Snort vs Splunk Enterprise

What users are saying about

Score 9 out of 10

Based on 27 reviews and ratings

Score 8.9 out of 10

Based on 374 reviews and ratings

Feature Set Ratings

Security Information and Event Management (SIEM)

Snort

Feature Set Not Supported

N/A

9.0

Splunk Enterprise

90%

Splunk Enterprise ranks higher in 13/13 features

Centralized event and log data collection

N/A

0 Ratings

9.4

94%

50 Ratings

Correlation

N/A

0 Ratings

9.8

98%

49 Ratings

Event and log normalization/management

N/A

0 Ratings

9.6

96%

98 Ratings

Deployment flexibility

N/A

0 Ratings

9.4

94%

46 Ratings

Integration with Identity and Access Management Tools

N/A

0 Ratings

9.2

92%

46 Ratings

Custom dashboards and workspaces

N/A

0 Ratings

9.8

98%

100 Ratings

Host and network-based intrusion detection

N/A

0 Ratings

8.0

80%

35 Ratings

Data integration/API management

N/A

0 Ratings

9.0

90%

2 Ratings

Behavioral analytics and baselining

N/A

0 Ratings

7.5

75%

2 Ratings

Rules-based and algorithmic detection thresholds

N/A

0 Ratings

9.5

95%

2 Ratings

Response orchestration and automation

N/A

0 Ratings

7.0

70%

2 Ratings

Reporting and compliance management

N/A

0 Ratings

9.5

95%

2 Ratings

Incident indexing/searching

N/A

0 Ratings

9.0

90%

2 Ratings

Attribute Ratings

Splunk Enterprise is rated higher in 1 area: Likelihood to Recommend

Snort

84%

5 Ratings

9.3

Splunk Enterprise

93%

67 Ratings

Snort

N/A

0 Ratings

10.0

Splunk Enterprise

100%

17 Ratings

Snort

N/A

0 Ratings

9.0

Splunk Enterprise

90%

3 Ratings

Snort

N/A

0 Ratings

10.0

Splunk Enterprise

100%

2 Ratings

Snort

N/A

0 Ratings

8.4

Splunk Enterprise

84%

33 Ratings

Snort

N/A

0 Ratings

9.0

Splunk Enterprise

90%

4 Ratings

Snort

N/A

0 Ratings

9.1

Splunk Enterprise

91%

1 Rating

Pros

IPS detection.
DoS detection.
Packet logging.

Read full review

Verified User

Manager in Information Technology

Information Technology & Services Company, 10,001+ employees

View all 5 answers on this topic

Real-time + Scheduled alerts - i-e you can set up alerts which are actively monitoring your logs
Pretty good response time for search results. With our key/value logging, Splunk makes it blazing fast to query the data.
Dashboards provide insights into historical data
Love how Splunk indexes all of the data and provides keys to search on

Read full review

Pooja Gada

Engineering Tech Lead

Qventus, IncHospital & Health Care, 51-200 employees

View all 67 answers on this topic

Cons

At times can be unstable with Cisco bugs, require frequent upgrading.
FTD images that are being pushed for ASAs are less efficient from an administration standpoint, no CLI.

Read full review

Alan Matson, CCNA:S, MCP

Senior Network Security Engineer

InsightInformation Technology and Services, 5001-10,000 employees

View all 5 answers on this topic

At times some queries can run slowly if indices are not on a portion of the query you use.
Setup time initially can be difficult if your logs aren't stored in common locations or in a common way to write the log.
Ability to ingest logs from different locations without having to change code to put logs in a certain place (pro and con).
Searches can be a bit more difficult to look through if your log isn't pulled in a manner that is easy to read through splunk.

Read full review

Verified User

Engineer in Engineering

Computer Software Company, 201-500 employees

View all 67 answers on this topic

Pricing Details

General

Free Trial

—

Free/Freemium Version

—

Premium Consulting/Integration Services

—

Entry-level set up fee?

Starting Price

—

General

Free Trial

Yes

Free/Freemium Version

Yes

Premium Consulting/Integration Services

—

Entry-level set up fee?

Starting Price

—

Likelihood to Renew

No score

No answers yet

No answers on this topic

Splunk Enterprise 10.0

Based on 17 answers

We are using Splunk extensively in our projects and we have recently upgraded to Splunk version 6.0 which is quite efficient and giving expected results. We keep track of updates and new features Splunk introduces periodically and try to introduce those features in our day to day activities for improvement in our reporting system and other tasks.

Read full review

Verified User

Consultant in Information Technology

Retail Company, 10,001+ employees

View all 17 answers on this topic

Usability

No score

No answers yet

No answers on this topic

Splunk Enterprise 9.0

Based on 3 answers

You can literally throw in a single word into Splunk and it will pull back all instances of that word across all of your logs for the time span you select (provided you have permission to see that data). We have several users who have taken a few of the free courses from Splunk that are able to pull data out of it everyday with little help at all.

