write queries or use saved queries to get details."
"Sentinel should be improved with more connectors. At the moment, it only covers a few vendors. If I remember correctly, only 100 products are supported natively in Sentinel, although you can connect them with syslog. But Microsoft should increase the number of native connectors to get logs into Sentinel."
"Documentation is the main thing that could be improved. In terms of product usage, the documentation is pretty good, but I'd like a lot more documentation on Kusto Query Language."
"They should just add more and more out-of-the-box connectors. It is quite a new product, and it has a lot of connectors, and even more would be good."
"The solution could improve the playbooks."
"Sentinel still has some anomalies. For example, sometimes when we write a query for log analysis with KQL, it doesn't give us the data in a proper way... Also, the fields or columns could be improved. Sometimes, it is not giving the desired results and there is a blank field."
"There is room for improvement in entity behavior and the integration site."
"Sometimes, it is hard for us to estimate the costs of Microsoft Sentinel."
"It is a hugely complicated product."
"More training on PetaData using artificial intelligence techniques to identify the events which are not normal and exceptions that would help the organization identify threats and malware on the go with results."
"There are a lot of competitive products that are doing better than what Splunk is doing on the analytics side."
"I'd like to see more integration with more antivirus systems."
"This is not really a monitoring solution."
"Most of my interaction is with the user community, which is how Splunk wants it. When I need help, that community is very hit or miss."
"Splunk Enterprise Security can be improved by including backup network detection and response and safe management to the paid platform."
"Some of the queries are difficult to run and have room for improvement."
"There was a problem with Zenoss and storage monitoring."
"There is room for improvement with the administrative part. They introduced Control Center to manage things in Zenoss 5. The services that Zenoss provides remained the same, but the administrative part, since they introduced Docker, etc., has become a little complex"
"The AI aspect needs to improve."
"As Zenoss Service Dynamics is more for network-centric devices and you want to monitor, for example, a server, its services, IP addresses, and interfaces, if it's a network and you're going to monitor multiple items, you'll be charged multiple times. This is what Zenoss Service Dynamics needs to improve to make sure that customers pay just one fee to monitor the entire server. What I'd like to see in Zenoss Service Dynamics in the future is a public cloud monitoring feature, particularly for the Azure public cloud. Another additional feature I'd like to see in the next release of the solution is integration with the Azure public cloud because I know that there are some services from Azure that Zenoss Service Dynamics is currently unable to monitor."
"Now it is stable, but they should design threshold parameters in percentage instead of raw values."
"The inclusion of a feature to show a graphical view of the network would be a helpful improvement."
"It would be ideal if the product offered sound alerts."
Splunk Enterprise Security is ranked 2nd in Security Information and Event Management (SIEM) with 228 reviews while Zenoss Cloud is ranked 20th in Application Infrastructure with 8 reviews. Splunk Enterprise Security is rated 8.4, while Zenoss Cloud is rated 8.4. The top reviewer of Splunk Enterprise Security writes "It has a drag-and-drop interface, so you don't need to know SQL or Java to construct a query ". On the other hand, the top reviewer of Zenoss Cloud writes "Generates close to real-time alerts so users can resolve issues, but needs more integration and public cloud monitoring features". Splunk Enterprise Security is most compared with Wazuh, Dynatrace, IBM Security QRadar, Elastic Security and Azure Monitor, whereas Zenoss Cloud is most compared with Zabbix, Nagios XI, ServiceNow IT Operations Management, ScienceLogic and Amazon CloudWatch.
We monitor all Security Information and Event Management (SIEM) reviews to prevent fraudulent reviews and keep review quality high. We do not post reviews by company employees or direct competitors. We validate each review for authenticity via cross-reference with LinkedIn, and personal follow-up with the reviewer when necessary.