We performed a comparison between Splunk Enterprise Security and Splunk ITSI (IT Service Intelligence) based on real PeerSpot user reviews.
Find out in this report how the two Security Information and Event Management (SIEM) solutions compare in terms of features, pricing, service and support, easy of deployment, and ROI."The best feature is that onboarding to the SIM solution is quite easy. If you are using cloud-based solutions, it's just a few clicks to migrate it."
"Azure Application Gateway makes things a lot easier. You can create dashboards, alert rules, hunting and custom queries, and functions with it."
"Previously, it was a little bit difficult to find where an incident came from, including which IP address and which country. So in Sentinel, it's very easy to find where the incident came from since we can easily get the information from the dashboard, after which we take action quickly."
"Sentinel's most important feature is the ability to centralize all the logs in one place. There's no need to search multiple systems for information."
"It's pretty powerful and its performance is pretty good."
"Investigations are something really remarkable. We can drill down right to the raw logs by running different queries and getting those on the console itself."
"Sentinel has an intuitive, user-friendly way to visualize the data properly. It gives me a solid overview of all the logs. We get a more detailed view that I can't get from the other SIEM tools. It has some IP and URL-specific allow listing"
"The features that stand out are the detection engine and its integration with multiple data sources."
"The SIEM is the most valuable feature of the product."
"It is very stable. We have not had any problems."
"We can present to our management in real time the security of the batch management for the PCs, security regarding the network equipment. We're currently working in the Azure Cloud project, so we can send any logs from the cloud to Splunk. We can monitor them and we can present to the managers and customers. It's a very good solution for reporting. We use Splunk for reporting and monitoring of any solution in the company."
"I like Splunk's data aggregation and search capabilities."
"You can use it to gather syslog messages from anything."
"What I really like is that even if you have already collected the data, you can extract fields and can build searches."
"It gives us the liberty to do more in terms of use cases."
"The solution is the market leader."
"Splunk Episodes are valuable because it correlates and aggregates all the information, and you do not have one million events to look at and triage, so it is quite convenient."
"The most valuable feature is the Glass Tables. It gives you a nice, good overview of your KPIs. It's really slick and clean."
"The feature that stood out to me most from Splunk IT Service Intelligence (ITSI) was automated dashboarding or reporting. The solution lists the severity level of issues, and the response times."
"We have a lot of teams using Splunk and they would be blind without it."
"It's scalable and expands well."
"ITSI's most valuable feature is that it's easy to integrate DLP."
"Splunk ITSI helps us secure our environment by allowing us to create automatons that run when alerts are triggered."
"Alerts and episodes are valuable to me."
"The solution could improve the playbooks."
"We'd like to see more connectors."
"There is room for improvement in entity behavior and the integration site."
"If Azure Sentinel had the ability to ingest Azure services from different tenants into another tenant that was hosting Azure Sentinel, and not lose any metadata, that would be a huge benefit to a lot of companies."
"I would like to be able to monitor applications outside of the Azure Cloud."
"The solution could be more user-friendly; some query languages are required to operate it."
"The reporting could be more structured."
"The following would be a challenge for any product in the market, but we have some in-house apps in our environment... our apps were built with different parameters and the APIs for them are not present in Sentinel. We are working with Microsoft to build those custom APIs that we require. That is currently in progress."
"The CIM model is the method Splunk uses to normalize data and categorize its important parts, but it is quite complex."
"The use cases provided by Splunk are a good starting point, but could cover many additional topics to ensure that a smaller or less experienced shop might maximize the value of an ES deployment."
"The product could be cheaper."
"The user access control could be much more granular, so that the admins can control r/w/x access for specific features of the product like dashboards, etc."
"I would like to see more SIEM functionality and a better ticket tool."
"While Splunkbase (the app repository) has a lot of great content, some apps are terribly old and could stand to be updated or purged."
"Could be more user friendly."
"I find that the learning curve for Splunk is relatively lengthy."
"Splunk ITSI lacks out-of-the-box solutions for enterprise users."
"We're using predictive analytics, and there are three or four algorithms. It would be helpful if this process were more standardized and scalable."
"The cost of the license could be lower."
"Some of our customers occasionally require the development of the connectors when there are no native connectors so that we can develop in Python or for customer slash comments as well. If they could adjust that, it would be ideal."
"Microservices is the only area where Splunk ITSI can be improved. When things come from one EC2 instance to another, there's a lack of exposure to microservices, so we can't know what's happening. Apart from that, it's doing pretty well."
"It would be advantageous to enhance the dashboard by incorporating sections for monitoring, service health, and a filter for the KPIs."
"We have problems doing upgrades and operating alternate new versions."
"It could be a little easier to use with the thresholding. We've struggled a little bit with thresholding."
More Splunk ITSI (IT Service Intelligence) Pricing and Cost Advice →
Splunk Enterprise Security is ranked 2nd in Security Information and Event Management (SIEM) with 221 reviews while Splunk ITSI (IT Service Intelligence) is ranked 5th in IT Alerting and Incident Management with 27 reviews. Splunk Enterprise Security is rated 8.4, while Splunk ITSI (IT Service Intelligence) is rated 8.0. The top reviewer of Splunk Enterprise Security writes "It has a drag-and-drop interface, so you don't need to know SQL or Java to construct a query ". On the other hand, the top reviewer of Splunk ITSI (IT Service Intelligence) writes "Provides a unified view of alerts and supports heat maps and glass tables for visualization and monitoring". Splunk Enterprise Security is most compared with Wazuh, Dynatrace, IBM Security QRadar, Elastic Security and Azure Monitor, whereas Splunk ITSI (IT Service Intelligence) is most compared with ServiceNow IT Operations Management, Grafana, Dynatrace, BMC TrueSight Operations Management and Splunk APM. See our Splunk Enterprise Security vs. Splunk ITSI (IT Service Intelligence) report.
We monitor all Security Information and Event Management (SIEM) reviews to prevent fraudulent reviews and keep review quality high. We do not post reviews by company employees or direct competitors. We validate each review for authenticity via cross-reference with LinkedIn, and personal follow-up with the reviewer when necessary.