We performed a comparison between ManageEngine Log360 and Splunk Enterprise Security based on real PeerSpot user reviews.
Find out in this report how the two Log Management solutions compare in terms of features, pricing, service and support, easy of deployment, and ROI.
"The features that stand out are the detection engine and its integration with multiple data sources."
"It has a lot of great features."
"Native integration with Microsoft security products or other Microsoft software is also crucial. For example, we can integrate Sentinel with Office 365 with one click. Other integrations aren't as easy. Sometimes, we have to do it manually."
"Sentinel improved how we investigate incidents. We can create watchlists and update them to align with the latest threat intelligence. The information Microsoft provides enables us to understand thoroughly and improve as we go along. It allows us to provide monthly reports to our clients on their security posture."
"The Identity Behavior tab furnishes us with the entire history linked to each IP or domain that has either accessed or attempted to access our system."
"Microsoft Sentinel comes preloaded with templates for teaching and analytics rules."
"The automation rules and playbooks are the most useful that I've seen. A number of other places segregate the automation and playbook as separate tools, whereas Microsoft is a SIEM and SOAR tool in one."
"Sentinel uses Azure Logic Apps for automation, which is really powerful. This allows us to easily automate responses to incidents."
"You can have all of the logs from servers to network and it gets sent out to the correct owners. This is very helpful."
"The product is very user-friendly."
"The most valuable feature is that this solution is more secure than others, and there are more applications and features as well."
"It is easier to deploy than are other SIEMs, which is great. You can also get an overview of your environment, which is very handy."
"It basically helps us. We have to stay in compliance with certain issues with some of our customers. We have to have these types of tools in place for protecting our network and our data. We're in the aerospace industry, so we have a lot of defense contracts. So, all those guys will make sure that we're protecting their information, and it does a good job in that aspect."
"We haven't had any stability issues."
"The Sharecon feature is the most valuable."
"The solution could be improved by including XDR, remediation and Sandbox."
"Correlating data across different systems via one interface will allow you to know your environment or identify incident data in ways you never imagined."
"The most valuable features for us include its robust log management capabilities, which allow us to efficiently handle and retain logs for extended periods as needed."
"it can explain to management about what kind of traffic is visiting the network. It can also explain other traffic coming in and out, along with protecting against malware."
"Its huge, versatile AppBase helped me to configure and bring data from different sources to a unified platform."
"The solution has made us more secure."
"Splunk helps us be more proactive. We can take predictive action to identify and block threats so that nothing harmful gets into the system."
"The level of robustness on offer is very good."
"It can log more logs than other solutions. It's a good way to troubleshoot problems."
"The following would be a challenge for any product in the market, but we have some in-house apps in our environment... our apps were built with different parameters and the APIs for them are not present in Sentinel. We are working with Microsoft to build those custom APIs that we require. That is currently in progress."
"It would be good to have some connectors for third-party SIEM solutions. Many customers are struggling with the integration of Azure Sentinel with their on-premise SIEM. Microsoft is changing the log structure many times a year, which can corrupt a custom integration. It would be good to have some connectors developed by Microsoft or supply vendors, but they are not providing such functionality or tools."
"Given that I am in the small business space, I wish they would make it easier to operate Sentinel without being a Sentinel expert. Examples of things that could be easier are creating alerts and automations from scratch and designing workbooks."
"We'd like to see more connectors."
"Microsoft Defender has a built-in threat expert option that enables you to contact an expert. That feature isn't available in Sentinel because it's a huge product that integrates all the technologies. I would like Microsoft to add the threat expert option so we can contact them. There are a few other features, like threat assessment that the PG team is working on. I expect them to release this feature in the next quarter."
"They can work on the EDR side of things... Every time we need to onboard these kinds of machines into the EDR, we need to do it with the help of Intune, to sync up the devices, and do the configuration. I'm looking for something on the EDR side that will reduce this kind of work."
"There is a wider thing called Jupyter Notebooks, which is around the automation side of things. It would be good if there are playbooks that you can utilize without having to have the developer experience to do it in-house. Microsoft could provide more playbooks or more Jupyter Notebooks around MITRE ATT&CK Framework."
"Azure Sentinel will be directly competing with tools such as Splunk or Qradar. These are very established kinds of a product that have been around for the last seven, eight years or more."
"The graphical interface could be made easier to use when you are connecting to different network equipment."
"Most times log sheets are not assigned well."
"The support needs improvement."
"We can log in as a local user, and it's fine, but when we login with an Active Directory user, we cannot."
"On the logging system, there's a local on-client side that is encrypted, and there's one that is not encrypted. It is only for diagnostical purposes. However, both being encrypted would be very valuable for some audits."
"It is not expensive compared to other solutions."
"There is room for improvement, especially in the reporting aspect. The reports are not as good as those in Splunk."
"The matter of the data retention needs to be addressed."
"The solution should also have more advanced capabilities in comparison with QRadar, which offers Watson."
"Our two main complaints are about the difficulty of the initial setup and the licensing model."
"Splunk Enterprise Security can be improved by including backup network detection and response and safe management to the paid platform."
"If possible, we would like to have not only a log monitoring system but a network monitoring feature in this solution as well."
"There are new services which are coming up. If Splunk can catch up with the speed of Amazon, and with the integration, instead of us waiting for another year or so, that would be good."
"You do need a lot of training and certification with this product."
"Splunk can improve regex/asset analysis as we do not want to crawl until it is done."
"The presence of multiple layers creates a significant challenge for monitoring across cloud environments."
ManageEngine Log360 is ranked 27th in Log Management with 15 reviews while Splunk Enterprise Security is ranked 1st in Log Management with 228 reviews. ManageEngine Log360 is rated 7.2, while Splunk Enterprise Security is rated 8.4. The top reviewer of ManageEngine Log360 writes "Facilitates incident backtracking and identifying the cause of incidents but insufficient intelligence-driven analysis to suppress unnecessary alerts". On the other hand, the top reviewer of Splunk Enterprise Security writes "It has a drag-and-drop interface, so you don't need to know SQL or Java to construct a query ". ManageEngine Log360 is most compared with ManageEngine EventLog Analyzer, Wazuh, Fortinet FortiSIEM, SolarWinds Security Event Manager and LogRhythm SIEM, whereas Splunk Enterprise Security is most compared with Wazuh, Dynatrace, IBM Security QRadar, Elastic Security and Datadog. See our ManageEngine Log360 vs. Splunk Enterprise Security report.
See our list of best Log Management vendors and best Security Information and Event Management (SIEM) vendors.
We monitor all Log Management reviews to prevent fraudulent reviews and keep review quality high. We do not post reviews by company employees or direct competitors. We validate each review for authenticity via cross-reference with LinkedIn, and personal follow-up with the reviewer when necessary.
