Skip to main content
TrustRadius
Splunk Enterprise Security (ES)

Splunk Enterprise Security (ES)

Overview

What is Splunk Enterprise Security (ES)?

Splunk Enterprise Security (SIEM) is the company's flagship SIEM product, offered as a premium service to subscribers of Splunk Cloud or Splunk Enterprise.

Read more
Recent Reviews

TrustRadius Insights

Intuitive User Interface: Users have consistently found the user interface of the product intuitive and easy to use, allowing for quick …
Continue reading

Highly Recommended!

7 out of 10
September 12, 2023
Incentivized
Splunk Enterprise Security (ES) is integral to our cybersecurity strategy. It swiftly detects and responds to threats, addressing …
Continue reading

Splunk ES Review

9 out of 10
September 06, 2023
Incentivized
We use Splunk ES to monitor security-relevant events, create notables for our Analysts to review, and overall improve our organization's …
Continue reading
Read all reviews

Awards

Products that are considered exceptional by their customers based on a variety of criteria win TrustRadius awards. Learn more about the types of TrustRadius awards to make the best purchase decision. More about TrustRadius Awards

Popular Features

View all 13 features
  • Centralized event and log data collection (100)
    9.3
    93%
  • Custom dashboards and workspaces (102)
    9.1
    91%
  • Incident indexing/searching (101)
    8.8
    88%
  • Deployment flexibility (101)
    8.3
    83%

Reviewer Pros & Cons

View all pros & cons
Return to navigation

Pricing

View all pricing
N/A
Unavailable

What is Splunk Enterprise Security (ES)?

Splunk Enterprise Security (SIEM) is the company's flagship SIEM product, offered as a premium service to subscribers of Splunk Cloud or Splunk Enterprise.

Entry-level set up fee?

  • No setup fee
For the latest information on pricing, visithttps://www.splunk.com/en_us/products/p…

Offerings

  • Free Trial
  • Free/Freemium Version
  • Premium Consulting/Integration Services

Would you like us to let the vendor know that you want pricing?

67 people also want pricing

Alternatives Pricing

What is Microsoft Sentinel?

Microsoft Sentinel (formerly Azure Sentinel) is designed as a birds-eye view across the enterprise. It is presented as a security information and event management (SIEM) solution for proactive threat detection, investigation, and response.

Return to navigation

Features

Security Information and Event Management (SIEM)

Security Information and Event Management is a category of security software that allows security analysts to look at a more comprehensive view of security logs and events than would be possible by looking at the log files of individual, point security tools

8.5
Avg 7.8
Return to navigation

Product Details

What is Splunk Enterprise Security (ES)?

Splunk Enterprise Security is an analytics-driven SIEM that helps to combat threats with actionable intelligence and advanced analytics at scale. Ingest machine data from any source for full visibility to detect malicious threats in an environment. Investigate and correlate activities across multicloud and on-premises sources in one unified view to identify and remediate security incidents. Splunk Enterprise Security supports cloud, on-premises, and hybrid deployment models to meet the needs of the business. When deployed as a cloud-based SIEM, the vendor states Splunk Enterprise Security can deliver improved time to value, allowing teams to focus on higher value security tasks instead of managing infrastructure hardware and manual upgrades.

Splunk Enterprise Security (ES) Video

Threat intelligence capabilities can be found in a variety of products. In this video, the TrustRadius team goes over 4 leading products in the space, including Splunk Enterprise Security (ES).

Splunk Enterprise Security (ES) Technical Details

Operating SystemsUnspecified
Mobile ApplicationNo

Frequently Asked Questions

Splunk Enterprise Security (SIEM) is the company's flagship SIEM product, offered as a premium service to subscribers of Splunk Cloud or Splunk Enterprise.

IBM Security QRadar SIEM, LogRhythm NextGen SIEM Platform, and Securonix Next-Generation SIEM are common alternatives for Splunk Enterprise Security (ES).

Reviewers rate Centralized event and log data collection highest, with a score of 9.3.

