Skip to main content
TrustRadius
Splunk Enterprise Security (ES)

Splunk Enterprise Security (ES)

Overview

What is Splunk Enterprise Security (ES)?

Splunk Enterprise Security (SIEM) is the company's flagship SIEM product, offered as a premium service to subscribers of Splunk Cloud or Splunk Enterprise.

Read more
Recent Reviews

TrustRadius Insights

Intuitive User Interface: Users have consistently found the user interface of the product intuitive and easy to use, allowing for quick …
Continue reading
TrustRadius Insights
TrustRadius Insights

Highly Recommended!

7 out of 10
September 12, 2023
Incentivized
Splunk Enterprise Security (ES) is integral to our cybersecurity strategy. It swiftly detects and responds to threats, addressing …
Continue reading

Splunk ES Review

9 out of 10
September 06, 2023
Incentivized
We use Splunk ES to monitor security-relevant events, create notables for our Analysts to review, and overall improve our organization's …
Continue reading
Read all reviews

Awards

Products that are considered exceptional by their customers based on a variety of criteria win TrustRadius awards. Learn more about the types of TrustRadius awards to make the best purchase decision. More about TrustRadius Awards

Popular Features

View all 13 features
  • Centralized event and log data collection (100)
    9.3
    93%
  • Custom dashboards and workspaces (102)
    9.1
    91%
  • Incident indexing/searching (101)
    8.8
    88%
  • Deployment flexibility (101)
    8.3
    83%

Reviewer Pros & Cons

View all pros & cons
Return to navigation

Pricing

View all pricing
Splunk Enterprise Security (ES)

Splunk Enterprise Security (ES)

N/A
Unavailable

What is Splunk Enterprise Security (ES)?

Splunk Enterprise Security (SIEM) is the company's flagship SIEM product, offered as a premium service to subscribers of Splunk Cloud or Splunk Enterprise.

Entry-level set up fee?

  • No setup fee
For the latest information on pricing, visithttps://www.splunk.com/en_us/products/p…

Offerings

  • Free Trial
  • Free/Freemium Version
  • Premium Consulting/Integration Services

Would you like us to let the vendor know that you want pricing?

67 people also want pricing

Alternatives Pricing

Microsoft Sentinel

Microsoft Sentinel

$2.46
per GB ingested
What is Microsoft Sentinel?

Microsoft Sentinel (formerly Azure Sentinel) is designed as a birds-eye view across the enterprise. It is presented as a security information and event management (SIEM) solution for proactive threat detection, investigation, and response.

Return to navigation

Features

Security Information and Event Management (SIEM)

Security Information and Event Management is a category of security software that allows security analysts to look at a more comprehensive view of security logs and events than would be possible by looking at the log files of individual, point security tools

8.5
Avg 7.8
Return to navigation

Product Details

What is Splunk Enterprise Security (ES)?

Splunk Enterprise Security is an analytics-driven SIEM that helps to combat threats with actionable intelligence and advanced analytics at scale. Ingest machine data from any source for full visibility to detect malicious threats in an environment. Investigate and correlate activities across multicloud and on-premises sources in one unified view to identify and remediate security incidents. Splunk Enterprise Security supports cloud, on-premises, and hybrid deployment models to meet the needs of the business. When deployed as a cloud-based SIEM, the vendor states Splunk Enterprise Security can deliver improved time to value, allowing teams to focus on higher value security tasks instead of managing infrastructure hardware and manual upgrades.

Splunk Enterprise Security (ES) Video

Threat intelligence capabilities can be found in a variety of products. In this video, the TrustRadius team goes over 4 leading products in the space, including Splunk Enterprise Security (ES).

Splunk Enterprise Security (ES) Competitors

Splunk Enterprise Security (ES) Technical Details

Operating SystemsUnspecified
Mobile ApplicationNo

Frequently Asked Questions

Splunk Enterprise Security (SIEM) is the company's flagship SIEM product, offered as a premium service to subscribers of Splunk Cloud or Splunk Enterprise.

IBM Security QRadar SIEM, LogRhythm NextGen SIEM Platform, and Securonix Next-Generation SIEM are common alternatives for Splunk Enterprise Security (ES).

Reviewers rate Centralized event and log data collection highest, with a score of 9.3.

