Snort vs Splunk Enterprise | TrustRadius

What users are saying about

Score 9.2 out of 10

Based on 27 reviews and ratings

Score 8.8 out of 10

Based on 311 reviews and ratings

Feature Rating Comparison

Snort

Splunk Enterprise

Centralized event and log data collection

Correlation

Event and log normalization/management

Deployment flexibility

Integration with Identity and Access Management Tools

Custom dashboards and workspaces

Host and network-based intrusion detection

Pros

Real Time updates for security signatures via Talos
Great signature blocking
Excellent reporting via syslog to our Security Analytics collectors.

Read full review

Alan Matson, CCNA:S, MCP

Senior Network Security Engineer

InsightInformation Technology and Services, 5001-10,000 employees

View all 4 answers on this topic

Allow for separation of control where we don't let some employees have access to production but still can diagnose issues.
Common location to go for all logs even if the logs themselves aren't in the same place.
Ability to ingest logs from different locations without having to change the code to put logs in a certain place (pro and con).

Read full review

Verified User

Engineer in Engineering

Computer Software Company, 201-500 employees

View all 61 answers on this topic

Cons

Due to the extensive interface, it can be quite overwhelming to try and manage the product. There are many different places to go to set up individual items. It would be nice to simplify the interface down a bit
Upgrades can be somewhat hazardous. I think they are working to get the upgrade process streamlined, but currently moving major version (5.x to 6.x) there was a lot of additional work outside of the UI that if not done correctly can tank the system, requiring a fresh load or restore from backup

Read full review

Network Administrator

West Wichita Family Physicians, P.A.Hospital & Health Care, 201-500 employees

View all 4 answers on this topic

Even though there is a search tool as a help function, you still have to read through many documentation to find the answers you're looking for and sometimes you don't find it. The help function in Splunk could be improved to be more intuitive or have a built-in help per report, panel or dashboard.
Creating a Splunk dashboard is rather straightforward however, customization is not. Splunk could be improved to provide more tools or features for customization such as adding colors and font options for text and graphs or graphics.
My dashboard has a lot of useful information and I want the important panels and reports at the top but there is no easy way to do this. Perhaps Splunk could be improved to allow features such as adding URL links to other dashboards or some other clever way to emphasize the important data in my dashboard without compromising space.

Read full review

Verified User

Professional in Information Technology

Investment Management Company, 1001-5000 employees

View all 61 answers on this topic

Likelihood to Renew

No score

No answers yet

No answers on this topic

Splunk Enterprise 10.0

Based on 17 answers

We are using Splunk extensively in our projects and we have recently upgraded to Splunk version 6.0 which is quite efficient and giving expected results. We keep track of updates and new features Splunk introduces periodically and try to introduce those features in our day to day activities for improvement in our reporting system and other tasks.

Read full review

Verified User

Consultant in Information Technology

Retail Company, 10,001+ employees

View all 17 answers on this topic

Usability

No score

No answers yet

No answers on this topic

Splunk Enterprise 9.0

Based on 3 answers

You can literally throw in a single word into Splunk and it will pull back all instances of that word across all of your logs for the time span you select (provided you have permission to see that data). We have several users who have taken a few of the free courses from Splunk that are able to pull data out of it everyday with little help at all.

Read full review

Kenneth Taitingfong

Splunk Architect / Engineer

CRGT Inc.Information Technology and Services, 1001-5000 employees

View all 3 answers on this topic

Reliability and Availability

No score

No answers yet

No answers on this topic

Splunk Enterprise 10.0

Based on 1 answer

When properly setup and configured, Splunk is extremely reliable.

Read full review

Verified User

Engineer in Other

Computer Software Company, 1001-5000 employees

View all 1 answers on this topic

Support Rating

No score

No answers yet

No answers on this topic

Splunk Enterprise 8.6

Based on 24 answers

Splunk maintains a well resourced support system that has been consistent since we purchased the product. They help out in a timely manner and provide expert level information as needed. We typically open cases online and communicate when possible via e-mail and are able to resolve most issues with that method.

Read full review

Verified User

Engineer in Information Technology

Information Technology & Services Company, 201-500 employees

View all 24 answers on this topic

Implementation Rating

No score

No answers yet

No answers on this topic

Splunk Enterprise 9.0

Based on 2 answers

Smooth without too many major issues.

Read full review

Verified User

Consultant in Information Technology

Transportation/Trucking/Railroad Company, 1001-5000 employees

View all 2 answers on this topic

Alternatives Considered

Sourcefire vs. TippingPoint was a no-brainer for us at the time of deployment. Sourcefire has a more well-defined API using REST that can be leveraged for automating tasks. TippingPoint was just releasing an API that was limited. Also at the time, TippingPoint could not meet our 10Gbps network requirements as Sourcefire could with their 8350 appliances.

Read full review

Alan Matson, CCNA:S, MCP

Senior Network Security Engineer

InsightInformation Technology and Services, 5001-10,000 employees

View all 4 answers on this topic

Splunk is proving to be a formidable replacement for Qradar, which we had as our previous SIEM. Qradar was powerful, but not easy to customize and quite limited. Splunk is not per se a "SIEM" but it can be in the way you used it. Also there is an Enterprise Security App that is available to buy and sit on top of Splunk, and that will take care of any concerns with needing a full-fledged SIEM. Splunk wins.

Read full review

Verified User

Manager in Information Technology

Higher Education Company, 501-1000 employees

View all 61 answers on this topic

Scalability

No score

No answers yet

No answers on this topic

Splunk Enterprise 9.1

Based on 1 answer

Splunk can scale in to the petabyte per day range which of course is awesome

Read full review

Regional Director

ePlus inc.Information Technology and Services, 501-1000 employees

View all 1 answers on this topic

Return on Investment

Being open source, ROI on free is hard to beat for something that works.
I believe it greatly enhances the security of my network.

Read full review

Owner

Grandpa's GarageAutomotive, 1-10 employees

View all 4 answers on this topic

I'm not a data analyst so I can not provide concrete examples on how the business has benefited from implementing Splunk. However, the analysts I have worked with have provided a wealth of support in reducing workstation issues across the enterprise. This alone reduces the time it takes to determine where the exact problem lies between a workstation and the servers it tries to communicate with.

Read full review

Verified User

Professional in Professional Services

Information Technology and Services Company, 51-200 employees

View all 61 answers on this topic

Pricing Details

General

Free Trial

—

Free/Freemium Version

—

Premium Consulting/Integration Services

—

Entry-level set up fee?

No

General

Free Trial

Yes

Free/Freemium Version

Yes

Premium Consulting/Integration Services

—

Entry-level set up fee?

No

Rating Summary

Snort

Splunk Enterprise

Snort

Splunk Enterprise

Snort

Splunk Enterprise

Snort

Splunk Enterprise

Snort

Splunk Enterprise

Snort

Splunk Enterprise

Snort

Splunk Enterprise

Add comparison