Splunk Enterprise Security: Configured to your organization
Updated July 13, 2022
Splunk Enterprise Security: Configured to your organization
Score 9 out of 10
Vetted Review
Verified User
Overall Satisfaction with Splunk Enterprise Security (ES)
We utilize Splunk Enterprise Security for log analysis, correlation, and alerting. Security alerting and monitoring is the primary focus of our Splunk deployment and all logs are evaluated based on analytic value to security directives prior to being ingested. Splunk allows us to aggregate disparate logs and solution data and correlates events to generate security alerts.
- Log ingestion and indexing
- Event correlation
- Event timeline
- Data representation and presentation
- Cloud log ingestion on-prem vs Splunk Cloud
- Improvements to approachability of SPL
- Built in dashboarding and common use
- Formal adoption of SIGMA SIEM rule repositories
- Increased visibility across multiple log sources
- Reduction in MTTR beyond initial compromise to additional targets or resources
- Customization of alerting and monitoring to reflect our business' priorities and practices
Splunk does not hide its correlation and analytics logic from users as much as other solutions in the same space. While some features are harder to access the underlying information is all accessible and tunable. This gives Splunk an edge over other solutions that lock the user into a predefined box. However, many other solutions in the space have more advanced out-of-the-box functionality when turned on. The advantage lies with Splunk's granular control over logs and events to generate high-fidelity notables and alerts.
Do you think Splunk Enterprise Security (ES) delivers good value for the price?
Yes
Are you happy with Splunk Enterprise Security (ES)'s feature set?
Yes
Did Splunk Enterprise Security (ES) live up to sales and marketing promises?
Yes
Did implementation of Splunk Enterprise Security (ES) go as expected?
No
Would you buy Splunk Enterprise Security (ES) again?
Yes