Snort vs. Security Onion vs. Splunk Cloud Platform

Snort

27 Reviews and Ratings

Security Onion

7 Reviews and Ratings

Splunk Cloud Platform

156 Reviews and Ratings

Learn More

Overview
Product	Rating	Most Used By	Product Summary	Starting Price
Snort	Score 9.0 out of 10	N/A	Sourcefire developed Snort, an open source intrusion prevention system capable of real-time traffic analysis and packet logging. Snort was acquired (and is now supported) by Cisco in 2013.	N/A
Security Onion	Score 10.0 out of 10	N/A	Security Onion is a free and open source Linux distribution for threat hunting, enterprise security monitoring, and log management, developed by the company of the same name in Evans. Their products include both the Security Onion software and specialized hardware appliances that are built and tested to run Security Onion. The company also offers paid support and training services.	N/A
Splunk Cloud Platform	Score 8.0 out of 10	N/A	Splunk Cloud Platform is a data platform service thats help users search, analyze, visualize and act on data. The service can go live in as little as two days, and with an IT backend managed by Splunk experts.	N/A

Pricing

Snort

Security Onion

Splunk Cloud Platform

Editions & Modules

No answers on this topic

Offerings

Pricing Offerings
Snort	Security Onion	Splunk Cloud Platform
Free Trial
No	No	No
Free/Freemium Version
No	No	No
Premium Consulting/Integration Services
No	No	No

Entry-level Setup Fee

No setup fee

Additional Details

—

More Pricing Information

Pricing Info

Community Pulse
	Snort	Security Onion	Splunk Cloud Platform

Features

Snort

Security Onion

Splunk Cloud Platform

Security Information and Event Management (SIEM)

Comparison of Security Information and Event Management (SIEM) features of Product A and Product B
	Snort - Ratings	Security Onion - Ratings	Splunk Cloud Platform 8.2 20 Ratings 4% above category average
Centralized event and log data collection	00 Ratings	00 Ratings	9.019 Ratings
Correlation	00 Ratings	00 Ratings	8.419 Ratings
Event and log normalization/management	00 Ratings	00 Ratings	9.320 Ratings
Deployment flexibility	00 Ratings	00 Ratings	7.320 Ratings
Integration with Identity and Access Management Tools	00 Ratings	00 Ratings	7.818 Ratings
Custom dashboards and workspaces	00 Ratings	00 Ratings	9.020 Ratings
Host and network-based intrusion detection	00 Ratings	00 Ratings	8.217 Ratings
Data integration/API management	00 Ratings	00 Ratings	7.510 Ratings
Behavioral analytics and baselining	00 Ratings	00 Ratings	7.38 Ratings
Rules-based and algorithmic detection thresholds	00 Ratings	00 Ratings	8.210 Ratings
Response orchestration and automation	00 Ratings	00 Ratings	7.58 Ratings
Reporting and compliance management	00 Ratings	00 Ratings	8.810 Ratings
Incident indexing/searching	00 Ratings	00 Ratings	8.811 Ratings

Best Alternatives
	Snort	Security Onion	Splunk Cloud Platform
Small Businesses	LevelBlue USM Anywhere Score 7.6 out of 10	LevelBlue USM Anywhere Score 7.6 out of 10	LevelBlue USM Anywhere Score 7.6 out of 10
Medium-sized Companies	CrowdStrike Falcon Score 9.1 out of 10	CrowdStrike Falcon Score 9.1 out of 10	Sumo Logic Score 8.8 out of 10
Enterprises	CrowdStrike Falcon Score 9.1 out of 10	CrowdStrike Falcon Score 9.1 out of 10	Sumo Logic Score 8.8 out of 10
All Alternatives	View all alternatives	View all alternatives	View all alternatives

User Ratings
	Snort	Security Onion	Splunk Cloud Platform
Likelihood to Recommend	8.1 (5 ratings)	8.0 (1 ratings)	9.3 (18 ratings)
Likelihood to Renew	- (0 ratings)	- (0 ratings)	9.1 (1 ratings)
Usability	- (0 ratings)	- (0 ratings)	9.0 (5 ratings)
Support Rating	- (0 ratings)	- (0 ratings)	7.2 (4 ratings)