The most common users of Splunk Enterprise Security (ES) are from Enterprises (1,001+ employees).
Return to navigation

Comparisons

View all alternatives
Return to navigation

Reviews and Ratings

(249)

Community Insights

TrustRadius Insights are summaries of user sentiment data from TrustRadius reviews and, when necessary, 3rd-party data sources. Have feedback on this content? Let us know!

Intuitive User Interface: Users have consistently found the user interface of the product intuitive and easy to use, allowing for quick completion of tasks. Many reviewers praised its simplicity and user-friendly design.

Efficient Log Correlation: The automation capabilities in XDR were highly appreciated by users as they enable efficient log correlation and turning data into meaningful insights. Several reviewers mentioned that this feature saves them time and enhances their overall productivity.

Comprehensive Security Monitoring: Users highlighted the product's ability to monitor firewall traffic, mail systems, and AWS infrastructure, providing comprehensive security monitoring. This feature was commended for its effectiveness in identifying potential threats from various sources.

User Interface: Users have found the user interface of Splunk Enterprise Security to be confusing and not user-friendly, with a steep learning curve. Some users suggest improving the UI by reducing the number of clicks required.

Troubleshooting and Integration: Several users have experienced difficulty troubleshooting and integrating Splunk with other products. They mention that customizations often require technical support which may not always be on point. There is a need for optimization when it comes to handling multiple data sources.

Default Searches and Alerts: Many users find the default searches and alerts provided by Splunk Enterprise Security to be not valuable and in need of customization. They suggest better alert suppression, improved permissions, and more support for certain tools. Furthermore, users desire a more polished version of the miter coverage dashboard.

Users commonly recommend the following for Splunk Enterprise:

  1. Invest in proper training for personnel to avoid misuse and low performance. Users suggest that investing in training for staff is crucial to ensure effective use of the software and prevent any potential issues or underutilization.

  2. Consider other products in the market and evaluate compatibility with your business needs. While users recommend Splunk Enterprise, they also suggest exploring alternative solutions to determine which one best suits their specific requirements and environment.

  3. Try Splunk Enterprise for free and explore its documentation. Users advise others to take advantage of the free trial offered by Splunk Enterprise and thoroughly explore the product documentation. This will help users evaluate whether the software meets their needs and understand its features before making a purchase decision.

Attribute Ratings

Reviews

(1-25 of 103)
Companies can't remove reviews or game the system. Here's why
March 25, 2024

The Power of Splunk Enterprise.

Verified User
Engineer in Information Technology
Computer Software Company, 1001-5000 employees
Score 9 out of 10
Vetted Review
Verified User
Incentivized
Likelihood to Recommend
Well suited: Splunk ES is highly recommended in an environment with many data sources and experienced computer engineers. It has a steep learning curve, but once that hurdle is crossed, it is absolutely a beast. It is also very expensive, so a company putting a high amount of budget in Security is needed. Not well suited: Splunk ES is not recommended if a company has only a few sources and some non-technical IT users. The price won't justify the fewer data sources and scratching just the surface level. Moreover, non-technical IT users would be better off with something that has a query builder, unlike Splunk.
October 24, 2023

Splunk Enterprise Security: My Review

YD
Yash Dabhi
Software Engineer
Maruti Techlabs (Computer Software, 201-500 employees)
Score 9 out of 10
Vetted Review
Verified User
Incentivized
Likelihood to Recommend
Well Suited: What we admire most about Splunk is the significant improvements and capabilities it brings to the software with every major release. It is simply mind-blowing and easy to set up from a backend developer's point of view, as it is compatible with existing popular enterprise frameworks using microservice architecture (Spring Boot). Less Suited: Their enterprise plans are frankly costly. Cost wise, maybe it won't be suitable for small startups.
September 12, 2023

Highly Recommended!

Verified User
C-Level Executive in Corporate
Information Technology & Services Company, 1-10 employees
Score 7 out of 10
Vetted Review
Verified User
Incentivized
Likelihood to Recommend
Well-Suited Scenarios:

Real-Time Threat Response: ES excels in swiftly detecting and responding to security threats through data correlation.
Compliance Management: ES streamlines compliance with detailed logs and reports, ideal for regulated industries.
User Behavior Analytics: Effective in monitoring user and entity behavior, particularly for insider threat detection.
Large-Scale Environments: Valuable for organizations with diverse data sources and high volumes of data.
Incident Investigation: ES aids in post-incident analysis, reconstructing events to understand root causes.

