Splunk Enterprise Security (ES)
Overview
What is Splunk Enterprise Security (ES)?
Splunk Enterprise Security (SIEM) is the company's flagship SIEM product, offered as a premium service to subscribers of Splunk Cloud or Splunk Enterprise.
TrustRadius Insights
Splunk Enterprise Security: My Review
Highly Recommended!
Splunk ES Review
Splunk ES, a great tool to use with some caveats!
excellent platform for the collection and management of logs from multiple sources
Splunk ES Review
Secure with Splunk Enterprise Security (ES)
a good tool for threat hunting and response
Splunk Enterprise Security is a must!
Splunk ES Alert Reduction
Splunk Enterprise Security (ES) - Clear Market Leader
Best siem on the market
Automated Reporting and monitoring tool
Securing Your Environment with Splunk Enterprise Security.
Awards
Products that are considered exceptional by their customers based on a variety of criteria win TrustRadius awards. Learn more about the types of TrustRadius awards to make the best purchase decision. More about TrustRadius Awards
Popular Features
- Centralized event and log data collection (100)9.393%
- Custom dashboards and workspaces (102)9.090%
- Incident indexing/searching (101)8.787%
- Deployment flexibility (101)8.383%
Reviewer Pros & Cons
Pricing
What is Splunk Enterprise Security (ES)?
Splunk Enterprise Security (SIEM) is the company's flagship SIEM product, offered as a premium service to subscribers of Splunk Cloud or Splunk Enterprise.
Entry-level set up fee?
- No setup fee
Offerings
- Free Trial
- Free/Freemium Version
- Premium Consulting/Integration Services
Would you like us to let the vendor know that you want pricing?
65 people also want pricing
Alternatives Pricing
What is Microsoft Sentinel?
Microsoft Sentinel (formerly Azure Sentinel) is designed as a birds-eye view across the enterprise. It is presented as a security information and event management (SIEM) solution for proactive threat detection, investigation, and response.
What is InsightIDR?
In addition to their incident response service, Rapid7 offers InsightIDR, a combined XDR and SIEM that provides user behavior and threat analytics.
Features
Security Information and Event Management (SIEM)
Security Information and Event Management is a category of security software that allows security analysts to look at a more comprehensive view of security logs and events than would be possible by looking at the log files of individual, point security tools
- 9.3Centralized event and log data collection(100) Ratings
Effectiveness of real-time centralized event and log data collection
- 8.8Correlation(99) Ratings
Correlation of logs and events to pinpoint significant threats
- 8.5Event and log normalization/management(100) Ratings
Ability to normalize event syntax so that logs can be compared and are machine-understandable
- 8.3Deployment flexibility(101) Ratings
Ability to tune system to maximize threat detection and minimize false positives
- 8Integration with Identity and Access Management Tools(96) Ratings
Integration with access control tools like Active Directory and LDAP
- 9Custom dashboards and workspaces(102) Ratings
dashboards that can be customized to meet the needs of specific groups
- 8.3Host and network-based intrusion detection(96) Ratings
Ability to detect both endpoint intrusion and network ingress detection
- 8.4Data integration/API management(98) Ratings
Ease and quality of data integrations between SIEM and other systems
- 7.9Behavioral analytics and baselining(95) Ratings
How effectively activity and behavior baselines are established and maintained
- 8.7Rules-based and algorithmic detection thresholds(96) Ratings
Effectiveness of manually-established rules and algorithmically-determined detection thresholds
- 7.5Response orchestration and automation(87) Ratings
Quality of built-in response orchestration and automation in Next-Gen SIEM
- 9.1Reporting and compliance management(95) Ratings
Ease and quality of reporting and compliance functions
- 8.7Incident indexing/searching(101) Ratings
Effectiveness of searching across structured and unstructured events and incidents within SIEM
Product Details
- About
- Competitors
- Tech Details
- FAQs
What is Splunk Enterprise Security (ES)?
