Skip to main content
TrustRadius
Splunk Enterprise Security (ES)

Splunk Enterprise Security (ES)

Overview

What is Splunk Enterprise Security (ES)?

Splunk Enterprise Security (SIEM) is the company's flagship SIEM product, offered as a premium service to subscribers of Splunk Cloud or Splunk Enterprise.

Read more
Recent Reviews

TrustRadius Insights

Intuitive User Interface: Users have consistently found the user interface of the product intuitive and easy to use, allowing for quick …
Continue reading

Highly Recommended!

7 out of 10
September 12, 2023
Incentivized
Splunk Enterprise Security (ES) is integral to our cybersecurity strategy. It swiftly detects and responds to threats, addressing …
Continue reading

Splunk ES Review

9 out of 10
September 06, 2023
Incentivized
We use Splunk ES to monitor security-relevant events, create notables for our Analysts to review, and overall improve our organization's …
Continue reading
Read all reviews

Awards

Products that are considered exceptional by their customers based on a variety of criteria win TrustRadius awards. Learn more about the types of TrustRadius awards to make the best purchase decision. More about TrustRadius Awards

Popular Features

View all 13 features
  • Centralized event and log data collection (100)
    9.3
    93%
  • Custom dashboards and workspaces (102)
    9.0
    90%
  • Incident indexing/searching (101)
    8.7
    87%
  • Deployment flexibility (101)
    8.3
    83%

Reviewer Pros & Cons

View all pros & cons
Return to navigation

Pricing

View all pricing
N/A
Unavailable

What is Splunk Enterprise Security (ES)?

Splunk Enterprise Security (SIEM) is the company's flagship SIEM product, offered as a premium service to subscribers of Splunk Cloud or Splunk Enterprise.

Entry-level set up fee?

  • No setup fee
For the latest information on pricing, visithttps://www.splunk.com/en_us/products/p…

Offerings

  • Free Trial
  • Free/Freemium Version
  • Premium Consulting/Integration Services

Would you like us to let the vendor know that you want pricing?

65 people also want pricing

Alternatives Pricing

What is Microsoft Sentinel?

Microsoft Sentinel (formerly Azure Sentinel) is designed as a birds-eye view across the enterprise. It is presented as a security information and event management (SIEM) solution for proactive threat detection, investigation, and response.

What is InsightIDR?

In addition to their incident response service, Rapid7 offers InsightIDR, a combined XDR and SIEM that provides user behavior and threat analytics.

Return to navigation

Features

Security Information and Event Management (SIEM)

Security Information and Event Management is a category of security software that allows security analysts to look at a more comprehensive view of security logs and events than would be possible by looking at the log files of individual, point security tools

8.5
Avg 7.8
Return to navigation

Product Details

What is Splunk Enterprise Security (ES)?

Splunk Enterprise Security is an analytics-driven SIEM that helps to combat threats with actionable intelligence and advanced analytics at scale. Ingest machine data from any source for full visibility to detect malicious threats in an environment. Investigate and correlate activities across multicloud and on-premises sources in one unified view to identify and remediate security incidents. Splunk Enterprise Security supports cloud, on-premises, and hybrid deployment models to meet the needs of the business. When deployed as a cloud-based SIEM, the vendor states Splunk Enterprise Security can deliver improved time to value, allowing teams to focus on higher value security tasks instead of managing infrastructure hardware and manual upgrades.

Splunk Enterprise Security (ES) Video

Threat intelligence capabilities can be found in a variety of products. In this video, the TrustRadius team goes over 4 leading products in the space, including Splunk Enterprise Security (ES).

Splunk Enterprise Security (ES) Technical Details

Operating SystemsUnspecified
Mobile ApplicationNo

Frequently Asked Questions

Splunk Enterprise Security (SIEM) is the company's flagship SIEM product, offered as a premium service to subscribers of Splunk Cloud or Splunk Enterprise.

IBM Security QRadar SIEM, LogRhythm NextGen SIEM Platform, and Securonix Next-Generation SIEM are common alternatives for Splunk Enterprise Security (ES).

Reviewers rate Centralized event and log data collection highest, with a score of 9.3.

The most common users of Splunk Enterprise Security (ES) are from Enterprises (1,001+ employees).
Return to navigation

Comparisons

View all alternatives
Return to navigation

Reviews and Ratings

(253)

Community Insights

TrustRadius Insights are summaries of user sentiment data from TrustRadius reviews and, when necessary, 3rd-party data sources. Have feedback on this content? Let us know!