Read full review

Kenneth Taitingfong

Splunk Architect / Engineer

CRGT Inc.Information Technology and Services, 1001-5000 employees

View all 3 answers on this topic

Reliability and Availability

No score

No answers yet

No answers on this topic

Splunk Enterprise 10.0

Based on 2 answers

When properly setup and configured, Splunk is extremely reliable.

Read full review

Verified User

Engineer in Other

Computer Software Company, 1001-5000 employees

View all 2 answers on this topic

Support Rating

No score

No answers yet

No answers on this topic

Splunk Enterprise 8.4

Based on 33 answers

Splunk maintains a well resourced support system that has been consistent since we purchased the product. They help out in a timely manner and provide expert level information as needed. We typically open cases online and communicate when possible via e-mail and are able to resolve most issues with that method.

Read full review

Verified User

Engineer in Information Technology

Information Technology & Services Company, 201-500 employees

View all 33 answers on this topic

Implementation Rating

No score

No answers yet

No answers on this topic

Splunk Enterprise 9.0

Based on 4 answers

Smooth without too many major issues.

Read full review

Verified User

Consultant in Information Technology

Transportation/Trucking/Railroad Company, 1001-5000 employees

View all 4 answers on this topic

Alternatives Considered

For our organization, the Cisco defense in depth concept works the best. While Cisco can be made to work with other vendors, we have found the best in depth protection by integrating Cisco products for maximum visibility. We had a Barracuda Web Filter, but it was difficult to maintain when you had limited scope on what you could block, so we created a whitelist only setup which required a lot of additional manpower. This wouldn't have covered new threats with DNS spoofing and the like.Sourcefire also integrated with our anti-malware platform (Cisco AMP) for even better visibility on what may be happening on the end users workstation. We are planning on adding in Cisco ISE to complete the approach and possibly stealthwatch to cover our bases in the future. The Palo Alto gear was interesting, but it was priced far out of our range.

Read full review

David Myers

Network Administrator

West Wichita Family Physicians, P.A.Hospital & Health Care, 201-500 employees

View all 5 answers on this topic

I wanted to learn a new language that I can quickly master and implement. Splunk is easy, fun to use and best of all, it can be developed in hours not days or weeks. Splunk is fundamentally a programming language that is minimal but yet powerful enough to collect, analyze and visualize data.

Read full review

Verified User

Professional in Information Technology

Investment Management Company, 1001-5000 employees

View all 67 answers on this topic

Scalability

No score

No answers yet

No answers on this topic

Splunk Enterprise 9.1

Based on 1 answer

Splunk can scale in to the petabyte per day range which of course is awesome

Read full review

Rick Yetter

Regional Director

ePlus inc.Information Technology and Services, 501-1000 employees

View all 1 answers on this topic

Return on Investment

Being open source, ROI on free is hard to beat for something that works.
I believe it greatly enhances the security of my network.

Read full review

Curt Dickman

Owner

Grandpa's GarageAutomotive, 1-10 employees

View all 5 answers on this topic

Overall very positive. It has provided visibility to what is going on within our network.
One drawback is the time it takes to get up to speed with the application, but this is up to the user, and Splunk education is excellent.
In my field, IT Security, there are few other friends to have in your back pocket better than Splunk. They are just that good.

Read full review

Verified User

Manager in Information Technology

Higher Education Company, 501-1000 employees

View all 67 answers on this topic

Snort

Splunk Enterprise

Snort

Splunk Enterprise

Centralized event and log data collection

Correlation

Event and log normalization/management

Deployment flexibility

Integration with Identity and Access Management Tools

Custom dashboards and workspaces

Host and network-based intrusion detection

Data integration/API management

Behavioral analytics and baselining

Rules-based and algorithmic detection thresholds

Response orchestration and automation

Reporting and compliance management

Incident indexing/searching

Snort

Splunk Enterprise

Snort

Splunk Enterprise

Snort

Splunk Enterprise

Snort

Splunk Enterprise

Snort

Splunk Enterprise

Snort

Splunk Enterprise

Snort

Splunk Enterprise

Likelihood to Recommend

Snort

Splunk Enterprise

Pros

Snort

Splunk Enterprise

Cons

Snort

Splunk Enterprise

Pricing Details

General

Free Trial

Free/Freemium Version

Premium Consulting/Integration Services

Entry-level set up fee?

Starting Price

General

Free Trial

Free/Freemium Version

Premium Consulting/Integration Services

Entry-level set up fee?

Starting Price

Likelihood to Renew

Snort

Splunk Enterprise

Usability

Snort

Splunk Enterprise

Reliability and Availability

Snort

Splunk Enterprise

Support Rating

Snort

Splunk Enterprise

Implementation Rating

Snort

Splunk Enterprise

Alternatives Considered

Snort

Splunk Enterprise

Scalability

Snort

Splunk Enterprise

Return on Investment

Snort

Splunk Enterprise

Add comparison