Splunk Enterprise Security (ES) Video
Splunk Enterprise Security (ES) Competitors
Splunk Enterprise Security (ES) Technical Details
Operating Systems | Unspecified |
---|---|
Mobile Application | No |
Frequently Asked Questions
Comparisons
Compare with
Reviews and Ratings
(253)Community Insights
- Pros
- Cons
- Recommendations
Intuitive User Interface: Users have consistently found the user interface of the product intuitive and easy to use, allowing for quick completion of tasks. Many reviewers praised its simplicity and user-friendly design.
Efficient Log Correlation: The automation capabilities in XDR were highly appreciated by users as they enable efficient log correlation and turning data into meaningful insights. Several reviewers mentioned that this feature saves them time and enhances their overall productivity.
Comprehensive Security Monitoring: Users highlighted the product's ability to monitor firewall traffic, mail systems, and AWS infrastructure, providing comprehensive security monitoring. This feature was commended for its effectiveness in identifying potential threats from various sources.
User Interface: Users have found the user interface of Splunk Enterprise Security to be confusing and not user-friendly, with a steep learning curve. Some users suggest improving the UI by reducing the number of clicks required.
Troubleshooting and Integration: Several users have experienced difficulty troubleshooting and integrating Splunk with other products. They mention that customizations often require technical support which may not always be on point. There is a need for optimization when it comes to handling multiple data sources.
Default Searches and Alerts: Many users find the default searches and alerts provided by Splunk Enterprise Security to be not valuable and in need of customization. They suggest better alert suppression, improved permissions, and more support for certain tools. Furthermore, users desire a more polished version of the miter coverage dashboard.
Users commonly recommend the following for Splunk Enterprise:
-
Invest in proper training for personnel to avoid misuse and low performance. Users suggest that investing in training for staff is crucial to ensure effective use of the software and prevent any potential issues or underutilization.
-
Consider other products in the market and evaluate compatibility with your business needs. While users recommend Splunk Enterprise, they also suggest exploring alternative solutions to determine which one best suits their specific requirements and environment.
-
Try Splunk Enterprise for free and explore its documentation. Users advise others to take advantage of the free trial offered by Splunk Enterprise and thoroughly explore the product documentation. This will help users evaluate whether the software meets their needs and understand its features before making a purchase decision.
Attribute Ratings
- 8.8Likelihood to Renew3 ratings
- 9.1Availability1 rating
- 8.2Performance1 rating
- 7.6Usability2 ratings
- 6.6Support Rating6 ratings
- 8.2Online Training1 rating
- 9.1In-Person Training1 rating
- 9.1Implementation Rating1 rating
- 7.3Configurability1 rating
- 9.3Product Scalability100 ratings
- 6.4Ease of integration1 rating
- 8.2Vendor pre-sale1 rating
- 8.2Vendor post-sale1 rating
- 9.1Professional Services1 rating
- 7.3Contract Terms and Pricing Model1 rating
Reviews
(1-25 of 103)The Power of Splunk Enterprise.
- Writes Powerful Queries: The queries that can be written using the Splunk Query Language are very powerful and highly customizable to meet every need. Ex: Writing queries to search the intersection of two different sources like Network and Endpoint Logs.
- Offers Dashboard Abilities: Helps build complex panels for Dashboards in addition to providing several out-of-the-box panels. Ex: creating panels to calculate the performance of analysts in a given timezone.
- Helpful Search Aids: It helps to set up complex custom alerts very easily. The interesting fields section is very helpful while threat hunting. Ex: It shows all the users and the frequency of each in a failed login event. The user list on the interesting fields is useful to look for suspicious logins.
- Dashboard Builder: It needs more out-of-the-box panels for beginners to learn.
- Autofill: The query autofill isn't that great. It needs better suggestions for beginners especially.
- Speed: The speed of the search isn't that great. It can be improved. For some queries, it takes too long.
- Error handler: The error messages in the case of wrong syntax can be more descriptive. The messages are sometimes vague and are not helpful.
Splunk Enterprise Security: My Review
- It gives visuals to the client when we select a graphical portrayal, enabling us to change signs into visual outlines, for example, pie outlines, diagrams, tables, and so on.