Intuitive User Interface: Users have consistently found the user interface of the product intuitive and easy to use, allowing for quick completion of tasks. Many reviewers praised its simplicity and user-friendly design.

Efficient Log Correlation: The automation capabilities in XDR were highly appreciated by users as they enable efficient log correlation and turning data into meaningful insights. Several reviewers mentioned that this feature saves them time and enhances their overall productivity.

Comprehensive Security Monitoring: Users highlighted the product's ability to monitor firewall traffic, mail systems, and AWS infrastructure, providing comprehensive security monitoring. This feature was commended for its effectiveness in identifying potential threats from various sources.

User Interface: Users have found the user interface of Splunk Enterprise Security to be confusing and not user-friendly, with a steep learning curve. Some users suggest improving the UI by reducing the number of clicks required.

Troubleshooting and Integration: Several users have experienced difficulty troubleshooting and integrating Splunk with other products. They mention that customizations often require technical support which may not always be on point. There is a need for optimization when it comes to handling multiple data sources.

Default Searches and Alerts: Many users find the default searches and alerts provided by Splunk Enterprise Security to be not valuable and in need of customization. They suggest better alert suppression, improved permissions, and more support for certain tools. Furthermore, users desire a more polished version of the miter coverage dashboard.

Users commonly recommend the following for Splunk Enterprise:

  1. Invest in proper training for personnel to avoid misuse and low performance. Users suggest that investing in training for staff is crucial to ensure effective use of the software and prevent any potential issues or underutilization.

  2. Consider other products in the market and evaluate compatibility with your business needs. While users recommend Splunk Enterprise, they also suggest exploring alternative solutions to determine which one best suits their specific requirements and environment.

  3. Try Splunk Enterprise for free and explore its documentation. Users advise others to take advantage of the free trial offered by Splunk Enterprise and thoroughly explore the product documentation. This will help users evaluate whether the software meets their needs and understand its features before making a purchase decision.

Attribute Ratings

Reviews

(1-25 of 103)
Companies can't remove reviews or game the system. Here's why
Score 9 out of 10
Vetted Review
Verified User
Incentivized
We use Splunk Enterprise in our Organization to achieve the following. Consolidate logs from all sources in one place. Create Custom Correlation alerts to paint the bigger picture effectively. Create Sophisticated Dashboards and reports using multiple data sources for better and non-redundant visualization. Create some basic automation like CSV updates. Perform Threat Hunting to discover unknown threats. Manage Incidents in one place and track Analyst Performance.
  • Writes Powerful Queries: The queries that can be written using the Splunk Query Language are very powerful and highly customizable to meet every need. Ex: Writing queries to search the intersection of two different sources like Network and Endpoint Logs.
  • Offers Dashboard Abilities: Helps build complex panels for Dashboards in addition to providing several out-of-the-box panels. Ex: creating panels to calculate the performance of analysts in a given timezone.
  • Helpful Search Aids: It helps to set up complex custom alerts very easily. The interesting fields section is very helpful while threat hunting. Ex: It shows all the users and the frequency of each in a failed login event. The user list on the interesting fields is useful to look for suspicious logins.
  • Dashboard Builder: It needs more out-of-the-box panels for beginners to learn.
  • Autofill: The query autofill isn't that great. It needs better suggestions for beginners especially.
  • Speed: The speed of the search isn't that great. It can be improved. For some queries, it takes too long.
  • Error handler: The error messages in the case of wrong syntax can be more descriptive. The messages are sometimes vague and are not helpful.
Well suited: Splunk ES is highly recommended in an environment with many data sources and experienced computer engineers. It has a steep learning curve, but once that hurdle is crossed, it is absolutely a beast. It is also very expensive, so a company putting a high amount of budget in Security is needed. Not well suited: Splunk ES is not recommended if a company has only a few sources and some non-technical IT users. The price won't justify the fewer data sources and scratching just the surface level. Moreover, non-technical IT users would be better off with something that has a query builder, unlike Splunk.
Score 9 out of 10
Vetted Review
Verified User
Incentivized
It's easy to build queries & integrate with other systems and applications. There are a lot of add ons you can integrate to Splunk that can save you a lot of time. Correlation and investigation are easy due to Splunk's effective data parsing capability. There are endless options to customize searching. It provides a very accurate Data Analytics platform that can be adopted by users of all levels. E.x. From tools like Data Tables for Novices to Splunk's Web Framework for Experts.
  • It gives visuals to the client when we select a graphical portrayal, enabling us to change signs into visual outlines, for example, pie outlines, diagrams, tables, and so on.
  • Dashboard UI is intuitive and exceptionally educational, so one can easily find whatever they are looking for.
  • Sometimes, it's very, very slow! It also takes a long time to refresh.
  • UI for pattern searching can be a little better.
Well Suited: What we admire most about Splunk is the significant improvements and capabilities it brings to the software with every major release. It is simply mind-blowing and easy to set up from a backend developer's point of view, as it is compatible with existing popular enterprise frameworks using microservice architecture (Spring Boot). Less Suited: Their enterprise plans are frankly costly. Cost wise, maybe it won't be suitable for small startups.
September 12, 2023

