Item: Splunk Enterprise
Rating: 7
Author: Verified User

Use Cases and Deployment Scope

We use Splunk Enterprise as a SIEM and a separate pool to use for medical record auditing. The SIEM catalogues information from multiple courses to provide efficiency and security data to the organization. Our medical record audit system is a custom written Splunk Enterprise app that takes audits from our EHR to determine suspicious activities

Pros and Cons

Searching of information.
Report building
Flexibility

Cost
Easier guides
Data normalization.

Return on Investment

Too expensive in my opinion.

Alternatives Considered

AlienVault USM and Elasticsearch

We used this first but are considering moving away due to log space limitations because of cost.

Key Insights

Do you think Splunk Enterprise delivers good value for the price?

Are you happy with Splunk Enterprise's feature set?

Yes

Did Splunk Enterprise live up to sales and marketing promises?

Yes

Did implementation of Splunk Enterprise go as expected?

Yes

Would you buy Splunk Enterprise again?

Likelihood to Recommend

Primary issue with Splunk Enterprise is cost. The licenses can get extremely expensive very quickly in my opinion. If the organization can afford to have all of their data in it then the program is amazing. We have been able to solve multiple problems or find things that would normally take hours within seconds with the tool

Great if you have the money

Software Version

Overall Satisfaction with Splunk Enterprise