- Dashboard UI is intuitive and exceptionally educational, so one can easily find whatever they are looking for.
- Sometimes, it's very, very slow! It also takes a long time to refresh.
- UI for pattern searching can be a little better.
Highly Recommended!
- Advanced Threat Detection and Correlation: ES stands out in its ability to detect sophisticated threats by correlating data from multiple sources. For instance, it can identify unusual patterns in user behavior, cross-referencing with network logs to flag potential insider threats.
- Real-time Monitoring and Alerting: ES offers robust real-time monitoring capabilities. It excels in promptly alerting us to critical security events, such as suspicious network traffic spikes or unauthorized access attempts, allowing for immediate response.
- Comprehensive Log Analysis: ES ingests and analyzes an extensive range of log data. It's particularly adept at parsing and making sense of complex log formats, making it a versatile tool for understanding system activities and security events.
- Improved User Interface Customization: While the interface is generally intuitive, providing more options for users to customize their dashboards and views would enhance the overall user experience. Tailoring the interface to specific roles or use cases could be a valuable addition.
- Simplified Alert Management: Streamlining the process of managing alerts, such as grouping or categorizing them based on severity or type, would make it easier for security teams to prioritize and respond to incidents effectively.
- Expanded Threat Intelligence Feeds: Increasing the variety and sources of threat intelligence feeds available within ES would provide a broader context for identifying and mitigating emerging threats, ensuring a more comprehensive defense against evolving attack vectors.
Splunk ES Review
- Develop dashboards and notables to track security-relevant details
- Data correlation
- threat monitoring and detection
- more efficient searches
- Multiple ways of creating report and alert is confusing
- Multiple ways of creating report and alert is confusing
Splunk ES, a great tool to use with some caveats!
- Monitoring log activity for potential security problems
- The interface for investigations is pretty easy to use
- Enjoy the high level detail the product gives for alerting
- Nice playground for keeping track of investigations
- Ease to create new notables to track further items.
- Crazy awful latency when loading
- Sometimes the events tab won't show any logs
- Difficult to follow certain parts of investigations, but this is being addressed with Mission Control. (I'm talking about the original interface)
excellent platform for the collection and management of logs from multiple sources
- Customization of dashboards
- Creating apps based on your needs.
- Search queries can be saved for future or even can be converted to apps
- high cost
- slow interface
Splunk ES Review
- Breakdown event logs into easy-to-search fields
- Provide relevant trends and metrics for events
- Develop dashboards and notables to track security-relevant details
- Ease-of-use for new users
- Better options to export events/notables
- More streamlined UI
Secure with Splunk Enterprise Security (ES)
- Threat detection
- Security
- Vulnerability
- Use case
- Pre defined Data models
- End point frame works
- Data loss protection use cases and framework
a good tool for threat hunting and response
- incident review show up all the risk case so that we can review it in a convenience way
- security posture combine very useful information and do analysis and trend in overall
- security intelligence give a score to judge which is true risk
- may be join search
- more depend on log if log not received in time
- need professional train to use
Splunk Enterprise Security is a must!
- Data detail
- Timeline
- Charts and data presentation
- Data correlation
- Third party app support
- Simplify management
- More automation
Splunk ES Alert Reduction
- Risk based alerting
- Single pane of glass
- Easy to use UI
- Sometimes runs slowly
- Some incident review panels have never worked in our environment
- More dashboards
- Notable event detection
- search correlation
- threat monitoring and detection
- more efficient searches
- less app dependencies
- app/TA consolidation
Best siem on the market
- It supports a flexible architecture and great ease of scaling.
- It provides us with a wide variety of complementary applications related to use cases such as Security Essentials and Stream.
- The entire architecture can be implemented on physical or virtual machines, as well as in the cloud.
- It also provides us with SaaS solutions or by the client.
- It natively allows us solutions of type MSPs and MSSP.
- Wide range of native analysis that is used to generate a very robust SIEM solution.
- It has several modules such as Splunk ES, Splunk UBA, and Splunk Phantom which work perfectly.
