The Power of Splunk Enterprise.
We use Splunk Enterprise in our Organization to achieve the following. Consolidate logs from all sources in one place. Create Custom …
Splunk Enterprise Security (ES)
Overview
What is Splunk Enterprise Security (ES)?
Splunk Enterprise Security (SIEM) is the company's flagship SIEM product, offered as a premium service to subscribers of Splunk Cloud or Splunk Enterprise.
Recent Reviews
Awards
Products that are considered exceptional by their customers based on a variety of criteria win TrustRadius awards. Learn more about the types of TrustRadius awards to make the best purchase decision. More about TrustRadius Awards
Popular Features
- Centralized event and log data collection (100)9.393%
- Custom dashboards and workspaces (102)9.191%
- Incident indexing/searching (101)8.888%
- Deployment flexibility (101)8.383%
Reviewer Pros & Cons
Pricing
N/A
Unavailable
What is Splunk Enterprise Security (ES)?
Splunk Enterprise Security (SIEM) is the company's flagship SIEM product, offered as a premium service to subscribers of Splunk Cloud or Splunk Enterprise.
Entry-level set up fee?
- No setup fee
For the latest information on pricing, visithttps://www.splunk.com/en_us/products/p…
Offerings
- Free Trial
- Free/Freemium Version
- Premium Consulting/Integration Services
Would you like us to let the vendor know that you want pricing?
67 people also want pricing
Alternatives Pricing
What is Microsoft Sentinel?
Microsoft Sentinel (formerly Azure Sentinel) is designed as a birds-eye view across the enterprise. It is presented as a security information and event management (SIEM) solution for proactive threat detection, investigation, and response.
What is InsightIDR?
In addition to their incident response service, Rapid7 offers InsightIDR, a combined XDR and SIEM that provides user behavior and threat analytics.
Features
Return to navigation
Product Details
- About
- Competitors
- Tech Details
- FAQs
What is Splunk Enterprise Security (ES)?
Splunk Enterprise Security is an analytics-driven SIEM that helps to combat threats with actionable intelligence and advanced analytics at scale. Ingest machine data from any source for full visibility to detect malicious threats in an environment. Investigate and correlate activities across multicloud and on-premises sources in one unified view to identify and remediate security incidents. Splunk Enterprise Security supports cloud, on-premises, and hybrid deployment models to meet the needs of the business. When deployed as a cloud-based SIEM, the vendor states Splunk Enterprise Security can deliver improved time to value, allowing teams to focus on higher value security tasks instead of managing infrastructure hardware and manual upgrades.
Splunk Enterprise Security (ES) Video
Threat intelligence capabilities can be found in a variety of products. In this video, the TrustRadius team goes over 4 leading products in the space, including Splunk Enterprise Security (ES).
Splunk Enterprise Security (ES) Competitors
Splunk Enterprise Security (ES) Technical Details
| Operating Systems | Unspecified |
|---|---|
| Mobile Application | No |
Frequently Asked Questions
Splunk Enterprise Security (SIEM) is the company's flagship SIEM product, offered as a premium service to subscribers of Splunk Cloud or Splunk Enterprise.
IBM Security QRadar SIEM, LogRhythm NextGen SIEM Platform, and Securonix Next-Generation SIEM are common alternatives for Splunk Enterprise Security (ES).
Reviewers rate Centralized event and log data collection highest, with a score of 9.3.
The most common users of Splunk Enterprise Security (ES) are from Enterprises (1,001+ employees).
Comparisons
Compare with
Reviews and Ratings
(250)
Community Insights
TrustRadius Insights are summaries of user sentiment data from TrustRadius reviews and, when necessary, 3rd-party data sources. Have feedback on this content? Let us know!
- Pros
- Cons
- Recommendations
Intuitive User Interface: Users have consistently found the user interface of the product intuitive and easy to use, allowing for quick completion of tasks. Many reviewers praised its simplicity and user-friendly design.
Efficient Log Correlation: The automation capabilities in XDR were highly appreciated by users as they enable efficient log correlation and turning data into meaningful insights. Several reviewers mentioned that this feature saves them time and enhances their overall productivity.
Comprehensive Security Monitoring: Users highlighted the product's ability to monitor firewall traffic, mail systems, and AWS infrastructure, providing comprehensive security monitoring. This feature was commended for its effectiveness in identifying potential threats from various sources.
User Interface: Users have found the user interface of Splunk Enterprise Security to be confusing and not user-friendly, with a steep learning curve. Some users suggest improving the UI by reducing the number of clicks required.
Troubleshooting and Integration: Several users have experienced difficulty troubleshooting and integrating Splunk with other products. They mention that customizations often require technical support which may not always be on point. There is a need for optimization when it comes to handling multiple data sources.
Default Searches and Alerts: Many users find the default searches and alerts provided by Splunk Enterprise Security to be not valuable and in need of customization. They suggest better alert suppression, improved permissions, and more support for certain tools. Furthermore, users desire a more polished version of the miter coverage dashboard.
Users commonly recommend the following for Splunk Enterprise:
-
Invest in proper training for personnel to avoid misuse and low performance. Users suggest that investing in training for staff is crucial to ensure effective use of the software and prevent any potential issues or underutilization.
