2021-08-30T13:01:00Z
Netanya Carmi - PeerSpot reviewer
Content Manager at PeerSpot (formerly IT Central Station)
  • 1
  • 164

What is a better choice, Splunk or Azure Sentinel?

Why?

1
PeerSpot user
1 Answer
Real User
Top 5
2021-09-01T19:24:21Z
Sep 1, 2021

It would really depend on (1) which logs you need to ingest and (2) what are your use cases


Splunk is easy for ingestion of anything, but the charge per GB/Day Indexed and it gets expensive as log volume increases. Splunk is good for operations style use cases (NOC), but requires ESS and isn't as easy to use or get data out of for SOC style use cases.


Sentinel is good for endpoint Windows Defender Advanced Edition (extra cost, not the free version), analysis and malware findings, and when the data sources are all Windows events (O365/OneDrive/Email/ADFS), but costs go up substantially if the log sources aren't Microsoft events, and support for non-MSFT log sources is limited.


Neither offers real UEBA capabilities IMO.


Splunk has the add-on (entirely different architecture and systems), for the Caspida UEBA.


MSFT will tout UEBA on Sentinel, but it's endpoint related (not network) and I've yet to see use cases on non-MSFT application data events.

Find out what your peers are saying about Microsoft Sentinel vs. Splunk and other solutions. Updated: November 2022.
655,711 professionals have used our research since 2012.
Product comparison that may be of interest to you
Related Questions
Shibu Babuchandran - PeerSpot reviewer
Regional Manager/ Service Delivery Manager at ASPL INFO Services
Jan 20, 2022
Hi dear professionals, How would you compare Securonix and Splunk as a SIEM enterprise solution? 
See 1 answer
Manoj Gautam - PeerSpot reviewer
Practice Lead- Network & Info Security at Inknowtech
Jan 20, 2022
I believe when we built a solution for any customer SOC environment, we need to take a survey of running equipment, their IoS and our product should compatible with their resources , APIs , third party integration, log management and the reporting mechanism should be good enough to understand each and every security aspects.  There are multiple tools are available for the comparison of different SIEM enterprise solution. As per my experience, splunk and arcsight is compatible for most of the customer environment, even though devices are not updated.
Netanya Carmi - PeerSpot reviewer
Content Manager at PeerSpot (formerly IT Central Station)
Nov 26, 2021
Why?
See 2 answers
Nov 24, 2021
We like that Azure Sentinel does not require as much maintenance as legacy SIEMs that are on-premises. Azure Sentinel is auto-scaling - you will not have to worry about performance impact, you will always have the performance capability you need. If you have Microsoft 365, it is very easy to plug the endpoints into Azure Sentinel. With this solution, you can go on the offensive and stay proactive, continually hunting for threats. Azure Sentinel is purely cloud-based and a leading next-generation SIEM. We have experienced a few false positives with Azure Sentinel. There is a certain level of expertise that you need to possess to appropriately utilize all of Azure Sentinel's offerings - it can be a somewhat steep learning curve to get things running at capacity. It would be an improvement if Azure Sentinel integrated better with other SaaS providers and offered more out-of-the-box connectors. You get a huge range of powerful security tools with AWS Security Hub, including compliance scanners, vulnerability endpoint protection, and firewalls. AWS Security Hub has very good detection and offers helpful real-time alerts. AWS Security Hub aggregates, organizes, and prioritizes security alerts or findings from other AWS services, all in one single pane. AWS Security Hub lacks a certain level of self-sufficiency, though. We would like to see AWS Security Hub become a multi-cloud solution. AWS Security Hub has some regional restrictions that have proved problematic for us; we need visibility for all instances we have on our account. We found that AWS Security Hub is not a good global product. Conclusion: We felt AWS was lacking in some basic features we consider essential, like multi-region coverage. We also wanted a solution that was more intuitive. We found Azure Sentinel to be a better fit for our team and our clients. We have a global reach and need a product that could satisfy cross-region coverage efficiently. We also feel that Azure Sentinel offers better proactive threat awareness.
Shibu Babuchandran - PeerSpot reviewer
Regional Manager/ Service Delivery Manager at ASPL INFO Services
Nov 26, 2021
Hi @Netanya Carmi ​, Had prepared some comparison factors between AWS and Azure for one of my presales discussions, hope this will hold some insights .So depending on the requirements from the client appropriate solutions can be proposed. Widely Azure Sentinel is what has be going of matching the customer requriements. AI and machine learning AWS service Azure service Description SageMaker Machine Learning A cloud service to train, deploy, automate, and manage machine learning models. Alexa Skills Kit Bot Framework Build and connect intelligent bots that interact with your users using text/SMS, Skype, Teams, Slack, Microsoft 365 mail, Twitter, and other popular services. Lex Speech Services API capable of converting speech to text, understanding intent, and converting text back to speech for natural responsiveness. Lex Language Understanding (LUIS) Allows your applications to understand user commands contextually. Polly, Transcribe Speech Services Enables both Speech to Text, and Text into Speech capabilities. Rekognition Cognitive Services Computer Vision: Extract information from images to categorize and process visual data. Face: Detect, identify, and analyze faces and facial expressions