Highly Recommended!

Score 7 out of 10
Vetted Review
Verified User
Incentivized
Splunk Enterprise Security (ES) is integral to our cybersecurity strategy. It swiftly detects and responds to threats, addressing compliance and incident response challenges. ES aggregates data from diverse sources, offering real-time monitoring and correlation. This agility minimizes security incident impact.

ES aids compliance management by providing detailed logs and reports, streamlining audits. Our use case spans the organization, integrating various data sources for a comprehensive security view. It also incorporates threat intelligence, bolstering proactive threat identification.

In summary, Splunk ES is a vital component, ensuring swift incident response and maintaining compliance with industry standards. Its scalability and adaptability make it a cornerstone of our security operations.
  • Advanced Threat Detection and Correlation: ES stands out in its ability to detect sophisticated threats by correlating data from multiple sources. For instance, it can identify unusual patterns in user behavior, cross-referencing with network logs to flag potential insider threats.
  • Real-time Monitoring and Alerting: ES offers robust real-time monitoring capabilities. It excels in promptly alerting us to critical security events, such as suspicious network traffic spikes or unauthorized access attempts, allowing for immediate response.
  • Comprehensive Log Analysis: ES ingests and analyzes an extensive range of log data. It's particularly adept at parsing and making sense of complex log formats, making it a versatile tool for understanding system activities and security events.
  • Improved User Interface Customization: While the interface is generally intuitive, providing more options for users to customize their dashboards and views would enhance the overall user experience. Tailoring the interface to specific roles or use cases could be a valuable addition.
  • Simplified Alert Management: Streamlining the process of managing alerts, such as grouping or categorizing them based on severity or type, would make it easier for security teams to prioritize and respond to incidents effectively.
  • Expanded Threat Intelligence Feeds: Increasing the variety and sources of threat intelligence feeds available within ES would provide a broader context for identifying and mitigating emerging threats, ensuring a more comprehensive defense against evolving attack vectors.
Well-Suited Scenarios:

Real-Time Threat Response: ES excels in swiftly detecting and responding to security threats through data correlation.
Compliance Management: ES streamlines compliance with detailed logs and reports, ideal for regulated industries.
User Behavior Analytics: Effective in monitoring user and entity behavior, particularly for insider threat detection.
Large-Scale Environments: Valuable for organizations with diverse data sources and high volumes of data.
Incident Investigation: ES aids in post-incident analysis, reconstructing events to understand root causes.

Less Appropriate Scenarios:

Smaller Organizations: For simpler setups, ES may be complex and costly.
Static Environments: In low-risk settings, ES's advanced features may be unnecessary.
Limited Resources: Tight budgets or sparse IT resources may hinder effective ES use.
Lack of In-House Expertise: Without security experts, optimizing ES can be challenging.
Budget Constraints: ES may be cost-prohibitive for budget-conscious organizations, prompting consideration of more affordable alternatives.
September 12, 2023

