Snort vs Splunk Enterprise

Likelihood to Recommend

It is well suited for a high energy environment with a lot of traffic, from an administration standpoint it can take a full time person to manage and maintain the devices.

Read full review

Alan Matson, CCNA:S, MCP

Senior Network Security Engineer

InsightInformation Technology and Services, 5001-10,000 employees

View all 3 answers on this topic

Pros: Splunk is very well suited if you have multiple log sources of related data. All of them can be correlated and tasks can be automated based on the requirement. Other than alerts, Splunk can also run a specific script of your choice, based on some defined conditions. Cons: If you have a few logs but a large number of log sources, Splunk can be very expensive.

Read full review

Kuntal Das

Security Analyst

University of Colorado DenverHigher Education, 5001-10,000 employees

View all 52 answers on this topic

Feature Rating Comparison

Snort

Splunk Enterprise

Centralized event and log data collection

Correlation

Event and log normalization

Deployment flexibility

Integration with Identity and Access Management Tools

Custom dashboards and views

Host and network-based intrusion detection

Pros

The threat intelligence from Cisco TALOS is unparalleled. This is grafted into the Sourcefire application which greatly improves security visibility. With this there are a lot of groups that you can use for white listing or blacklisting, knowing its being updated in the background without additional work from you.
Flexible. Instead of putting a traditional firewall inline you can put a source fire appliance (or firewall with sourcefire on-board) to not only block/allow traffic, but if you insights into it, and do some forms of threat scoring.
In depth information. Sometimes a bit overwhelming, but you are able to do more than just see alerts, you can view the full information and packets that lead to the conclusion, though the conclusion is prepared in advance for you.

Read full review

David Myers

Network Administrator

West Wichita Family Physicians, P.A.Hospital & Health Care, 201-500 employees

View all 3 answers on this topic

Allow for separation of control where we don't let some employees have access to production but still can diagnose issues.
Common location to go for all logs even if the logs themselves aren't in the same place.
Ability to ingest logs from different locations without having to change the code to put logs in a certain place (pro and con).

Read full review

Verified User

Engineer in Engineering

Computer Software Company, 201-500 employees

View all 52 answers on this topic

Cons

There are plenty of false positives in the logs, but no problems noticed related to them.

Read full review

Curt Dickman

Owner

Grandpa's GarageAutomotive, 1-10 employees

View all 3 answers on this topic

Even though there is a search tool as a help function, you still have to read through many documentation to find the answers you're looking for and sometimes you don't find it. The help function in Splunk could be improved to be more intuitive or have a built-in help per report, panel or dashboard.
Creating a Splunk dashboard is rather straightforward however, customization is not. Splunk could be improved to provide more tools or features for customization such as adding colors and font options for text and graphs or graphics.
My dashboard has a lot of useful information and I want the important panels and reports at the top but there is no easy way to do this. Perhaps Splunk could be improved to allow features such as adding URL links to other dashboards or some other clever way to emphasize the important data in my dashboard without compromising space.

Read full review

Trung Pham

Senior Developer

PIMCOInvestment Management, 1001-5000 employees

View all 52 answers on this topic

Likelihood to Renew

No score

No answers yet

No answers on this topic

Splunk Enterprise 10.0

Based on 17 answers

We are using Splunk extensively in our projects and we have recently upgraded to Splunk version 6.0 which is quite efficient and giving expected results. We keep track of updates and new features Splunk introduces periodically and try to introduce those features in our day to day activities for improvement in our reporting system and other tasks.

Read full review

Verified User

Consultant in Information Technology

Retail Company, 10,001+ employees

View all 17 answers on this topic

Usability

No score

No answers yet

No answers on this topic

Splunk Enterprise 9.0

Based on 3 answers

You can literally throw in a single word into Splunk and it will pull back all instances of that word across all of your logs for the time span you select (provided you have permission to see that data). We have several users who have taken a few of the free courses from Splunk that are able to pull data out of it everyday with little help at all.

Read full review

Kenneth Taitingfong

Splunk Architect / Engineer

CRGT Inc.Information Technology and Services, 1001-5000 employees

View all 3 answers on this topic

Reliability and Availability

No score

No answers yet

No answers on this topic

Splunk Enterprise 10.0

Based on 1 answer

When properly setup and configured, Splunk is extremely reliable.

