We performed a comparison between Splunk Enterprise Security and WhatsUp Gold based on real PeerSpot user reviews.
Find out in this report how the two Security Information and Event Management (SIEM) solutions compare in terms of features, pricing, service and support, easy of deployment, and ROI."The pricing of the product is excellent."
"It is always correlating to IOCs for normal attacks, using Azure-related resources. For example, if any illegitimate IP starts unusual activity on our Azure firewall, then it automatically generates an alarm for us."
"Sentinel uses Azure Logic Apps for automation, which is really powerful. This allows us to easily automate responses to incidents."
"The part that was very unexpected was Sentinel's ability to integrate with Azure Lighthouse, which, as a managed services solution provider, gives us the ability to also manage our customers' Sentinel environments or Sentinel workspaces. It is a big plus for us. With its integration with Lighthouse, we get the ability to monitor multiple workspaces from one portal. A lot of the Microsoft Sentinel workbooks already integrate with that capability, and we save countless amounts of money by simply being able to almost immediately realize multitenant capabilities. That alone is a big plus for us."
"One of the most valuable features of Microsoft Sentinel is that it's cloud-based."
"The AI and ML of Azure Sentinel are valuable. We can use machine learning models at the tenant level and within Office 365 and Microsoft stack. We don't need to depend upon any other connectors. It automatically provisions the native Microsoft products."
"The best feature is that onboarding to the SIM solution is quite easy. If you are using cloud-based solutions, it's just a few clicks to migrate it."
"The machine learning and artificial intelligence on offer are great."
"In the past we used the different application to collect logs. We used SurfWatch and VMware to do so. But, we found that the Splunk has more capacity to do more in less time. They provide a aster speed to index all the events , and this is a huge asset."
"On the cloud, we are pushing through less than half a petabyte of data. So far, it has been fairly stable because it runs on all the underlying AWS infrastructures."
"One key advantage of Splunk over competitors like IBM QRadar is its superior device integration capabilities."
"I really like the user interface and how it works."
"The ability to view all of these different logs, then drilling down into specific times or into specific data sources, has proved to be the greatest aspect in decreasing our troubleshooting overhead time."
"Exporting is a good feature. It helps me out when I have to do reports. I do a lot of exporting and crunching of the numbers. Dashboards are okay for showing to the leadership, but for doing statistics and updating tickets, the export feature is very beneficial for me."
"My favorite example of improving of organization is saving a $60k/mo in payroll fraud and $10k/mo in wasted API credits by using simple searches and clear reports."
"We can present to our management in real time the security of the batch management for the PCs, security regarding the network equipment. We're currently working in the Azure Cloud project, so we can send any logs from the cloud to Splunk. We can monitor them and we can present to the managers and customers. It's a very good solution for reporting. We use Splunk for reporting and monitoring of any solution in the company."
"The most valuable feature of WhatsUp Gold is NetFlow and the virtualized maps."
"We no longer have to manually search for problems because we are alerted when something in the network goes down."
"The interactive mapping interface for scrolling, zooming, and drilling down on an element to learn about a network issue is good. When we see a network there will sometimes be a spot that has one link. You can go into a particular part of the topology map, scroll in, and see exactly which module it is."
"The most valuable features are network bandwidth monitoring and monitoring device health."
"The user interface is good enough."
"It is easy to access and discover devices, as well as monitor them automatically. The topology discover is also a useful feature."
"I use it on premises to monitor my network database. We monitor the link up/down and use the SNMP traps as well."
"The product is reasonably priced."
"The KQL query does not function effectively with Windows 11 machines, and in the majority of machine-based investigations, KQL queries are essential for organizing the data during investigations."
"Its documentation is not so simple. It is easy for somebody who is Microsoft certified or more closely attached to Microsoft solutions. It is not easy for those who are working on open-source platforms. There isn't a central point where everything is documented, and there is no specific training or certification."
"I think the number one area of improvement for Sentinel would be the cost."
"The playbook is a bit difficult and could be improved."
"There is some relatively advanced knowledge that you have to have to properly leverage Sentinel's full capabilities. I'm thinking about things like the creation of workbooks, how you do threat-hunting, and the kinds of notifications you're getting... It takes time for people to ramp up on that and develop a familiarity or expertise with it."
"It could have a better API to be able to automate many things more extensively and get more extensive data and more expensive deployment possibilities. It can gain some points on the automation part and the integration part. The API is very limited, and I would like to see it extended a bit more."
"If Sentinel had a graphical user interface, it would be easier to use. I would also like it to be more customizable."
"Sometimes, we are observing large ingestion delays. We expect logs within 5 minutes, but it takes about 10 to 15 minutes."
"It needs more formatting control without having to be an admin."
"The solution could improve by giving more email details."
"Their technical support sucks."
"Writing queries is a bit complicated sometimes."
"Missing capability for audio/video and image processing."
"Search head clustering is often temperamental in its current state and should be improved, replaced by something better, or be reverted to search head pooling."
"Splunk is query-based, which is not the case with most cybersecurity tools. It is based on search queries and can be difficult to use. It would be good if they can make it easier to understand how to create search queries. They can improve the knowledge base for better understanding. To create your dashboard, you need to have a search query. We have multiple firewalls in our company, and we need a dashboard for them. It would be helpful if a default firewall dashboard is included in Splunk to make monitoring easier. If a dashboard is available for a security device, the operation part will be more efficient. We won't have to follow a manual process for this."
"I find that the learning curve for Splunk is relatively lengthy."
"You have to invest a few days to become an expert in this solution."
"The pricing for this solution has gone up quite recently, which has led some of our customers to buy an alternative product."
"Importing the maps and being able to customize them could be easier."
"I might like to see a better interface in the future."
"I think there are a few bugs now. Although they give some resolution for this, we cannot share the network remotely because of our company policy."
"One of the biggest things that made us start to look at another product is we're not able to have an end to end monitoring from a user perspective throughout the system and back to the user. All the monitoring is from inside out, we need something that also can give us from outside in."
"Users want SMS available via Whatsapp Gold. They don't want to go through third party SMS servers. The solution should work to make this possible."
"I would like to see better integration with switches so that you can see what is connected to each port, what the traffic is, and have a network map automatically generated."
Splunk Enterprise Security is ranked 2nd in Security Information and Event Management (SIEM) with 228 reviews while WhatsUp Gold is ranked 36th in Application Performance Monitoring (APM) and Observability with 22 reviews. Splunk Enterprise Security is rated 8.4, while WhatsUp Gold is rated 7.8. The top reviewer of Splunk Enterprise Security writes "It has a drag-and-drop interface, so you don't need to know SQL or Java to construct a query ". On the other hand, the top reviewer of WhatsUp Gold writes "If CPU, memory, or disk space is over-utilized, it alerts us immediately via text or email if there is an issue". Splunk Enterprise Security is most compared with Wazuh, Dynatrace, IBM Security QRadar, Elastic Security and Azure Monitor, whereas WhatsUp Gold is most compared with SolarWinds NPM, Zabbix, Grafana, PRTG Network Monitor and Centreon. See our Splunk Enterprise Security vs. WhatsUp Gold report.
We monitor all Security Information and Event Management (SIEM) reviews to prevent fraudulent reviews and keep review quality high. We do not post reviews by company employees or direct competitors. We validate each review for authenticity via cross-reference with LinkedIn, and personal follow-up with the reviewer when necessary.