Splunk ES Review

Sam Babbitt | TrustRadius Reviewer
Score 7 out of 10
Vetted Review
Verified User
Incentivized
I was evaluating Splunk for a potential client. Splunk is a great tool for anyone that needs a SIEM to monitor data, networks, users, etc. The customization of the Dashboard is ideal for anyone to setup and use for an easy display of information. The alerts are incredibly helpful for notification of any problems
  • Develop dashboards and notables to track security-relevant details
  • Data correlation
  • threat monitoring and detection
  • more efficient searches
  • Multiple ways of creating report and alert is confusing
  • Multiple ways of creating report and alert is confusing
It is very easy to connect data sources and manipulate data sets of any size
Score 8 out of 10
Vetted Review
Verified User
Incentivized
I use the product to help monitor, analyze and potentially mitigate certain security issues that may come up. This includes acting as a secondary for escalations and looking at some alerts.
  • Monitoring log activity for potential security problems
  • The interface for investigations is pretty easy to use
  • Enjoy the high level detail the product gives for alerting
  • Nice playground for keeping track of investigations
  • Ease to create new notables to track further items.
  • Crazy awful latency when loading
  • Sometimes the events tab won't show any logs
  • Difficult to follow certain parts of investigations, but this is being addressed with Mission Control. (I'm talking about the original interface)
I like how it's all one dashboard and there is not a separate SIEM from the actual log agregator. This makes investigation a lot more efficient and easy to complete said investigation. It is easy to close multiple alerts together and to link items when the notables are part of an overarching issue. It is also easy to make another notable. It is easy to change the risk score to lower the alerting threshold.
Score 9 out of 10
Vetted Review
Verified User
Incentivized
splunk ES is a very useful and powerful tool as a SIEM platform, we send logs from multiple sources such as winodws servers, linux, RH, Firewalls, WAF, O365, etc, the installation process of UF is not complicated, the deployment of the information is fast and the language for the visualization of tables or graphs can be a little complicated but there are guides and KB to support these tasks.
  • Customization of dashboards
  • Creating apps based on your needs.
  • Search queries can be saved for future or even can be converted to apps
  • high cost
  • slow interface
We send logs from multiple sources such as winodws servers, linux, RH, Firewalls, WAF, O365, etc,
September 06, 2023