Read full review

Verified User

Engineer in Other

Computer Software Company, 1001-5000 employees

View all 1 answers on this topic

Support

No score

No answers yet

No answers on this topic

Splunk Enterprise 9.2

Based on 8 answers

It helped us and is still helping to deploy new modules, installing and configuring new databases without worrying about a huge bottleneck or lack of understanding, and monitoring the post-deploy impacts. This has been our main tool across the University IT sectors to utilize all of its monitoring options, and sharing those alerts with end-users as needed.

Read full review

Verified User

Employee in Information Technology

Education Management Company, 10,001+ employees

View all 8 answers on this topic

Implementation

No score

No answers yet

No answers on this topic

Splunk Enterprise 9.0

Based on 2 answers

Smooth without too many major issues.

Read full review

Verified User

Consultant in Information Technology

Transportation/Trucking/Railroad Company, 1001-5000 employees

View all 2 answers on this topic

Alternatives Considered

Sourcefire vs. TippingPoint was a no-brainer for us at the time of deployment. Sourcefire has a more well-defined API using REST that can be leveraged for automating tasks. TippingPoint was just releasing an API that was limited. Also at the time, TippingPoint could not meet our 10Gbps network requirements as Sourcefire could with their 8350 appliances.

Read full review

Alan Matson, CCNA:S, MCP

Senior Network Security Engineer

InsightInformation Technology and Services, 5001-10,000 employees

View all 3 answers on this topic

Splunk is proving to be a formidable replacement for Qradar, which we had as our previous SIEM. Qradar was powerful, but not easy to customize and quite limited. Splunk is not per se a "SIEM" but it can be in the way you used it. Also there is an Enterprise Security App that is available to buy and sit on top of Splunk, and that will take care of any concerns with needing a full-fledged SIEM. Splunk wins.

Read full review

Verified User

Manager in Information Technology

Higher Education Company, 501-1000 employees

View all 52 answers on this topic

Scalability

No score

No answers yet

No answers on this topic

Splunk Enterprise 9.1

Based on 1 answer

Splunk can scale in to the petabyte per day range which of course is awesome

Read full review

Rick Yetter

Regional Director

ePlus inc.Information Technology and Services, 501-1000 employees

View all 1 answers on this topic

Return on Investment

Sourcefire has given us a positive ROI. We don't really have the metrics to show this, but the cost for having it, vs the savings between blocking bad sites and the manpower to respond to malware infestations are worth it. It's hard to measure what you don't get.

Read full review

David Myers

Network Administrator

West Wichita Family Physicians, P.A.Hospital & Health Care, 201-500 employees

View all 3 answers on this topic

I'm not a data analyst so I can not provide concrete examples on how the business has benefited from implementing Splunk. However, the analysts I have worked with have provided a wealth of support in reducing workstation issues across the enterprise. This alone reduces the time it takes to determine where the exact problem lies between a workstation and the servers it tries to communicate with.

Read full review

Verified User

Professional in Professional Services

Information Technology and Services Company, 51-200 employees

View all 52 answers on this topic

Likelihood to Recommend

Snort

Splunk Enterprise

Feature Rating Comparison

Centralized event and log data collection

Correlation

Event and log normalization

Deployment flexibility

Integration with Identity and Access Management Tools

Custom dashboards and views

Host and network-based intrusion detection

Pros

Snort

Splunk Enterprise

Cons

Snort

Splunk Enterprise

Likelihood to Renew

Snort

Splunk Enterprise

Usability

Snort

Splunk Enterprise

Reliability and Availability

Snort

Splunk Enterprise

Support

Snort

Splunk Enterprise

Implementation

Snort

Splunk Enterprise

Alternatives Considered

Snort

Splunk Enterprise

Scalability

Snort

Splunk Enterprise

Return on Investment

Snort

Splunk Enterprise

Pricing Details

General

Free Trial

Free/Freemium Version

Premium Consulting/Integration Services

Entry-level set up fee?

General

Free Trial

Free/Freemium Version

Premium Consulting/Integration Services

Entry-level set up fee?

Rating Summary

Add comparison