Less Appropriate Scenarios:

Smaller Organizations: For simpler setups, ES may be complex and costly.
Static Environments: In low-risk settings, ES's advanced features may be unnecessary.
Limited Resources: Tight budgets or sparse IT resources may hinder effective ES use.
Lack of In-House Expertise: Without security experts, optimizing ES can be challenging.
Budget Constraints: ES may be cost-prohibitive for budget-conscious organizations, prompting consideration of more affordable alternatives.
September 12, 2023

Splunk ES, a great tool to use with some caveats!

Verified User
Analyst in Information Technology
Banking Company, 1001-5000 employees
Score 8 out of 10
Vetted Review
Verified User
Incentivized
Likelihood to Recommend
I like how it's all one dashboard and there is not a separate SIEM from the actual log agregator. This makes investigation a lot more efficient and easy to complete said investigation. It is easy to close multiple alerts together and to link items when the notables are part of an overarching issue. It is also easy to make another notable. It is easy to change the risk score to lower the alerting threshold.
September 06, 2023

Secure with Splunk Enterprise Security (ES)

Verified User
Team Lead in Information Technology
Hospital & Health Care Company, 5001-10,000 employees
Score 10 out of 10
Vetted Review
Verified User
Incentivized
Likelihood to Recommend
Splunk Enterprise Security (ES) protects company's infrastructure and we'll detected and automated alerts based on programmed alerts which is mainly threshold risk score Predefined use cases will help you to protect cloud environment and soc analysts can easily jump into them and enable them as they want Correlation methods will give you more exposure to track different ways to identify and get resolutions .
July 21, 2023

Splunk ES Alert Reduction

Verified User
Engineer in Engineering
Defense & Space Company, 5001-10,000 employees
Score 8 out of 10
Vetted Review
Verified User
Incentivized
Likelihood to Recommend
It is well suited for our analysts reviewing the alerts that come in each day. The risk based alerting system allows us to tune detections to eliminate noisy notables and ensure our analysts don’t get stuck dealing with alert fatigue. The information generated by ES allows us to create dashboards that easily communicate our accomplishments to higher leadership.
June 05, 2023

Best siem on the market

Verified User
Technician in Product Management
Machinery Company, 5001-10,000 employees
Score 9 out of 10
Vetted Review
Verified User
Incentivized
Likelihood to Recommend
It is centrally integrated to manage and improve the detection of our security threats, instead of using other types of native and complementary tools. Integrations with these appliances are done through our applications and plugins that we can find within Splunkbase. All this using the APIs.Splunk Stream uses the collection of our network traffic to determine the application, the protocol, even if it is encrypted. All this is sent for later analysis.
May 22, 2023

Securing Your Environment with Splunk Enterprise Security.

Verified User
Engineer in Engineering
Information Technology & Services Company, 201-500 employees
Score 9 out of 10
Vetted Review
Verified User
Incentivized
Likelihood to Recommend
Splunk Enterprise Security is a great fit for an organization that also utilizes Splunk in its environment. While there is a learning curve, if users and admins are already familiar with Splunk, it should be a straightforward task to get Enterprise Security up and running. It makes even more sense if the organization is already utilized Splunk Security Essentials. This is like Enterprise Security Lite - but much of the setup and configuration carries directly over to Enterprise Security.
March 16, 2023

Control of accounts, malware and anomalies in a single software.

jacod Jones | TrustRadius Reviewer
jacod Jones
RPA Engineer
Mr. Cooper (Financial Services, 5001-10,000 employees)
Score 10 out of 10
Vetted Review
Verified User
Incentivized
Likelihood to Recommend
Splunk detects malware and all anomalies, there is no possibility of missing anything, we also have account control according to the privileges assigned by the company, which allows constant account monitoring and also avoids the danger of unauthorized access. Splunk does not have the best dashboard customization, nor is it the easiest to use, but I do think it is the one that keeps everything in order and allows us to comply with the entire complex security system.
January 13, 2023

Amazing solution to maintain the integrity of the investigations.

Verified User
Professional in Product Management
Security & Investigations Company, 5001-10,000 employees
Score 10 out of 10
Vetted Review
Verified User
Likelihood to Recommend
I think Splunk Enterprise Security is well suited to respond to your business needs by providing rapid response to all kind of threats. I think is great for security operations and a trustable product. I would like to provide more comprehensive dashboards and options regarding security posture.
November 08, 2022

Splunk ES help you aggregate to achieve visibility and leverage security intelligence across the organization

FS
Fabio Silva
Senior Network Engineer
Fexco (Financial Services, 1001-5000 employees)
Score 9 out of 10
Vetted Review
Verified User
Incentivized
Likelihood to Recommend
Splunk is very good when integrating with other security logs like Mcafee, Trend Micro & Darktrace. The integration with the Firewall application is still a gap to cover as today the integration with some vendors such as Palo Alto and Bluecoat is not straightforward yet.
October 06, 2022

Great tool with artificial intelligence to manage and mitigate threats.