Splunk ES Review

Score 9 out of 10
Vetted Review
Verified User
Incentivized
We use Splunk ES to monitor security-relevant events, create notables for our Analysts to review, and overall improve our organization's security and security hygiene. Splunk ES is a service we offer to our clients as an MSSP and SOC-as-a-service, giving potential customers another great option to use for their own organization.
  • Breakdown event logs into easy-to-search fields
  • Provide relevant trends and metrics for events
  • Develop dashboards and notables to track security-relevant details
  • Ease-of-use for new users
  • Better options to export events/notables
  • More streamlined UI
It has nearly limitless potential for security uses, but the learning curve is very steep
Score 10 out of 10
Vetted Review
Verified User
Incentivized
I work for big organization and large infrastructure .Splunk Enterprise Security (ES) helps alot in security prospective and to chase threats and vulnerability detection, critical traffic detection firewall device Based on the risk score we can get incident notification and we can evaluate based on suggestions .SOC analyst best siem tool and good progress
  • Threat detection
  • Security
  • Vulnerability
  • Use case
  • Pre defined Data models
  • End point frame works
  • Data loss protection use cases and framework
Splunk Enterprise Security (ES) protects company's infrastructure and we'll detected and automated alerts based on programmed alerts which is mainly threshold risk score Predefined use cases will help you to protect cloud environment and soc analysts can easily jump into them and enable them as they want Correlation methods will give you more exposure to track different ways to identify and get resolutions .
Score 7 out of 10
Vetted Review
Verified User
Incentivized
we use ES to analyse the risk of the organization and do actions to mitigate them to enhance our security Level in the environment faced variety of attacks from the world wide. we take much affort to imporve our rules to reduce the false positive and flase negative
  • incident review show up all the risk case so that we can review it in a convenience way
  • security posture combine very useful information and do analysis and trend in overall
  • security intelligence give a score to judge which is true risk
  • may be join search
  • more depend on log if log not received in time
  • need professional train to use
I have no idea
Score 9 out of 10
Vetted Review
Verified User
Incentivized
I am a security analyst and so I use it on a day to day basis to triage and troubleshoot alerts and security incidents in my organization. We have several dozen data sources going to our Splunk environment and then we build correlation alerts for them
  • Data detail
  • Timeline
  • Charts and data presentation
  • Data correlation
  • Third party app support
  • Simplify management
  • More automation
Incident response, security event correlation, security posture analysis and preparation, presentation
Score 8 out of 10
Vetted Review
Verified User
Incentivized
Our analysts use ES to gain a broad perspective on all the security events coming in from our customer devices. We have multiple internal customers with different environments, so it’s useful having a central place in each SIEM to find events. ES is vital to our business as it allows us to use risk based alerting, which decreases the amount of alerts our analysts have to review each day. We’re able to easily tune these rules to filter out false positives and noisy notables to ensure our analysts have an easy time identifying real threats in a timely manner.
  • Risk based alerting
  • Single pane of glass
  • Easy to use UI
  • Sometimes runs slowly
  • Some incident review panels have never worked in our environment
  • More dashboards
It is well suited for our analysts reviewing the alerts that come in each day. The risk based alerting system allows us to tune detections to eliminate noisy notables and ensure our analysts don’t get stuck dealing with alert fatigue. The information generated by ES allows us to create dashboards that easily communicate our accomplishments to higher leadership.
Score 10 out of 10
Vetted Review
Verified User
Incentivized
Use it as the SIEM - data monitoring, threat detection and remediation.
  • Notable event detection
  • search correlation
  • threat monitoring and detection
  • more efficient searches
  • less app dependencies
  • app/TA consolidation
works well with multiple/disparate data sources
Score 9 out of 10
Vetted Review
Verified User
Incentivized
The module performs data analysis within our Data Indexers. Everything related to the administration of the elements of operation, including alarms, the administration of our cases, the workflow, the automated responses, and the administration of the platform is carried out by the administrators of this platform. There is a module for interaction with the platform that we have installed in stand-alone mode and in multiple instances. We can also find the Cloud which is a complementary solution provided through a cloud service that provides UEBA capabilities.
  • It supports a flexible architecture and great ease of scaling.
  • It provides us with a wide variety of complementary applications related to use cases such as Security Essentials and Stream.
  • The entire architecture can be implemented on physical or virtual machines, as well as in the cloud.
  • It also provides us with SaaS solutions or by the client.
  • It natively allows us solutions of type MSPs and MSSP.
  • Wide range of native analysis that is used to generate a very robust SIEM solution.
  • It has several modules such as Splunk ES, Splunk UBA, and Splunk Phantom which work perfectly.
  • One disadvantage of Splunk is that it is intended to be deployed in large organizations, offering a robust platform for detecting and responding to existing threats. Although it is preferably prepared to provide solutions to large companies, it can also be implemented within smaller organizations, adapting its content to the environment where it is implemented.
It is centrally integrated to manage and improve the detection of our security threats, instead of using other types of native and complementary tools. Integrations with these appliances are done through our applications and plugins that we can find within Splunkbase. All this using the APIs.Splunk Stream uses the collection of our network traffic to determine the application, the protocol, even if it is encrypted. All this is sent for later analysis.
