We performed a comparison between Splunk Enterprise Security and VMware Aria Operations for Applications based on real PeerSpot user reviews.
Find out in this report how the two Security Information and Event Management (SIEM) solutions compare in terms of features, pricing, service and support, easy of deployment, and ROI."The most valuable feature is the UEBA. It's very easy for a security operations analyst. It has a one-touch analysis where you can search for a particular entity, and you can get a complete overview of that entity or user."
"The machine learning and artificial intelligence on offer are great."
"The Identity Behavior tab furnishes us with the entire history linked to each IP or domain that has either accessed or attempted to access our system."
"The AI and ML of Azure Sentinel are valuable. We can use machine learning models at the tenant level and within Office 365 and Microsoft stack. We don't need to depend upon any other connectors. It automatically provisions the native Microsoft products."
"I like the unified security console. You can close incidents using Sentinel in all other Microsoft Security portals, when it comes to incident response."
"The features that stand out are the detection engine and its integration with multiple data sources."
"We’ve got process improvement that's happened across multiple different fronts within the organization, within our IT organization based on this tool being in place."
"The AI capability is one of the main features of the solution because I believe that in the market, there are few solutions that are providing security solutions based on AI and machine learning."
"Its compatibility with other SIEMS is very useful."
"In the past we used the different application to collect logs. We used SurfWatch and VMware to do so. But, we found that the Splunk has more capacity to do more in less time. They provide a aster speed to index all the events , and this is a huge asset."
"The correlation search functions that generate all the notables are valuable. That can get pretty complicated, and it handles that pretty well."
"You can use it to gather syslog messages from anything."
"The connections to the database are very good and updating the data files is simple to do. The dashboards are useful and user-friendly."
"From the class that I took this week, being able to create notable events from whatever you find in the data set is pretty useful."
"Three features stand out for me: the SDK for writing Python, the customizable and adaptable diagnostic dashboard, and the optimizer for collecting data."
"The solution is stable and reliable."
"No issues with stability."
"The solution is great for virtualization and preparing the infrastructure in Tanzu to test products. It's very fast and has good visibility."
"This solution allows me to have true visibility for any metrics when it comes to my cloud, and private."
"VMware comes with a support team, and if you have trouble, you can easily create a ticket, and VMware will help you. Therefore, the best aspect is the support."
"Tanzu itself, integrated with multiple solutions, bestows support and security upon a container platform, especially when it comes to managing open-source container platforms such as Kubernetes."
"The most valuable aspects of the solution are its ease of use and its ease of implementation."
"For us, the ease of deployment in combination with TMZ was the most important part because we don't have to manually deploy a complex monitoring solution. We can more or less do that with the click of a button, and we are not dependent on the developers to provide us with all the necessary features and functions to make that work. We can just deploy it on a workload cluster and monitor at least a good part of the workload. If we want to go into detail, we clearly need to make changes, but for a good part of application monitoring, it gives us good insights."
"The features I find most valuable is the querying and alerting capabilities."
"I would like Sentinel to have more out-of-the-box analytics rules. There are already more than 400 rules, but they could add more industry-specific ones. For example, you could have sets of out-of-the-box rules for banking, financial sector, insurance, automotive, etc., so it's easier for people to use it out of the box. Structuring the rules according to industry might help us."
"We do have in-built or out-of-the-box metrics that are shown on the dashboard, but it doesn't give the kind of metrics that we need from our environment whereby we need to check the meantime to detect and meantime to resolve an incident. I have to do it manually. I have to pull all the logs or all the alerts that are fed into Sentinel over a certain period. We do this on a monthly basis, so I go into Microsoft Sentinel and pull all the alerts or incidents we closed over a period of thirty days."
"If Azure Sentinel had the ability to ingest Azure services from different tenants into another tenant that was hosting Azure Sentinel, and not lose any metadata, that would be a huge benefit to a lot of companies."
"In terms of features I would like to see in future releases, I'm interested in a few more use cases around automation. I do believe a lot of automation is available, and more is in progress, but that would be my area of interest."
"If their UI was a bit more streamlined and easy to find when I need it, then that would be a great improvement."
"They could use some kind of workbook. There is some limitation doing the editing and creating the workbook."
"I can't think of anything other than just getting the name out there. I think a lot of customers don't fully understand the full capabilities of Azure Sentinel yet. It is kind of like when they're first starting to use Azure, it might not be something they first think about. So, they should just kind of get to the point where it is more widely used."
"The only thing is sometimes you can have a false positive."
"The level of scalability depends on the license you have. You can expand or reduce it based on the environment. It does cost more money to scale, however."
"We usually have to follow up with technical support on our open cases."
"The configuration could be better."
"Sometimes the communication with support happens with multiple staff. They should reduce the time to resolution."
"While Splunk Enterprise Security offers valuable features, its cost is high and could be more competitive."
"The use cases provided by Splunk are a good starting point, but could cover many additional topics to ensure that a smaller or less experienced shop might maximize the value of an ES deployment."
"The price has room for improvement."
"Previously, they developed custom connectors or add-ons for a lot of applications. But that number can be upgraded still. There are a lot of applications in the world that are not supported."
"They could make it more easy to plug-in data so that a nontechnical person will be able to use it, like accountants or finance people. That way they don't have to ask us."
"The documentation and integration with Kubernetes could be improved."
"The initial setup should be easier and more seamless."
"It could use a URL document server. Everything in the market is moving towards automation and everybody's looking for the single click operations as well relational data locality."
"I would like to see integration with Kubernetes cluster and APIs so that you can manage the entire stack."
"The main problem I have is that the license cost is very high."
"In the new version, I would love to see more prediction capabilities. It would be great if one could see the alerts get a little more enriched with information and become more human-friendly instead of the technical stuff that they put in there. I think those would be really awesome outcomes to get."
"The implementation is a long process that should be improved."
More VMware Aria Operations for Applications Pricing and Cost Advice →
Splunk Enterprise Security is ranked 2nd in Security Information and Event Management (SIEM) with 227 reviews while VMware Aria Operations for Applications is ranked 27th in Cloud Monitoring Software with 9 reviews. Splunk Enterprise Security is rated 8.4, while VMware Aria Operations for Applications is rated 7.6. The top reviewer of Splunk Enterprise Security writes "It has a drag-and-drop interface, so you don't need to know SQL or Java to construct a query ". On the other hand, the top reviewer of VMware Aria Operations for Applications writes "Easy to deploy, worth the money, and helpful for uptime monitoring and performance insights". Splunk Enterprise Security is most compared with Wazuh, Dynatrace, IBM Security QRadar, Elastic Security and Azure Monitor, whereas VMware Aria Operations for Applications is most compared with Dynatrace, Grafana, Datadog, Zabbix and Amazon CloudWatch. See our Splunk Enterprise Security vs. VMware Aria Operations for Applications report.
We monitor all Security Information and Event Management (SIEM) reviews to prevent fraudulent reviews and keep review quality high. We do not post reviews by company employees or direct competitors. We validate each review for authenticity via cross-reference with LinkedIn, and personal follow-up with the reviewer when necessary.