Verified User
Analyst in Information Technology
Consumer Services Company, 51-200 employees
Score 10 out of 10
Vetted Review
Verified User
Likelihood to Recommend
Splunk Intelligence Management can be used by any company that is looking to improve its threat management system with system automation to detect and combat threats based on company-specific risk rules. It is super simple to configure them on the platform and create monitoring, analysis and incident response routines. The reports are customizable and full of data by day, week, month and year with the event response. It is a cost-effective solution.
August 02, 2022

Aligning on Splunk means a cheaper and far more flexible security monitoring solution.

Verified User
Professional in Information Technology
Fund-Raising Company, 1001-5000 employees
Score 8 out of 10
Vetted Review
Verified User
Incentivized
Likelihood to Recommend
If you need a very customisable SIEM product this is a very good contender in the SIEM market. Having used SaaS solutions before that were not very customisable, Splunk ES is a welcome product. It has a wide user adoption so even the user-driven support is great, this helps a lot in creating your queries.
July 21, 2022

Considerations from an ES implementation in SOCs consultant

Giuseppe Cusello | TrustRadius Reviewer
Giuseppe Cusello
GRC Director
Cyber Partners S.p.A. (Information Technology & Services, 11-50 employees)
Score 10 out of 10
Vetted Review
ResellerIncentivized
Likelihood to Recommend
I daily work in ES implementation for our customers so I hint to use ES in every Cyber Security protection situation because it ensembles threat detection features with notable and security incident management: it isn't a tool for specialists but for all security analysts. I think that it's well suited in all structured and/or big companies. It's difficult to implement (also for its costs) in small companies.
July 20, 2022

One SIEM to rule them all

Verified User
Engineer in Information Technology
Banking Company, 10,001+ employees
Score 8 out of 10
Vetted Review
Verified User
Incentivized
Likelihood to Recommend
Less appropriate scenario:
- If you don't have enough employees, I recommend using MSSP or maybe other SIEM with Splunk core. It can be hard to catch and replace your current SIEM.
Well Suited scenario:
- Machine learning and statistics. we developed many use cases for anomaly detection and with Splunk, we implemented them and apply on real-time data!
July 19, 2022

Top class security alerting with excellent outbreak handling and precise vulnerability analysis.

Ramu S R | TrustRadius Reviewer
Ramu S R
Junior Network Administrator
AMRITA VISHWA VIDYAPEETHAM (Higher Education, 5001-10,000 employees)
Score 9 out of 10
Vetted Review
Verified User
Incentivized
Likelihood to Recommend
Splunk Enterprise Security will be more suited in research dense areas, and also have a good scope in defense-related projects, cyber specialists, etc. It is less recommended for normal companies where the hosted application data do not require high-security environments. Also, this requires special admins to configure and monitor the logs effectively.
July 18, 2022

Splunk Enterprise Security tools are Avengers for your software systems.

Verified User
Technician in Engineering
Information Technology & Services Company, 1001-5000 employees
Score 8 out of 10
Vetted Review
Verified User
Incentivized
Likelihood to Recommend
Working as a security software engineer, Splunk Enterprise Security is like my suite of premium tools to accomplish my work. Everyone who has been behind a monitoring screen for software threats understands how hectic false positives are. Splunk is however able to reduce the alert volumes by triaging notables and saving you from the false alerts nightmare.
July 15, 2022

Highly precise alert monitoring with detailed logging.

AMJITH LAL S | TrustRadius Reviewer
AMJITH LAL S
Senior Network Administrator
AMRITA VISHWA VIDYAPEETHAM (Higher Education, 5001-10,000 employees)
Score 9 out of 10
Vetted Review
Verified User
Incentivized
Likelihood to Recommend
Splunk is well suited for research-oriented projects where we require detailed log analysis and threat evaluation. It is well suited for cyber security companies and defense-related areas. Moreover, it requires sound knowledge of networking. I would prefer CCNP equivalent skillset to monitor and manage Splunk professionally in any enterprise or institution.
Return to navigation