We performed a comparison between Splunk Enterprise Security and Zenoss Cloud based on real PeerSpot user reviews.
Find out what your peers are saying about Microsoft, Splunk, Wazuh and others in Security Information and Event Management (SIEM)."The log analysis is excellent; it can predict what can or will happen regarding use patterns and vulnerabilities."
"I believe one of the main advantages is Microsoft Sentinel's seamless integration with other Microsoft products."
"The in-built SOAR of Sentinel is valuable. Kusto Query Language is also valuable for the ease of writing queries and ease of getting insights from the logs. Schedule-based queries within Sentinel are also valuable. I found these three features most useful for my projects."
"The connectivity and analytics are great."
"The most valuable features are its threat handling and detection. It's a powerful tool because it's based on machine learning and on the behavior of malware."
"Sentinel also enables you to ingest data from your entire ecosystem and not just from the Microsoft ecosystem. It can receive data from third-party vendors' products such firewalls, network devices, and antivirus solutions. It's not only a Microsoft solution, it's for everything."
"The ability of all these solutions to work together natively is essential. We have an Azure subscription, including Log Analytics. This feature automatically acts as one of the security baselines and detects recommendations because it also integrates with Defender. We can pull the sysadmin logs from Azure. It's all seamless and native."
"The solution has features that helped improve the security posture of our clients. It provides the ability to correlate a large variety of log sources very cost-effectively, especially for Microsoft sources."
"My favorite example of improving of organization is saving a $60k/mo in payroll fraud and $10k/mo in wasted API credits by using simple searches and clear reports."
"Splunk allows us to find insights that we were not able to with traditional BI tools using ETL. It allows us to dig into raw events."
"The ability to view all of these different logs, then drilling down into specific times or into specific data sources, has proved to be the greatest aspect in decreasing our troubleshooting overhead time."
"Its compatibility with other SIEMS is very useful."
"Capability to expand the functionality through custom code for data inputs, commands, visualization, alerts, and machine learning."
"The solution is the market leader."
"The integration is seamless with many devices and operating systems."
"The most valuable feature of Splunk Enterprise Security is website activity monitoring."
"The custom built integration is one of the most valuable features because you can see all the especially critical items."
"The most valuable feature is the flexible discovery mechanism."
"The product offers good documentation that helps with initial training."
"It's easy to use."
"They have also accommodated many state-of-the-art technologies like Docker and ZooKeeper."
"Its Docker Container concept is mind blowing. It is the first monitoring tool which comes with Docker features."
"What I like most about Zenoss Service Dynamics is that it monitors the devices and gives close to real-time alerts. For example, in case the device is not available, Zenoss Service Dynamics generates an alert so my team can resolve the issue."
"The performance could be improved. If I create 15 to 20 lines for a single-use case in KQL, sometimes it takes more time to execute. If I create use cases within a certain timeline, the result will show in .01 seconds. A complex query takes more time to get results."
"Sentinel's alerts and notifications are not fully optimized for mobile devices. The overall reporting and the analytics processes for the end user should also be improved. Also, the compatibility and availability of data sources and reports are not always perfect."
"We do have in-built or out-of-the-box metrics that are shown on the dashboard, but it doesn't give the kind of metrics that we need from our environment whereby we need to check the meantime to detect and meantime to resolve an incident. I have to do it manually. I have to pull all the logs or all the alerts that are fed into Sentinel over a certain period. We do this on a monthly basis, so I go into Microsoft Sentinel and pull all the alerts or incidents we closed over a period of thirty days."
"Some of the data connectors are outdated, at least the ones that utilize Linux machines for log forwarding. I believe that Microsoft is already working on improving this."
"While I appreciate the UI itself and the vast amount of information available on the platform, I'm finding the overall user experience to be frustrating due to frequent disconnections and the requirement to repeatedly re-authenticate."
"The learning curve could be improved. I am still learning it. We were able to implement the basic features to get them up and running, but there are still so many things that I don't know about all its features. They have a lot of features that we have not been able to use or apply. If they could work on reducing the solution's learning curve, that would be good. While there is a training course held by Microsoft to learn more about this solution, there is a cost associated with it."
"We'd like also a better ticketing system, which is older."
"For certain vendors, some of the data that Microsoft Sentinel captures is redacted due to privacy reasons."
"It works as intended for us, and we are getting everything that we need out of it. If anything, its initial setup can be improved a bit."
"We will receive alerts only for the administrators and deployment servers, but not for all servers."
"Could be more user friendly."
"I would like to get visibility into the data pipelines on heavy forwarders and indexers to see exactly their source and the cause of saturation when it occurs. This would help us learn even more about our high use applications."
"The threat detection library needs to increase the frequency at which the playbooks are updated."
"Cybersecurity and infrastructure monitoring have room for improvement."
"The solution should also have more advanced capabilities in comparison with QRadar, which offers Watson."
"If you monitor too much, you can lose performance on your systems."
"It would be ideal if the product offered sound alerts."
"There was a problem with Zenoss and storage monitoring."
"As Zenoss Service Dynamics is more for network-centric devices and you want to monitor, for example, a server, its services, IP addresses, and interfaces, if it's a network and you're going to monitor multiple items, you'll be charged multiple times. This is what Zenoss Service Dynamics needs to improve to make sure that customers pay just one fee to monitor the entire server. What I'd like to see in Zenoss Service Dynamics in the future is a public cloud monitoring feature, particularly for the Azure public cloud. Another additional feature I'd like to see in the next release of the solution is integration with the Azure public cloud because I know that there are some services from Azure that Zenoss Service Dynamics is currently unable to monitor."
"There is room for improvement with the administrative part. They introduced Control Center to manage things in Zenoss 5. The services that Zenoss provides remained the same, but the administrative part, since they introduced Docker, etc., has become a little complex"
"The inclusion of a feature to show a graphical view of the network would be a helpful improvement."
"The AI aspect needs to improve."
"Now it is stable, but they should design threshold parameters in percentage instead of raw values."
Splunk Enterprise Security is ranked 2nd in Security Information and Event Management (SIEM) with 221 reviews while Zenoss Cloud is ranked 19th in Application Infrastructure with 8 reviews. Splunk Enterprise Security is rated 8.4, while Zenoss Cloud is rated 8.4. The top reviewer of Splunk Enterprise Security writes "It has a drag-and-drop interface, so you don't need to know SQL or Java to construct a query ". On the other hand, the top reviewer of Zenoss Cloud writes "Generates close to real-time alerts so users can resolve issues, but needs more integration and public cloud monitoring features". Splunk Enterprise Security is most compared with Wazuh, Dynatrace, IBM Security QRadar, Elastic Security and Azure Monitor, whereas Zenoss Cloud is most compared with Zabbix, Nagios XI, ServiceNow IT Operations Management, ScienceLogic and Oracle Enterprise Manager.
We monitor all Security Information and Event Management (SIEM) reviews to prevent fraudulent reviews and keep review quality high. We do not post reviews by company employees or direct competitors. We validate each review for authenticity via cross-reference with LinkedIn, and personal follow-up with the reviewer when necessary.