Splunk Cloud Platform is a data platform service thats help users search, analyze, visualize and act on data. The service can go live in as little as two days, and with an IT backend managed by Splunk experts.
N/A
Wireshark
Score 8.8 out of 10
N/A
Wireshark is a free and open source network troubleshooting tool.
Honestly, I do not know a better tool than Wireshark with GUI. Every single occasion I had to analyze packets in any company it was done in Wireshark - it's like industry standard.
Splunk is excellent when all your data is in one location. Its ability to correlate all that data is intuitive (once the hurdle of learning the query language is overcome). It is also easy to standardize the presentation of information to the company. When data is siloed/standalone, other systems can be cheaper and faster to implement.
I don't know of any other tool that works as well as Wireshark for packet capture an inspection. It's extremely easy to get up and running, and even with little to no knowledge of how to use the tool, you can be looking at all the traffic coming off a network interface.
This SIEM consolidates multiple data points and offers several features and benefits, creating custom dashboards and managing alert workflows.
Splunk Cloud provides a simple way to have a central monitoring and security solution. Though it does not have a huge learning curve, you should spend some time learning the basics.
Splunk Cloud enables me to create and schedule statistical reports on network use for Management.
A more user-friendly interface would be nice, but then again it is not really designed for those who are not quite comfortable with this type of software.
Changes to functionality on updates - this can sometimes happen unexpectedly and can be an annoyance.
It's very simple and easy to use, although individuals not used to managing and administering networks would take some time to get familiar with it. Once they have mastered use of the application, it's easy to stay knowledgeable about it, iteration after iteration. It is well supported online through an open-source community network of professionals who are helpful in imparting knowledge and in providing assistance.
Splunk Cloud support is sorely lacking unfortunately. The portal where you submit tickets is not very good and is lacking polish. Tickets are left for days without any updates and when chased it is only sometimes you get a reply back. I get the feeling the support team are very understaffed and have far too much going on. From what I know, Splunk is aware of this and seem to be trying to remedy it.
I don't believe Wireshark has "true" support as the software is open source. However, there is an active & friendly community around Wireshark that are more than happy to help answer questions. From a comprehensive Wiki and FAQ section on the site to the Ask a Question forum and bug tracker section, there's plenty of support options to make sure your questions and issues are addressed.
Search Processing Language really is a game changer for writing easy-to-understand and maintainable queries on your data base logs. Once understood, setting up and validating a query can be done in no time- which leaves us the option to focus on more monitoring and improved services. We have no other tools that utilizes data this efficiently
Wireshark is a free tool that came highly recommended by one of our former network security consultants. Using the tool he was able to resolve all of our higher tier network tickets, so we observed first hand why we needed to add Wireshark into our toolset. We received in-depth instruction and training scenarios that demonstrated the effectiveness and power of the product, so we didn't spend any time reviewing competing products.
