We performed a comparison between AWS Security Hub and Splunk Enterprise Security based on real PeerSpot user reviews.
Find out in this report how the two Security Information and Event Management (SIEM) solutions compare in terms of features, pricing, service and support, easy of deployment, and ROI."I like the unified security console. You can close incidents using Sentinel in all other Microsoft Security portals, when it comes to incident response."
"There are some very powerful features to Sentinel, such as the integration of various connectors. We have a lot of departments that use both IaaS and SaaS services, including M365 as well as Azure services. The ability to leverage connectors into these environments allows for large-scale data injection."
"The native integration of the Microsoft security solution has been essential because it helps reduce some false positives, especially with some of the impossible travel rules that may be configured in Microsoft 365. For some organizations, that might be benign because they're using VPNs, etc."
"Microsoft Sentinel comes preloaded with templates for teaching and analytics rules."
"The most valuable feature is the alert notifications, which are categorized by severity levels: informational, low, medium, and high."
"We have no complaints about the features or functionality."
"The data connectors that Microsoft Sentinel provides are easy to integrate when we work with a Microsoft agent."
"Sentinel's most important feature is the ability to centralize all the logs in one place. There's no need to search multiple systems for information."
"Very good at detection and providing real-time alerts."
"The most valuable feature of the solution stems from the fact that it is easy to manage...It is a scalable solution."
"I find all of the features to be highly valuable."
"The platform has valuable features for security."
"The most valuable feature of AWS Security Hub is the ability to track when monitoring is not enabled on any of my resources."
"AWS Security Hub provides comprehensive alerts about potential compliance issues with CIS standards. The integration with third-party tools is another excellent feature. All our workloads are on AWS."
"Easily integrates with third-party tools"
"I really like the seamless integration with the AWS account structure. It can even be made mandatory as part of the landing zone. These are great features. And there's a single pane of glass for the entire account."
"Splunk has a wide range of features that customers use to find and analyze all kinds of logs."
"The tool helps with advanced reports and keeps the system scalable and flexible. It provides a clear picture of the current status of any incidents. As a CISO, I see a lot of potential for future innovation, which is interesting. I've noticed better performance, especially with the reports."
"The product provides visibility and enables us to correlate data and generate alerts."
"The Splunk user community and forum are most valuable."
"The client site login is pretty extensible and probably cost-effective."
"The logs on the solution are excellent."
"The ability to manage large amounts of generated data and to protect all devices from unauthorized use are the most valuable features."
"Alerts when a server is malfunctioning, monitors external attacks, and takes action to stop spreading viruses."
"Some of the data connectors are outdated, at least the ones that utilize Linux machines for log forwarding. I believe that Microsoft is already working on improving this."
"We'd like also a better ticketing system, which is older."
"I believe one of the challenges I encountered was the absence of live training sessions, even with the option to pay for them."
"It could have a better API to be able to automate many things more extensively and get more extensive data and more expensive deployment possibilities. It can gain some points on the automation part and the integration part. The API is very limited, and I would like to see it extended a bit more."
"Its implementation could be simpler. It is not really simple or straightforward. It is in the middle. Sometimes, connectors are a little bit complex."
"Add more out-of-the-box connectors with other SaaS platforms/applications."
"They're giving us the queries so we can plug them right into Sentinel. They need to have a streamlined process for updating them in the tool and knowing when things are updated and knowing when there are new detections available from Microsoft."
"The built-in SOAR is not really good out-of-the-box. The SOAR relies on logic apps and you almost need to have some kind of developer background to be able to make these logic apps. Most security people cannot develop anything..."
"We need more granular-level customizations to enable or disable the rules in AWS Security Hub."
"Whenever my team gets some alarms from the central team, my team needs to initiate whether it's a real or false trigger. The central team needs to keep adjusting to the parameters or at least the concerned IPs, whether it's really from the company's pool of IPs, so the trigger process can be improved. In the next release of AWS Security Hub, I'd like a better dashboard that could result in better alert visibility."
"The solution lacks self-sufficiency."
"The solution will only give you insight if you have configure rule enabled. It should work more like Prisma Cloud and Dome9 which have a better approach."
"AWS Security Hub's configuration and integration are areas where it lacks and needs to improve."
"Although AWS Security Hub does a periodic scan of your overall infrastructure, it doesn't do it in real time."
"From an improvement perspective, there is a need to add more compliance since, right now, AWS Security Hub only provides four to five compliances to control the tool."
"AWS Security Hub should improve the time it takes to update. It takes a long period of time when updating. It can take 24 hours sometimes to update. Additionally, when integrating this solution with more security tools, takes time."
"Spam has different plugins but by default, the logs are not organized, it shows that there are roll-ups that are out of the box. I saw many plugins that can help improve or extend Splunk's functionality but I haven't tried any of them."
"I have concerns about the architecture as well since I can see it is not very well defined."
"It can be tough to determine if you are getting all of the value out of your investment at times."
"There is improvement needed when importing from some types of data sources."
"You do need a lot of training and certification with this product."
"We usually have to follow up with technical support on our open cases."
"Search head clustering is often temperamental in its current state and should be improved, replaced by something better, or be reverted to search head pooling."
"It could be more user friendly, in terms of the end-user experience."
AWS Security Hub is ranked 8th in Security Information and Event Management (SIEM) with 17 reviews while Splunk Enterprise Security is ranked 1st in Security Information and Event Management (SIEM) with 240 reviews. AWS Security Hub is rated 7.6, while Splunk Enterprise Security is rated 8.4. The top reviewer of AWS Security Hub writes "A centralized dashboard that enables efficient monitoring and management of possible security issues". On the other hand, the top reviewer of Splunk Enterprise Security writes "It has a drag-and-drop interface, so you don't need to know SQL or Java to construct a query ". AWS Security Hub is most compared with Prisma Cloud by Palo Alto Networks, Wiz, Microsoft Defender for Cloud, Google Chronicle Suite and Orca Security, whereas Splunk Enterprise Security is most compared with Wazuh, Dynatrace, IBM Security QRadar, Elastic Security and Datadog. See our AWS Security Hub vs. Splunk Enterprise Security report.
See our list of best Security Information and Event Management (SIEM) vendors.
We monitor all Security Information and Event Management (SIEM) reviews to prevent fraudulent reviews and keep review quality high. We do not post reviews by company employees or direct competitors. We validate each review for authenticity via cross-reference with LinkedIn, and personal follow-up with the reviewer when necessary.