Score 10 out of 10
Vetted Review
Verified User
Incentivized
We use it for reporting error conditions. For example, whenever there is failed authentication beyond an acceptable rate, then we create alerts to the production support team to look into the actual issue before even the customer complains about it.
  • Error alert
  • Monitoring
  • Reporting
  • Dashboard
  • More clear menus
  • Multiple ways of creating report and alert is confusing
  • Include more help documents
Well suited for:
1. Creating real-time alerts to monitor login issues by customers.
2. Scheduled Reports - save a lot of time where the routine manual report generation task is automated
Score 9 out of 10
Vetted Review
Verified User
Incentivized
Our scope is actually quite large as my team is responsible for the protection of tens of thousands of devices. This is accomplished with the use of Enterprise Security, which we have used for the past several years to great effect. Enterprise Security enables us to detect and respond to threats in real time, monitor our environment's overall security compliance, and provide timely and insightful reports and metrics to management.
  • Security incident investigation.
  • Insider threat detection.
  • Reporting and metrics.
  • Learning curve - requires subject matter expertise and Splunk administration knowledge.
  • Automated response limitations - requires SOAR to unlock its full potential.
Splunk Enterprise Security is a great fit for an organization that also utilizes Splunk in its environment. While there is a learning curve, if users and admins are already familiar with Splunk, it should be a straightforward task to get Enterprise Security up and running. It makes even more sense if the organization is already utilized Splunk Security Essentials. This is like Enterprise Security Lite - but much of the setup and configuration carries directly over to Enterprise Security.
jacod Jones | TrustRadius Reviewer
Score 10 out of 10
Vetted Review
Verified User
Incentivized
This software notifies the advances in the possible anomalies in the systems or in the applications with a search capacity system, which provides us with a more general vision of the risks that our systems may have. It is also widely used to always have a security tool working to completely fix and eliminate threats to our IT infrastructure with malware detection, suspicious activity, suspicious activity isolation with account classification feature based on privilege.
  • Classifying accounts according to privileges allows for better control.
  • Malware detection.
  • Account monitoring requires advanced knowledge and also prior configuration.
  • Dashboard customization can improve them.
Splunk detects malware and all anomalies, there is no possibility of missing anything, we also have account control according to the privileges assigned by the company, which allows constant account monitoring and also avoids the danger of unauthorized access. Splunk does not have the best dashboard customization, nor is it the easiest to use, but I do think it is the one that keeps everything in order and allows us to comply with the entire complex security system.
Score 10 out of 10
Vetted Review
Verified User
Splunk Enterprise Security Provides great and advanced threat detection and rapid response. Has a wide variety of features to transform security operations such as user behavior analytics and comprehensive dashboards. Is very easy to deploy and customize to your business needs using the walk through demo or tour experience to get the best of this Product.
  • Security monitoring
  • Threat response and investigation
  • security metrics
  • user behavior analytics
  • more dashboards
  • content aggregation
I think Splunk Enterprise Security is well suited to respond to your business needs by providing rapid response to all kind of threats. I think is great for security operations and a trustable product. I would like to provide more comprehensive dashboards and options regarding security posture.
Score 9 out of 10
Vetted Review
Verified User
Incentivized
We are using Splunk ES to identify possible security risks and advice together with other legacy security tools. Splunk ES is helping us to correlate different logs in a single interface.
  • Incident Review and Classification
  • Risk-Based Analysis
  • Endpoint Protection
  • Palo Alto logs integration
  • Bluecoat logs integration
Splunk is very good when integrating with other security logs like Mcafee, Trend Micro & Darktrace. The integration with the Firewall application is still a gap to cover as today the integration with some vendors such as Palo Alto and Bluecoat is not straightforward yet.
Score 10 out of 10
Vetted Review
Verified User
Splunk Intelligence Management has enhanced our company's security threat detection and mitigation security management using predictive analytics built on our risk analysis. It is a great ally of the firewall, intrusion, spam and e-mail protection system. In these two years of use we identified many vulnerable targets in our network and fixed the problem. We were able to automate security processes that are repetitive so that they happen automatically and generating logs for later consultation. The system is quite robust, comprehensive and allows creating many features to protect the network from threats.
  • Risk Analysis Dashboard.
  • Perfect for identifying security risks and targets in internal systems.
  • Process automation with intelligence to detect and combat threats.
  • Easy to use and configure interface.
  • Requires advanced learning to know all the features and configure in the best possible way.
Splunk Intelligence Management can be used by any company that is looking to improve its threat management system with system automation to detect and combat threats based on company-specific risk rules. It is super simple to configure them on the platform and create monitoring, analysis and incident response routines. The reports are customizable and full of data by day, week, month and year with the event response. It is a cost-effective solution.
Score 8 out of 10
Vetted Review
Verified User
Incentivized
We use Splunk Enterprise Security since a couple of years for our Security monitoring solution. We needed another supplier as the previous one was too big for our needs and Splunk offered us a way to fit our requirement and a little bit more. We started with a few use-cases but since then have expanded into a complete monitoring solution.
