We performed a comparison between Logsign Next-Gen SIEM and Splunk Enterprise Security based on real PeerSpot user reviews.
Find out in this report how the two Security Information and Event Management (SIEM) solutions compare in terms of features, pricing, service and support, easy of deployment, and ROI."Sentinel uses Azure Logic Apps for automation, which is really powerful. This allows us to easily automate responses to incidents."
"The in-built SOAR of Sentinel is valuable. Kusto Query Language is also valuable for the ease of writing queries and ease of getting insights from the logs. Schedule-based queries within Sentinel are also valuable. I found these three features most useful for my projects."
"It's pretty powerful and its performance is pretty good."
"The scalability is great. You can put unlimited logs in, as long as you can pay for it. There are commitment tiers, up to six terabytes per day, which is nowhere close to what any one of our customers is running."
"I believe one of the main advantages is Microsoft Sentinel's seamless integration with other Microsoft products."
"It is able to connect to an ever-growing number of platforms and systems within the Microsoft ecosystem, such as Azure Active Directory and Microsoft 365 or Office 365, as well as to external services and systems that can be brought in and managed. We can manage on-premises infrastructure. We can manage not just the things that are running in Azure in the public cloud, but through Azure Arc and the hybrid capabilities, we can monitor on-premises servers and endpoints. We can monitor VMware infrastructure, for instance, running as part of a hybrid environment."
"It's easy to use. It's a very good product. It can easily ingest data from anywhere. It has an easily understandable language to perform actions."
"The Log analytics are useful."
"The most valuable features of Logsign SIEM are its cloud capabilities, alerting functionality, integration with Elastic Search, and configuration options."
"Logsign provides sample logs within the product, allowing users to see how logs will appear before integration, which is a valuable feature for testing and understanding log formats."
"The ability to quickly search logs, performance data, and other inputs has helped tremendously with troubleshooting."
"Splunk's schema on demand is incredibly useful. I do not have to worry about what my users will need when we onboard their data."
"Splunk is stable, and this is why many customers want it."
"it can explain to management about what kind of traffic is visiting the network. It can also explain other traffic coming in and out, along with protecting against malware."
"I like Splunk's data aggregation and search capabilities."
"One key advantage of Splunk over competitors like IBM QRadar is its superior device integration capabilities."
"I like the Splunk dashboard and search engine."
"The indexing and data collection are valuable."
"Not all information shows up in Sentinel. Sometimes there are items provided in 365 and if you looked in Sentinel you would not see them and therefore think they do not exist. There can be discrepancies between Microsoft tools."
"Sentinel provides decent visibility, but it's sometimes a little cumbersome to get to the information I want because there is so much information. I would also like to see more seamless integration between Sentinel and third-party security products."
"While I appreciate the UI itself and the vast amount of information available on the platform, I'm finding the overall user experience to be frustrating due to frequent disconnections and the requirement to repeatedly re-authenticate."
"The data connectors for third-party tools could be improved, as some aren't available in Sentinel. They need to be available in the data connector panel."
"Sentinel's reporting is complex and can be more user-friendly."
"The following would be a challenge for any product in the market, but we have some in-house apps in our environment... our apps were built with different parameters and the APIs for them are not present in Sentinel. We are working with Microsoft to build those custom APIs that we require. That is currently in progress."
"We do have in-built or out-of-the-box metrics that are shown on the dashboard, but it doesn't give the kind of metrics that we need from our environment whereby we need to check the meantime to detect and meantime to resolve an incident. I have to do it manually. I have to pull all the logs or all the alerts that are fed into Sentinel over a certain period. We do this on a monthly basis, so I go into Microsoft Sentinel and pull all the alerts or incidents we closed over a period of thirty days."
"We'd like to see more connectors."
"I hope they address the pricing model for Logsign Next-Gen SIEM, especially regarding regional variations. The pricing should not differ based on the country of operation as it can lead to dissatisfaction among customers. A fixed pricing structure would be more favorable for us. I would also suggest enhancing the GUI interface and adding features similar to xFi Exchange from IBM Pure. This would streamline operations and save time for analysts."
"Improvements needed in Logsign SIEM are providing specific security alerts that can be filtered and configured more effectively."
"It needs integration with a configuration management solution."
"This is a costly solution."
"I think the machine learning should be emphasized. Now, it's really important to analyze Big Data, data mining. A SIEM solution, like Splunk, needs an improved data mining solution, artificial intelligence."
"The configuration could be better."
"If you have to do your own stuff, such as customized charts, it is a little bit more work, but once you're familiar with the Splunk query language, you can pretty much do whatever you want. In terms of features, it should probably have the features that other competitors provide."
"Splunk ES could have more pre-built integrations and rules. The detection is fairly accurate, but it depends on the rules you create. Splunk's out-of-the-box configuration isn't that useful."
"I would like to see an updated dashboard. The dashboard is a little out-of-date. It could be made prettier."
"The product must improve insider threat detection."
Logsign Next-Gen SIEM is ranked 39th in Security Information and Event Management (SIEM) with 3 reviews while Splunk Enterprise Security is ranked 1st in Security Information and Event Management (SIEM) with 240 reviews. Logsign Next-Gen SIEM is rated 7.6, while Splunk Enterprise Security is rated 8.4. The top reviewer of Logsign Next-Gen SIEM writes "Easy to use and find the features that you need". On the other hand, the top reviewer of Splunk Enterprise Security writes "It has a drag-and-drop interface, so you don't need to know SQL or Java to construct a query ". Logsign Next-Gen SIEM is most compared with Grafana Loki, Wazuh, IBM Security QRadar and Logpoint, whereas Splunk Enterprise Security is most compared with Wazuh, Dynatrace, IBM Security QRadar, Elastic Security and Datadog. See our Logsign Next-Gen SIEM vs. Splunk Enterprise Security report.
See our list of best Security Information and Event Management (SIEM) vendors and best Log Management vendors.
We monitor all Security Information and Event Management (SIEM) reviews to prevent fraudulent reviews and keep review quality high. We do not post reviews by company employees or direct competitors. We validate each review for authenticity via cross-reference with LinkedIn, and personal follow-up with the reviewer when necessary.
