We performed a comparison between ManageEngine Log360 and Splunk Enterprise Security based on real PeerSpot user reviews.
Find out in this report how the two Log Management solutions compare in terms of features, pricing, service and support, easy of deployment, and ROI.
"It is always correlating to IOCs for normal attacks, using Azure-related resources. For example, if any illegitimate IP starts unusual activity on our Azure firewall, then it automatically generates an alarm for us."
"In Azure Sentinel, we have found, they do have a store in their capability. AI and intelligence features. We found that to be very helpful for us because some other things we do need to integrate again or find another vendor for the store"
"Native integration with Microsoft security products or other Microsoft software is also crucial. For example, we can integrate Sentinel with Office 365 with one click. Other integrations aren't as easy. Sometimes, we have to do it manually."
"The analytic rule is the most valuable feature."
"The pricing of the product is excellent."
"Sentinel is a SIEM and SOAR tool, so its automation is the best feature; we can reduce human interaction, freeing up our human resources."
"Mainly, this is a cloud-native product. So, there are zero concerns about managing the whole infrastructure on-premises."
"The most valuable feature is the alert notifications, which are categorized by severity levels: informational, low, medium, and high."
"It basically helps us. We have to stay in compliance with certain issues with some of our customers. We have to have these types of tools in place for protecting our network and our data. We're in the aerospace industry, so we have a lot of defense contracts. So, all those guys will make sure that we're protecting their information, and it does a good job in that aspect."
"It is easier to deploy than are other SIEMs, which is great. You can also get an overview of your environment, which is very handy."
"You can have all of the logs from servers to network and it gets sent out to the correct owners. This is very helpful."
"The Sharecon feature is the most valuable."
"It is nice to be able to monitor and to have notifications."
"The most valuable feature is that this solution is more secure than others, and there are more applications and features as well."
"The deployment is quite simple and pretty straightforward."
"We haven't had any stability issues."
"It has quite extensive support in terms of integration. If you want to do anything, there are tools for that."
"Support is quick and competent."
"Alerts when a server is malfunctioning, monitors external attacks, and takes action to stop spreading viruses."
"You can integrate Splunk with third-party security automation solutions and set rules for automatic response."
"It has reduced the time to resolution, time to investigate, and time to troubleshoot for debugging issues."
"The initial setup is really straightforward. It's one of the easiest installations."
"The most useful feature for me is the ability to create different kinds of alerts and set a different kind of denominator that will capture the real event. That is helpful for a power user like me."
"The initial setup is simple, not very complex. Initial deployment takes around 10 to 15 minutes to set up the entire base for Splunk including all three tiers."
"The reporting could be more structured."
"The playbook development environment is not as rich as it should be. There are multiple occasions when we face problems while creating the playbook."
"I can't think of anything other than just getting the name out there. I think a lot of customers don't fully understand the full capabilities of Azure Sentinel yet. It is kind of like when they're first starting to use Azure, it might not be something they first think about. So, they should just kind of get to the point where it is more widely used."
"Multi-tenancy, in my opinion, needs to be improved. I believe it can do better as a managed service provider."
"The solution should allow for a streamlined CI/CD procedure."
"I think the number one area of improvement for Sentinel would be the cost."
"Sentinel can be used in two ways. With other tools like QRadar, I don't need to run queries. Using Sentinel requires users to learn KQL to run technical queries and check things. If they don't know KQL, they can't fully utilize the solution."
"Its documentation is not so simple. It is easy for somebody who is Microsoft certified or more closely attached to Microsoft solutions. It is not easy for those who are working on open-source platforms. There isn't a central point where everything is documented, and there is no specific training or certification."
"There is room for improvement, especially in the reporting aspect. The reports are not as good as those in Splunk."
"The matter of the data retention needs to be addressed."
"The support needs improvement."
"On the logging system, there's a local on-client side that is encrypted, and there's one that is not encrypted. It is only for diagnostical purposes. However, both being encrypted would be very valuable for some audits."
"The solution lacks some features when compared to other products."
"The integration with SharePoint and Teams should be improved."
"The solution needs to improve hub storage. It should integrate AI and ML capabilities."
"Their technical support should be improved."
"We'd like Splunk to reduce false positives."
"Splunk Enterprise Security should provide a better and richer integration."
"The level of scalability depends on the license you have. You can expand or reduce it based on the environment. It does cost more money to scale, however."
"It is a hugely complicated product."
"The user access control could be much more granular, so that the admins can control r/w/x access for specific features of the product like dashboards, etc."
"I find the graphical options really limited and you don't have enough control over how to display the data that you want to see."
"It currently has limited default rules and customizations. If they can concentrate more on the compliance part and the security information part, it would be helpful. The platform part is good, but it requires many features from the security aspect."
"In the next releases, I would like to see more pricing flexibility."
ManageEngine Log360 is ranked 27th in Log Management with 15 reviews while Splunk Enterprise Security is ranked 1st in Log Management with 240 reviews. ManageEngine Log360 is rated 7.2, while Splunk Enterprise Security is rated 8.4. The top reviewer of ManageEngine Log360 writes "Facilitates incident backtracking and identifying the cause of incidents but insufficient intelligence-driven analysis to suppress unnecessary alerts". On the other hand, the top reviewer of Splunk Enterprise Security writes "It has a drag-and-drop interface, so you don't need to know SQL or Java to construct a query ". ManageEngine Log360 is most compared with ManageEngine EventLog Analyzer, Wazuh, Fortinet FortiSIEM, SolarWinds Security Event Manager and LogRhythm SIEM, whereas Splunk Enterprise Security is most compared with Wazuh, Dynatrace, IBM Security QRadar, Elastic Security and Datadog. See our ManageEngine Log360 vs. Splunk Enterprise Security report.
See our list of best Log Management vendors and best Security Information and Event Management (SIEM) vendors.
We monitor all Log Management reviews to prevent fraudulent reviews and keep review quality high. We do not post reviews by company employees or direct competitors. We validate each review for authenticity via cross-reference with LinkedIn, and personal follow-up with the reviewer when necessary.