  • Very customisable.
  • With a little knowledge your can do elaborate searches.
  • Continuous security monitoring.
  • The product is pricey.
  • Learning curve is steep.
If you need a very customisable SIEM product this is a very good contender in the SIEM market. Having used SaaS solutions before that were not very customisable, Splunk ES is a welcome product. It has a wide user adoption so even the user-driven support is great, this helps a lot in creating your queries.
Giuseppe Cusello | TrustRadius Reviewer
Score 10 out of 10
Vetted Review
ResellerIncentivized
I'm a consultant in SIEM implementation for our customers. I implemented many ES installations in the last years for SIEMs and SOCs.
  • Search and analyze cyber Security Threats
  • cyber risk quantification of customer assents and identities
  • manage notable events and security incidents
  • investigate alerts from Splunk
  • create always new security Use Cases
  • reporting for board
  • support company compliance functions in their activities
  • we hard-worked to customize ES for multitenancy because this feature isn't present in ES
  • Investigations aren't so easy to customize
  • integration of ES with external Asset Management system isn't so easy to implement
  • I should be very useful an integration with an external Vulnerability Management system (e.g. Tenable) to highlight dangerous areas and asset risk quantification
I daily work in ES implementation for our customers so I hint to use ES in every Cyber Security protection situation because it ensembles threat detection features with notable and security incident management: it isn't a tool for specialists but for all security analysts. I think that it's well suited in all structured and/or big companies. It's difficult to implement (also for its costs) in small companies.
Score 8 out of 10
Vetted Review
Verified User
Incentivized
Using Splunk Enterprise Security is just amazing. Splunk Enterprise Security is like no other SIEMs solutions.
Splunk gives us:
- Advanced dashboarding and alerting options.
- Real-time security investigations.
- Anomaly detection.
- With MLTK and SPL, we are implementing some advanced use cases which are included statistics and ML.
- With lookups and data models, we created many custom models to run our Threat Intel schemas and Threat hunting processes.
  • Security investigation.
  • Threat hunting and threat intel processes.
  • Search efficiency with data models.
  • Creating investigation workflows.
  • Splunk Enterprise Security and UEBA could be one platform.
  • Real time searches could be improve. (should be added more real time searches etc.)
  • Configuration and management is hard for newbies.
Less appropriate scenario:
- If you don't have enough employees, I recommend using MSSP or maybe other SIEM with Splunk core. It can be hard to catch and replace your current SIEM.
Well Suited scenario:
- Machine learning and statistics. we developed many use cases for anomaly detection and with Splunk, we implemented them and apply on real-time data!
Ramu S R | TrustRadius Reviewer
Score 9 out of 10
Vetted Review
Verified User
Incentivized
Splunk Enterprise Security resolved many of our enterprise logging issues with accurate historic security logs with advanced threat analysis. We could identify most of the vulnerabilities easily this software. It was hard to manage earlier with our traditional hardware firewalls for log analysis and threat detections. We could also do the threat reporting easily with Splunk Enterprise Security.
  • Detailed security and threat reports available.
  • Root case of a bug could be easily identified.
  • Excellent and precise penetration testing.
  • Lacks Real-time dashboards and live threat monitoring.
  • Advanced monitoring features are a bit expensive.
  • Suitable only for users with advanced networking knowledge.
Splunk Enterprise Security will be more suited in research dense areas, and also have a good scope in defense-related projects, cyber specialists, etc. It is less recommended for normal companies where the hosted application data do not require high-security environments. Also, this requires special admins to configure and monitor the logs effectively.
Score 8 out of 10
Vetted Review
Verified User
Incentivized
We use Splunk Enterprise Security tools as our first line of defense in combating threats on our multicolored on-premises deployments. Splunk provides advanced threat intelligence that utilizes an efficient model to immensely cut down on false alerts. Splunk Enterprise Security delivers an efficient data exfiltration model to identify suspicious activity and isolate threats and user behaviors.
  • I perform risk searches correlation several times a day. Splunk adds annotations to enrich correlation search results.
  • Greatly reduces alert volumes.
  • Demands incorporation of several risk factors to identify unauthorized usage which is quite complex and time-consuming.
Working as a security software engineer, Splunk Enterprise Security is like my suite of premium tools to accomplish my work. Everyone who has been behind a monitoring screen for software threats understands how hectic false positives are. Splunk is however able to reduce the alert volumes by triaging notables and saving you from the false alerts nightmare.
AMJITH LAL S | TrustRadius Reviewer
Score 9 out of 10
Vetted Review
Verified User
Incentivized
We have been using Splunk ES for log analysis and monitoring effectively for the last couple of years. Updated threats could be easily identified and we could take the necessary remedial measures. The machine learning toolkit has a lot of functionality. We could easily manage the overload of traditional logging in firewalls and monitor threats more effectively with Splunk.
  • In depth log analysis.
  • Customisable and user-friendly threat dashboard.
  • Detailed research module integration.
  • Dashboard lacks live monitoring features.
  • Not suitable for Amateurs in networking.
  • Enterprise features are less budget friendly.
Splunk is well suited for research-oriented projects where we require detailed log analysis and threat evaluation. It is well suited for cyber security companies and defense-related areas. Moreover, it requires sound knowledge of networking. I would prefer CCNP equivalent skillset to monitor and manage Splunk professionally in any enterprise or institution.
Return to navigation