User Testimonials
	Snort	Security Onion	Splunk Cloud Platform
Likelihood to Recommend	Cisco If a colleague was looking to tighten down their network I can easily recommend Snort to them. It gives you some more peace of mind knowing that its always scanning traffic for malicious looking code. Even things your major firewalls and security hardware might miss, Snort has picked up. Its an easy recommendation for me. Incentivized Verified User Anonymous Read full review	Security Onion Solutions, LLC Security Onion works well for setting up within a Linux environment. This brings a new platform to run and maintain though. The application its self has helped to keep track of logs and vulnerabilities in the environment. Alert triage and case creation is simple to start and follow through to the end. Verified User Anonymous Read full review	Cisco Splunk is excellent when all your data is in one location. Its ability to correlate all that data is intuitive (once the hurdle of learning the query language is overcome). It is also easy to standardize the presentation of information to the company. When data is siloed/standalone, other systems can be cheaper and faster to implement. Incentivized MS Michael Spence Senior Network Engineer Read full review
Pros	Cisco IPS detection. DoS detection. Packet logging. Incentivized Verified User Anonymous Read full review	Security Onion Solutions, LLC GUI Support Easy of use Verified User Anonymous Read full review	Cisco This SIEM consolidates multiple data points and offers several features and benefits, creating custom dashboards and managing alert workflows. Splunk Cloud provides a simple way to have a central monitoring and security solution. Though it does not have a huge learning curve, you should spend some time learning the basics. Splunk Cloud enables me to create and schedule statistical reports on network use for Management. Incentivized David Hillier Senior Account Executive Read full review
Cons	Cisco At times can be unstable with Cisco bugs, require frequent upgrading. FTD images that are being pushed for ASAs are less efficient from an administration standpoint, no CLI. Incentivized Alan Matson, CCNA:S, MCP Senior Network Security Engineer Read full review	Security Onion Solutions, LLC Requires Linux Training Verified User Anonymous Read full review	Cisco The SPL programming language that the queries are built in is not very intuitive. There should be a better repository of pre-built queries for what I would think of as common Active Directory usage monitoring. I would like to see more free training/familiarization information made available. Incentivized Jeff Kitchens Technical Project Analyst III Read full review
Likelihood to Renew	Cisco No answers on this topic	Security Onion Solutions, LLC No answers on this topic	Cisco Ease of use and have all the features we need Incentivized Verified User Anonymous Read full review
Usability	Cisco No answers on this topic	Security Onion Solutions, LLC No answers on this topic	Cisco What it does well: - Powerful SPL query language for advanced users - Excellent visualization dashboards - Comprehensive documentation and community support Where it needs work: - Steep learning curve for SPL syntax - Non-Intuitive UI for beginners - Complex administration and data model configuration - Search performance degrades with poor query optimization Bottom line: Enterprise-grade tool requiring dedicated training investment. Best for teams with experienced analysts. Incentivized Verified User Anonymous Read full review
Support Rating	Cisco No answers on this topic	Security Onion Solutions, LLC No answers on this topic	Cisco Splunk Cloud support is sorely lacking unfortunately. The portal where you submit tickets is not very good and is lacking polish. Tickets are left for days without any updates and when chased it is only sometimes you get a reply back. I get the feeling the support team are very understaffed and have far too much going on. From what I know, Splunk is aware of this and seem to be trying to remedy it. Incentivized Fraser Clark Network Engineer Read full review
Alternatives Considered	Cisco For our organization, the Cisco defense in depth concept works the best. While Cisco can be made to work with other vendors, we have found the best in depth protection by integrating Cisco products for maximum visibility. We had a Barracuda Web Filter, but it was difficult to maintain when you had limited scope on what you could block, so we created a whitelist only setup which required a lot of additional manpower. This wouldn't have covered new threats with DNS spoofing and the like. Sourcefire also integrated with our anti-malware platform (Cisco AMP) for even better visibility on what may be happening on the end users workstation. We are planning on adding in Cisco ISE to complete the approach and possibly stealthwatch to cover our bases in the future. The Palo Alto gear was interesting, but it was priced far out of our range. Incentivized DM David Myers Network Administrator Read full review	Security Onion Solutions, LLC Other vendors may have a more robust solution but for our needs, Security Onion was the one to move forward with. We have tested some of the others but the cost of those platforms makes the ROI not as desirable. There is a learning curve with Security Onion but it is worth it for the value provided. Verified User Anonymous Read full review	Cisco Search Processing Language really is a game changer for writing easy-to-understand and maintainable queries on your data base logs. Once understood, setting up and validating a query can be done in no time- which leaves us the option to focus on more monitoring and improved services. We have no other tools that utilizes data this efficiently Incentivized Verified User Anonymous Read full review
Return on Investment	Cisco Being open source, ROI on free is hard to beat for something that works. I believe it greatly enhances the security of my network. CD Curt Dickman Owner Read full review	Security Onion Solutions, LLC Makes Alert Triage easier to handle Analysis of threats simple Verified User Anonymous Read full review	Cisco End-end visibility across your departmental silos Strengthen the overall global monitoring posture Move from Reactive to Proactive Monitoring Highly secure environment at your finger-tips Takes you away from managing infrastructure/administration, allows saving time & money. Reduce the overall TCO (Total Cost of Ownership) Incentivized Manan Bhatt Sr. SRE Read full review
ScreenShots