We performed a comparison between FileAudit and Splunk Enterprise Security based on real PeerSpot user reviews.
Find out in this report how the two Security Information and Event Management (SIEM) solutions compare in terms of features, pricing, service and support, easy of deployment, and ROI."Native integration with Microsoft security products or other Microsoft software is also crucial. For example, we can integrate Sentinel with Office 365 with one click. Other integrations aren't as easy. Sometimes, we have to do it manually."
"The pricing of the product is excellent."
"Its inbuilt Kusto Query Language is a valuable feature. It provides the flexibility needed to leverage advanced data analytics rules and policies and enables us to easily navigate all our security events in a single view. It helps any user easily understand the data or any security lags in their data and applications."
"The AI and ML of Azure Sentinel are valuable. We can use machine learning models at the tenant level and within Office 365 and Microsoft stack. We don't need to depend upon any other connectors. It automatically provisions the native Microsoft products."
"The solution offers a lot of data on events. It helps us create specific detection strategies."
"It's easy to use. It's a very good product. It can easily ingest data from anywhere. It has an easily understandable language to perform actions."
"Having your logs put all in one place with machine learning working on those logs is a good feature. I don't need to start thinking, "Where are my logs?" My logs are in a centralized repository, like Log Analytics, which is why you can't use Sentinel without Log Analytics. Having all those logs in one place is an advantage."
"The data connectors that Microsoft Sentinel provides are easy to integrate when we work with a Microsoft agent."
"Our customer acquires the complete report which is kept for future auditing purposes."
"It is a good and stable solution...It is a scalable solution."
"Alerting upon file changes is the most valuable aspect of the product."
"It provides logs in one place, so they are easy to find. It collects the logs from multiple places, then you have just one place where you see the whole flow from the front-end to the back-end."
"The most valuable feature is the DSS, also known as SPL, because it allows users to script advanced queries with limited knowledge."
"Splunk allows us to find insights that we were not able to with traditional BI tools using ETL. It allows us to dig into raw events."
"We did not encounter any issues with scalability. It is almost seamless to add new index (storage) or search (used to analyze the data) nodes to the cluster."
"I like the ease with which dashboards can be created."
"The most valuable feature of Splunk Enterprise Security is the comprehensive logging capabilities it provides."
"Capability to expand the functionality through custom code for data inputs, commands, visualization, alerts, and machine learning."
"The speed of the search engine"
"Sometimes, it is hard for us to estimate the costs of Microsoft Sentinel."
"If I can use Sentinel offline at home and use it on a local network, it would be great. I'm not sure if I can use Sentinel offline versus the tools I have."
"They can work on the EDR side of things... Every time we need to onboard these kinds of machines into the EDR, we need to do it with the help of Intune, to sync up the devices, and do the configuration. I'm looking for something on the EDR side that will reduce this kind of work."
"If their UI was a bit more streamlined and easy to find when I need it, then that would be a great improvement."
"The solution could be more user-friendly; some query languages are required to operate it."
"The learning curve could be improved. I am still learning it. We were able to implement the basic features to get them up and running, but there are still so many things that I don't know about all its features. They have a lot of features that we have not been able to use or apply. If they could work on reducing the solution's learning curve, that would be good. While there is a training course held by Microsoft to learn more about this solution, there is a cost associated with it."
"I would like Sentinel to have more out-of-the-box analytics rules. There are already more than 400 rules, but they could add more industry-specific ones. For example, you could have sets of out-of-the-box rules for banking, financial sector, insurance, automotive, etc., so it's easier for people to use it out of the box. Structuring the rules according to industry might help us."
"We're satisfied with the comprehensiveness of the security protection. That said, we do have issues sometimes where there have been global outages and we need to raise a ticket with Microsoft."
"Whenever someone cuts and paste, it shows as "file is deleted"."
"The DLP function, including installation of the agent on the workstation and controlling the DLP restrictions, are areas where the product lacks."
"The updates management and central management console could be improved."
"We had an instance when Splunk failed and it took us a couple of days to recover."
"It is a hugely complicated product."
"It needs more thoroughly tested releases. Every new big version (6, 7, etc.) has had so many bugs that it makes me wary of customers upgrading right away."
"I love the solution, but I would like to see more accessibility to the machine-learning capabilities that are sprinkled around Splunk."
"Certain sections of the developer documentation could use some updating and clarification."
"I'd like to see more integration with more antivirus systems."
"It takes time to train people."
"The threat detection library needs to increase the frequency at which the playbooks are updated."
FileAudit is ranked 38th in Security Information and Event Management (SIEM) with 3 reviews while Splunk Enterprise Security is ranked 1st in Security Information and Event Management (SIEM) with 240 reviews. FileAudit is rated 9.0, while Splunk Enterprise Security is rated 8.4. The top reviewer of FileAudit writes "A scalable SIEM solution for monitoring a user's activity in the file server". On the other hand, the top reviewer of Splunk Enterprise Security writes "It has a drag-and-drop interface, so you don't need to know SQL or Java to construct a query ". FileAudit is most compared with ManageEngine File Audit Plus, whereas Splunk Enterprise Security is most compared with Wazuh, Dynatrace, IBM Security QRadar, Elastic Security and Datadog. See our FileAudit vs. Splunk Enterprise Security report.
See our list of best Security Information and Event Management (SIEM) vendors and best Log Management vendors.
We monitor all Security Information and Event Management (SIEM) reviews to prevent fraudulent reviews and keep review quality high. We do not post reviews by company employees or direct competitors. We validate each review for authenticity via cross-reference with LinkedIn, and personal follow-up with the reviewer when necessary.