The most common users of Splunk Enterprise Security (ES) are from Enterprises (1,001+ employees).
Return to navigation

Comparisons

View all alternatives
Return to navigation

Reviews and Ratings

(249)

Community Insights

TrustRadius Insights are summaries of user sentiment data from TrustRadius reviews and, when necessary, 3rd-party data sources. Have feedback on this content? Let us know!

Intuitive User Interface: Users have consistently found the user interface of the product intuitive and easy to use, allowing for quick completion of tasks. Many reviewers praised its simplicity and user-friendly design.

Efficient Log Correlation: The automation capabilities in XDR were highly appreciated by users as they enable efficient log correlation and turning data into meaningful insights. Several reviewers mentioned that this feature saves them time and enhances their overall productivity.

Comprehensive Security Monitoring: Users highlighted the product's ability to monitor firewall traffic, mail systems, and AWS infrastructure, providing comprehensive security monitoring. This feature was commended for its effectiveness in identifying potential threats from various sources.

User Interface: Users have found the user interface of Splunk Enterprise Security to be confusing and not user-friendly, with a steep learning curve. Some users suggest improving the UI by reducing the number of clicks required.

Troubleshooting and Integration: Several users have experienced difficulty troubleshooting and integrating Splunk with other products. They mention that customizations often require technical support which may not always be on point. There is a need for optimization when it comes to handling multiple data sources.

Default Searches and Alerts: Many users find the default searches and alerts provided by Splunk Enterprise Security to be not valuable and in need of customization. They suggest better alert suppression, improved permissions, and more support for certain tools. Furthermore, users desire a more polished version of the miter coverage dashboard.

Users commonly recommend the following for Splunk Enterprise:

  1. Invest in proper training for personnel to avoid misuse and low performance. Users suggest that investing in training for staff is crucial to ensure effective use of the software and prevent any potential issues or underutilization.

  2. Consider other products in the market and evaluate compatibility with your business needs. While users recommend Splunk Enterprise, they also suggest exploring alternative solutions to determine which one best suits their specific requirements and environment.

  3. Try Splunk Enterprise for free and explore its documentation. Users advise others to take advantage of the free trial offered by Splunk Enterprise and thoroughly explore the product documentation. This will help users evaluate whether the software meets their needs and understand its features before making a purchase decision.

Attribute Ratings

Reviews

(1-25 of 103)
Companies can't remove reviews or game the system. Here's why
Score 9 out of 10
Vetted Review
Verified User
Incentivized
  • There are fewer licenses on other tools as the logs are forwarded to Splunk. That saves money.
  • Instead of hiring experts in different tools, hiring engineers with Splunk experience did the job quite handsomely.
  • It helps create reports on performance. This saved money on other report tools like Tableau.
September 12, 2023

Highly Recommended!

Score 7 out of 10
Vetted Review
Verified User
Incentivized
  • Swift Incident Response: ES's real-time monitoring and correlation capabilities have notably reduced our mean time to detect (MTTD) and respond (MTTR) to security incidents.
  • Cost Efficiency: ES streamlined operations, lowering operational costs through task automation and effective resource allocation.
  • Compliance Simplification: ES's robust reporting and compliance features have eased audits, reducing related costs and efforts.
Score 8 out of 10
Vetted Review
Verified User
Incentivized
  • Far better security monitoring compared to our previous choice of product.
  • Though learning curve is steep, the rewards are excellent: customisation and endless querying SPL variations for anomalies.
  • Splunk is pricey but even then cheaper than our previous SOC/SIEM solution.
Giuseppe Cusello | TrustRadius Reviewer
Score 10 out of 10
Vetted Review
ResellerIncentivized
  • We're a Splunk Partner and we implemented many ES infrastructures for our customers
  • We're too small and less structured 8especially in infrastructures) for use in our company
  • Our customers are all satisfied by ES
Ramu S R | TrustRadius Reviewer
Score 9 out of 10
Vetted Review
Verified User
Incentivized
  • Saved considerable amount of budget after removing traditional log analyzers.
  • Could guarantee Improved security for hosted applications.
  • More control over confidential data in our environment.
Return to navigation