We performed a comparison between Splunk Enterprise Security and Trellix Helix based on real PeerSpot user reviews.
Find out in this report how the two Security Information and Event Management (SIEM) solutions compare in terms of features, pricing, service and support, easy of deployment, and ROI."Sentinel also enables you to ingest data from your entire ecosystem and not just from the Microsoft ecosystem. It can receive data from third-party vendors' products such firewalls, network devices, and antivirus solutions. It's not only a Microsoft solution, it's for everything."
"Microsoft Sentinel enables you to ingest data from the entire ecosystem and that connection of data helps you to monitor critical resources and to know what's happening in the environment."
"One of the most valuable features of Microsoft Sentinel is that it's cloud-based."
"The analytic rule is the most valuable feature."
"Microsoft Sentinel comes preloaded with templates for teaching and analytics rules."
"It has basic out-of-the-box integrations with multiple log sources."
"Sentinel has features that have helped improve our security poster. It helped us in going ahead and identifying the gaps via analysis and focusing on the key elements."
"It's easy to use. It's a very good product. It can easily ingest data from anywhere. It has an easily understandable language to perform actions."
"To get visibility from your network devices, servers, and security devices is a great feature."
"It is user-friendly. It is more effective than other solutions. The support and help for troubleshooting and the documentation from Splunk make it very effective."
"It helps us uncover bottlenecks in the network."
"Splunk has machine learning which is a valuable feature."
"With good domain knowledge, one can build almost anything. If you throw in Alert Manager or an integration with ServiceNow. Then, you have your own SIEM"
"In the past we used the different application to collect logs. We used SurfWatch and VMware to do so. But, we found that the Splunk has more capacity to do more in less time. They provide a aster speed to index all the events , and this is a huge asset."
"You can use it to gather syslog messages from anything."
"It has helped us look at modern technology, as well as penetrate our legacy systems, to see where the bottlenecks are."
"Trellix Helix helps prevent email attacks, like phishing and email spoofing attacks."
"It is kind of simple and very easily deployable. You can start working with it very fast."
"The integration is very useful and very easy. You can have an API connection with any cloud and I'll be able to do both ways of communication with the help of APA."
"I like that it's easy. It's got the protection set up, and we can see whatever is required. We write our own rules and the rules that we can input. I think it is good."
"FireEye Helix's best features are its speed and use of an easy-to-understand language to send queries to the raw logs."
"The most valuable features include predefined use cases and threatening states."
"The product offers very strong automation. Our cyber security analysts don't have to correlate the information to detect problems. They only need to analyze problems that have been identified by the platform."
"The on-prem log sources still require a lot of development."
"If I can use Sentinel offline at home and use it on a local network, it would be great. I'm not sure if I can use Sentinel offline versus the tools I have."
"They need to work with other security vendors. For example, we replaced our email gateway with Symantec, but we couldn't collect these logs with Azure Sentinel. Instead of collecting these logs with Azure Sentinel, we are collecting them on Qradar. We couldn't do it with Sentinel, which is a problem for us."
"It could have a better API to be able to automate many things more extensively and get more extensive data and more expensive deployment possibilities. It can gain some points on the automation part and the integration part. The API is very limited, and I would like to see it extended a bit more."
"We are invoiced according to the amount of data generated within each log."
"I would like Sentinel to have more out-of-the-box analytics rules. There are already more than 400 rules, but they could add more industry-specific ones. For example, you could have sets of out-of-the-box rules for banking, financial sector, insurance, automotive, etc., so it's easier for people to use it out of the box. Structuring the rules according to industry might help us."
"They could use some kind of workbook. There is some limitation doing the editing and creating the workbook."
"The troubleshooting has room for improvement."
"The product was difficult to back up the first time."
"Splunk has a steeper learning curve, making it feel less user-friendly."
"The case management area of the ES could be improved. The ability to move cases through various stages and states. The ability to close a case would be key improvement."
"The solution could improve by giving more email details."
"It currently has limited default rules and customizations. If they can concentrate more on the compliance part and the security information part, it would be helpful. The platform part is good, but it requires many features from the security aspect."
"The user access control could be much more granular, so that the admins can control r/w/x access for specific features of the product like dashboards, etc."
"Configuring a few apps is complex, not straightforward."
"Splunk is more expensive than other solutions."
"We have certain challenges with integrating the SOAR platform with multiple vendors."
"The graphical user interface could be improved. It's not easy to handle and it's not easy for a customer or end-user to learn how to manage the solution."
"It should have more cloud connectors. It could also be cheaper."
"FireEye Helix would be improved with the option of an on-prem version, which they don't currently offer."
"Sometimes the rules are disabled by FireEye, and we basically get it after the patch. I think there needs to be a better way of creating the application rules. I would like to see better pricing for our licensing."
"Trellix Helix's configuration and learning could be improved to identify normal traffic from abnormal and to identify trusted domains."
"Integrations could be improved, and the dashboard could be a little better."
Splunk Enterprise Security is ranked 1st in Security Information and Event Management (SIEM) with 228 reviews while Trellix Helix is ranked 31st in Security Information and Event Management (SIEM) with 7 reviews. Splunk Enterprise Security is rated 8.4, while Trellix Helix is rated 8.6. The top reviewer of Splunk Enterprise Security writes "It has a drag-and-drop interface, so you don't need to know SQL or Java to construct a query ". On the other hand, the top reviewer of Trellix Helix writes "Helps prevent email attacks, like phishing and email spoofing attacks". Splunk Enterprise Security is most compared with Wazuh, Dynatrace, IBM Security QRadar, Elastic Security and Datadog, whereas Trellix Helix is most compared with LogRhythm SIEM, Trellix ESM, IBM Security QRadar, USM Anywhere and Palo Alto Networks Cortex XSOAR. See our Splunk Enterprise Security vs. Trellix Helix report.
See our list of best Security Information and Event Management (SIEM) vendors.
We monitor all Security Information and Event Management (SIEM) reviews to prevent fraudulent reviews and keep review quality high. We do not post reviews by company employees or direct competitors. We validate each review for authenticity via cross-reference with LinkedIn, and personal follow-up with the reviewer when necessary.