We performed a comparison between Splunk Enterprise Security and Splunk ITSI (IT Service Intelligence) based on real PeerSpot user reviews.
Find out in this report how the two Security Information and Event Management (SIEM) solutions compare in terms of features, pricing, service and support, easy of deployment, and ROI.
"If you know how to do KQL (kusto query language) queries, which are how you query the log data inside Sentinel, the information is pretty rich. You can get down to a good level of detail regarding event information or notifications."
"We didn't have anything similar. So, it really provides value from the incidents and automation point of view. The overview of the security fabric is most valuable."
"It is easy to implement (turn on) - does need a skilled analyst to develop queries and playbooks."
"The most valuable features in my experience are the UEBA, LDAP, the threat scheduler, and integration with third-party straight perform like the MISP."
"Sentinel improved how we investigate incidents. We can create watchlists and update them to align with the latest threat intelligence. The information Microsoft provides enables us to understand thoroughly and improve as we go along. It allows us to provide monthly reports to our clients on their security posture."
"Sentinel also enables you to ingest data from your entire ecosystem and not just from the Microsoft ecosystem. It can receive data from third-party vendors' products such firewalls, network devices, and antivirus solutions. It's not only a Microsoft solution, it's for everything."
"The connectivity and analytics are great."
"We’ve got process improvement that's happened across multiple different fronts within the organization, within our IT organization based on this tool being in place."
"The correlation searches (properly configured) populate the Incident Management dashboard and provide me a quick birds-eye view of my most important concerns."
"From my experience, the visual aid that it provides is most valuable. There are charts and other means to provide information."
"Easy to deploy and simple to use."
"Search language is easy to understand and teach to new users."
"Integrity with many vendors: This simplifies the implementation and integration with different devices"
"It has a big user base, so the community is useful."
"I like the ease with which dashboards can be created."
"The additional vendors we've brought on board, particularly the elastic, have been quite beneficial."
"The most valuable aspect lies in its utilization of predictive analytics to anticipate and prevent incidents within a window of twenty to thirty minutes."
"Our mean time to detect is down to five minutes."
"The root cause analysis is very helpful for us."
"One particularly useful feature of Splunk ITSI is the ability to create custom services."
"I find the episode review, glass tables, and correlation search features very useful."
"The feature that stood out to me most from Splunk IT Service Intelligence (ITSI) was automated dashboarding or reporting. The solution lists the severity level of issues, and the response times."
"Splunk ITSI helps us secure our environment by allowing us to create automatons that run when alerts are triggered."
"The observability is great and valuable."
"They're giving us the queries so we can plug them right into Sentinel. They need to have a streamlined process for updating them in the tool and knowing when things are updated and knowing when there are new detections available from Microsoft."
"The following would be a challenge for any product in the market, but we have some in-house apps in our environment... our apps were built with different parameters and the APIs for them are not present in Sentinel. We are working with Microsoft to build those custom APIs that we require. That is currently in progress."
"At the network level, there is a limitation in integrating some of the switches or routers with Microsoft Sentinel. Currently, SPAN traffic monitoring is not available in Microsoft Sentinel. I have heard that it is available in Defender for Identity, which is a different product. It would be good if LAN traffic monitoring or SPAN traffic monitoring is available in Microsoft Sentinel. It would add a lot of value. It is available in some of the competitor products in the market."
"There is room for improvement in entity behavior and the integration site."
"They could use some kind of workbook. There is some limitation doing the editing and creating the workbook."
"The built-in SOAR is not really good out-of-the-box. The SOAR relies on logic apps and you almost need to have some kind of developer background to be able to make these logic apps. Most security people cannot develop anything..."
"Sentinel's alerts and notifications are not fully optimized for mobile devices. The overall reporting and the analytics processes for the end user should also be improved. Also, the compatibility and availability of data sources and reports are not always perfect."
"The solution should allow for a streamlined CI/CD procedure."
"The upgrading process could be smoother."
"Splunk Enterprise Security can provide more details and help CISOs resolve vulnerability situations better. The reason is that the tools we choose for data analysis and log collection cannot collect all the data and logs. Splunk Enterprise Security should help me with this, but it cannot."
"When we do a rollout from the server or host or anything, we'd like to see more automation. It would save us time."
"The integration could be a bit better. They charge for certain integrations."
"I'd like to see more integration with more antivirus systems."
"The case management area of the ES could be improved. The ability to move cases through various stages and states. The ability to close a case would be key improvement."
"Splunk needs to be able to hold more days of data. At the moment it only holds three months of data."
"Being a SIEM solution with a centralized dashboard, we would like to have more options to customize it."
"I believe the refresh time should be faster."
"The cost of the license could be lower."
"We experience occasional delays in receiving solutions from Splunk technical support. Splunk's support for P3 cases seems inadequate, as they frequently switch support personnel. For instance, in a single P3 case, we had three different technical support representatives assigned. We were ultimately forced to escalate the issue to our account manager to get it resolved. In essence, we never receive complete support from a single point of contact; instead, the support team keeps changing, necessitating us to explain the problem from scratch each time."
"The dashboard queries should be improved. More queries should be suggested in order to produce better dashboards."
"The end-to-end visibility in Splunk ITSI is limited and has room for improvement."
"The license cost is expensive."
"Microservices is the only area where Splunk ITSI can be improved. When things come from one EC2 instance to another, there's a lack of exposure to microservices, so we can't know what's happening. Apart from that, it's doing pretty well."
"It is pretty okay. I am not sure whether the current release has already moved to the new framework where instead of the glass tables, we can directly use the Dashboard Studio. It would be nice to have that integrated into the same framework."
More Splunk ITSI (IT Service Intelligence) Pricing and Cost Advice →
Splunk Enterprise Security is ranked 1st in Security Information and Event Management (SIEM) with 240 reviews while Splunk ITSI (IT Service Intelligence) is ranked 5th in IT Alerting and Incident Management with 30 reviews. Splunk Enterprise Security is rated 8.4, while Splunk ITSI (IT Service Intelligence) is rated 8.2. The top reviewer of Splunk Enterprise Security writes "It has a drag-and-drop interface, so you don't need to know SQL or Java to construct a query ". On the other hand, the top reviewer of Splunk ITSI (IT Service Intelligence) writes "Helps improve our incident response time, and our mean time to resolve, but visibility is limited". Splunk Enterprise Security is most compared with Wazuh, Dynatrace, IBM Security QRadar, Elastic Security and Datadog, whereas Splunk ITSI (IT Service Intelligence) is most compared with ServiceNow IT Operations Management, Grafana, Dynatrace, Splunk APM and Elastic Observability. See our Splunk Enterprise Security vs. Splunk ITSI (IT Service Intelligence) report.
We monitor all Security Information and Event Management (SIEM) reviews to prevent fraudulent reviews and keep review quality high. We do not post reviews by company employees or direct competitors. We validate each review for authenticity via cross-reference with LinkedIn, and personal follow-up with the reviewer when necessary.