in photos. Skills Kit Virtual Assistant The Virtual Assistant Template brings together a number of best practices we've identified through the building of conversational experiences and automates integration of components that we've found to be highly beneficial to Bot Framework developers. Big data and analytics AWS service Azure service Description Redshift Synapse Analytics Cloud-based Enterprise Data Warehouse (EDW) that uses Massively Parallel Processing (MPP) to quickly run complex queries across petabytes of data. Lake Formation Data Share A simple and safe service for sharing big data Big data processing AWS service Azure service Description EMR Azure Data Explorer Fully managed, low latency, distributed big data analytics platform to run complex queries across petabytes of data. EMR Databricks Apache Spark-based analytics platform. EMR HDInsight Managed Hadoop service. Deploy and manage Hadoop clusters in Azure. EMR Data Lake Storage Massively scalable, secure data lake functionality built on Azure Blob Storage. Data orchestration / ETL AWS service Azure service Description Data Pipeline, Glue Data Factory Processes and moves data between different compute and storage services, as well as on-premises data sources at specified intervals. Create, schedule, orchestrate, and manage data pipelines. Glue Azure Purview A unified data governance service that helps you manage and govern your on-premises, multicloud, and software as a service (SaaS) data. Dynamo DB Table Storage, Cosmos DB NoSQL key-value store for rapid development using massive semi-structured datasets. Analytics and visualization AWS service Azure service Description Kinesis Analytics Stream Analytics Storage and analysis platforms that create insights from large quantities of data, or data that originates from many sources. Azure Data Explorer Data Lake Analytics Data Lake Store QuickSight Power BI Business intelligence tools that build visualizations, perform ad hoc analysis, and develop business insights from data. CloudSearch Cognitive Search Delivers full-text search and related search analytics and capabilities. Athena Data Lake Analytics Provides a serverless interactive query service that uses standard SQL for analyzing databases. Azure Synapse Analytics Azure Synapse Analytics is a limitless analytics service that brings together data integration, enterprise data warehousing, and big data analytics. It gives you the freedom to query data on your terms, using either serverless or dedicated resources at scale. Elasticsearch Service Elastic on Azure Use the Elastic Stack (Elastic, Logstash, and Kibana) to search, analyze, and visualize in real time. Database Type AWS Service Azure Service Description Relational database RDS SQL Database Managed relational database services in which resiliency, scale and maintenance are primarily handled by the Azure platform. Database for MySQL Database for PostgreSQL Database for MariaDB Serverless relational database Amazon Aurora Serverless Azure SQL Database serverless Database offerings that automatically scales compute based on the workload demand. You're billed per second for the actual compute used (Azure SQL)/data that's processed by your queries (Azure Synapse Analytics Serverless). Serverless SQL pool in Azure Synapse Analytics NoSQL/ DynamoDB Cosmos DB Cosmos DB is a globally distributed, multi-model database that natively supports multiple data models including key-value pairs, documents, graphs and columnar. Document SimpleDB Amazon DocumentDB Caching ElastiCache Cache for Redis An in-memory–based, distributed caching service that provides a high-performance store typically used to offload nontransactional work from a database. Database migration Database Migration Service Database Migration Service A service that executes the migration of database schema and data from one database format to a specific database technology in the cloud.
Related Articles
Netanya Carmi - PeerSpot reviewer
Content Manager at PeerSpot (formerly IT Central Station)
May 2, 2022
PeerSpot’s crowdsourced user review platform helps technology decision-makers around the world to better connect with peers and other independent experts who provide advice without vendor bias. Our users have ranked these solutions according to their valuable features, and discuss which features they like most and why. You can read user reviews for the Top 8 Log Management Tools to help you d...
Shibu Babuchandran - PeerSpot reviewer
Regional Manager/ Service Delivery Manager at ASPL INFO Services
Sep 24, 2021
What is Azure Sentinel? Azure Sentinel is Microsoft’s cloud-native security information and event management (SIEM) AND security orchestration automated response (SOAR) solution all in one! It brings together the latest in security innovation and advanced AI to provide near real-time intelligent security analytics for a bird’s-eye view over your entire enterprise’s IT estate. With ...
Moderator
Shibu Babuchandran - PeerSpot reviewer
Regional Manager/ Service Delivery Manager at ASPL INFO Services
Real User
ExpertModerator
Product Comparisons
Related Articles
Netanya Carmi - PeerSpot reviewer
Content Manager at PeerSpot (formerly IT Central Station)
May 2, 2022
Top 8 Log Management Tools 2022
PeerSpot’s crowdsourced user review platform helps technology decision-makers around the world to...
Shibu Babuchandran - PeerSpot reviewer
Regional Manager/ Service Delivery Manager at ASPL INFO Services
Sep 24, 2021
Azure Sentinel Deployment - Best Practices
What is Azure Sentinel? Azure Sentinel is Microsoft’s cloud-native security informatio...
Download Free Report
Download our FREE report comparing Microsoft Sentinel and Splunk based on reviews, features, and more! Updated: November 2022.
DOWNLOAD NOW
655,711 professionals have used our research since 2012.