- One disadvantage of Splunk is that it is intended to be deployed in large organizations, offering a robust platform for detecting and responding to existing threats. Although it is preferably prepared to provide solutions to large companies, it can also be implemented within smaller organizations, adapting its content to the environment where it is implemented.
Automated Reporting and monitoring tool
- Error alert
- Monitoring
- Reporting
- Dashboard
- More clear menus
- Multiple ways of creating report and alert is confusing
- Include more help documents
1. Creating real-time alerts to monitor login issues by customers.
2. Scheduled Reports - save a lot of time where the routine manual report generation task is automated
- Security incident investigation.
- Insider threat detection.
- Reporting and metrics.
- Learning curve - requires subject matter expertise and Splunk administration knowledge.
- Automated response limitations - requires SOAR to unlock its full potential.
- Classifying accounts according to privileges allows for better control.
- Malware detection.
- Account monitoring requires advanced knowledge and also prior configuration.
- Dashboard customization can improve them.
- Security monitoring
- Threat response and investigation
- security metrics
- user behavior analytics
- more dashboards
- content aggregation
Splunk ES help you aggregate to achieve visibility and leverage security intelligence across the organization
- Incident Review and Classification
- Risk-Based Analysis
- Endpoint Protection
- Palo Alto logs integration
- Bluecoat logs integration
- Risk Analysis Dashboard.
- Perfect for identifying security risks and targets in internal systems.
- Process automation with intelligence to detect and combat threats.
- Easy to use and configure interface.
- Requires advanced learning to know all the features and configure in the best possible way.
Aligning on Splunk means a cheaper and far more flexible security monitoring solution.
- Very customisable.
- With a little knowledge your can do elaborate searches.
- Continuous security monitoring.
- The product is pricey.
- Learning curve is steep.
- Search and analyze cyber Security Threats
- cyber risk quantification of customer assents and identities
- manage notable events and security incidents
- investigate alerts from Splunk
- create always new security Use Cases
- reporting for board
- support company compliance functions in their activities
- we hard-worked to customize ES for multitenancy because this feature isn't present in ES
- Investigations aren't so easy to customize
- integration of ES with external Asset Management system isn't so easy to implement
- I should be very useful an integration with an external Vulnerability Management system (e.g. Tenable) to highlight dangerous areas and asset risk quantification
One SIEM to rule them all
Splunk gives us:
- Advanced dashboarding and alerting options.
- Real-time security investigations.
- Anomaly detection.
- With MLTK and SPL, we are implementing some advanced use cases which are included statistics and ML.
- With lookups and data models, we created many custom models to run our Threat Intel schemas and Threat hunting processes.
- Security investigation.
- Threat hunting and threat intel processes.
- Search efficiency with data models.
- Creating investigation workflows.
- Splunk Enterprise Security and UEBA could be one platform.
- Real time searches could be improve. (should be added more real time searches etc.)
- Configuration and management is hard for newbies.
- If you don't have enough employees, I recommend using MSSP or maybe other SIEM with Splunk core. It can be hard to catch and replace your current SIEM.
Well Suited scenario:
- Machine learning and statistics. we developed many use cases for anomaly detection and with Splunk, we implemented them and apply on real-time data!
Top class security alerting with excellent outbreak handling and precise vulnerability analysis.
- Detailed security and threat reports available.
- Root case of a bug could be easily identified.
- Excellent and precise penetration testing.
- Lacks Real-time dashboards and live threat monitoring.
- Advanced monitoring features are a bit expensive.
- Suitable only for users with advanced networking knowledge.
- I perform risk searches correlation several times a day. Splunk adds annotations to enrich correlation search results.
- Greatly reduces alert volumes.
- Demands incorporation of several risk factors to identify unauthorized usage which is quite complex and time-consuming.
- In depth log analysis.
- Customisable and user-friendly threat dashboard.
- Detailed research module integration.
- Dashboard lacks live monitoring features.
- Not suitable for Amateurs in networking.
- Enterprise features are less budget friendly.