-
Consider other products in the market and evaluate compatibility with your business needs. While users recommend Splunk Enterprise, they also suggest exploring alternative solutions to determine which one best suits their specific requirements and environment.
-
Try Splunk Enterprise for free and explore its documentation. Users advise others to take advantage of the free trial offered by Splunk Enterprise and thoroughly explore the product documentation. This will help users evaluate whether the software meets their needs and understand its features before making a purchase decision.
Attribute Ratings
- 8.9Likelihood to Renew
- 9.1Availability
- 8.2Performance
- 7.6Usability
- 6.6Support Rating
- 8.2Online Training
- 9.1In-Person Training
- 9.1Implementation Rating
- 7.3Configurability
- 9.3Product Scalability
- 6.4Ease of integration
- 8.2Vendor pre-sale
- 8.2Vendor post-sale
- 9.1Professional Services
- 7.3Contract Terms and Pricing Model
Reviews
(1-4 of 4)Companies can't remove reviews or game the system. Here's why
I'm a consultant in SIEM implementation for our customers. I implemented many ES installations in the last years for SIEMs and SOCs.
- Search and analyze cyber Security Threats
- cyber risk quantification of customer assents and identities
- manage notable events and security incidents
- investigate alerts from Splunk
- create always new security Use Cases
- reporting for board
- support company compliance functions in their activities
- we hard-worked to customize ES for multitenancy because this feature isn't present in ES
- Investigations aren't so easy to customize
- integration of ES with external Asset Management system isn't so easy to implement
- I should be very useful an integration with an external Vulnerability Management system (e.g. Tenable) to highlight dangerous areas and asset risk quantification
72.85714285714286%
7.3
- We're a Splunk Partner and we implemented many ES infrastructures for our customers
- We're too small and less structured 8especially in infrastructures) for use in our company
- Our customers are all satisfied by ES
I performed a migration from RSA SA and I found that ES is very easier to implement new Correlation Searches.
I'm a consultant in ES implementation
I'm A Splunk Architect and I followed a training dedicated to ES, I'll try to have also a certification in ES
- all SIEM features Implementation
- Threat intelligence
- Cyber Risk Quantification
- Support for Asset Inventory
- Support for Asset Inventory
- Cyber Risk Quantification
- Integration with our DSS platform for Cyber Risk Quantification (platform developed using Splunk Enterprise)
Yes
I worked to migrate a SOC infrastructure from RSA Security Analytics to Splunk ES for one of our customers
- Price
- Product Features
- Product Usability
The only limit of ES is prize: if a customer must use ES only for SIEM, it's an expensive solution, so I hint to reduce the cost of ES, especially when the customer dimension isn't so great: some customers changed their idea to use Splunk before too expensive and preferred to use Elastic Search.
ES feature and usability are winning points over all the other solutions, I think that only with a few reduction of ES price, there will not be any opportunity for other products.
ES feature and usability are winning points over all the other solutions, I think that only with a few reduction of ES price, there will not be any opportunity for other products.
I always hint to our customers Splunk ES as the best solution for SIEMs and SOCs, even if expensive, is the best solution for features and usability, especially when the use of the platform is extended alto to non security Use Cases (e.g. IT Operations, business insight, etc...).
- Third-party professional services
We are a third party professional services company and we perform consultancies in ES implemntation.
In addition, we used Splunk Profesisonal Services consultancy in one of our projects for the dimensions of the customers, because it needed a multi tenant installation (and ES isn't so) and for a final certification of the ES infrastructure developed.
In addition, we used Splunk Profesisonal Services consultancy in one of our projects for the dimensions of the customers, because it needed a multi tenant installation (and ES isn't so) and for a final certification of the ES infrastructure developed.
Yes
the project was the migration of the SOC infrastructure from RSA Security Analytics to Splunk ES, so it was divided into:
- architectural Design and infrastructure dimensioning,
- ES configuration and tuning (installation was done by the custem by itself),
- log ingestion configuration (check of the ingestion already done by the customer),
- correlation searches migration (all custom correlation searches),
- threat intelligence configuration (all custom sources),
- final check and certification.
Change management was a small part of the implementation and was well-handled
The only change management was related to the process of developing new correlation searches and dashboards for visibility for the SOC's customers.
- ES isn't multi tenant but we had to implement multi tenancy to manage the customers of that SOC maintaining separation between them
- Online training
At first put a very great attention to data sources because having clean data it's possible to have clean results, otherwise it isn't.
Then ES isn't a platform for improvisations: it need a knowledge of Splunk and a specific knowledge on ES itself.
I found some customer that tried to do all by itself, the result was only muck lost time.
Then ES isn't a platform for improvisations: it need a knowledge of Splunk and a specific knowledge on ES itself.
I found some customer that tried to do all by itself, the result was only muck lost time.
No - we have not done any customization to the interface
Some - we have added small pieces of custom code
We had to customeize the installation for a customer implementing multi tenancy. The customizations were mainly related to the data structure: each final customer had its own index, all datamodels were customized to use index and other fields for the final customers, in each datamodel index was a main grouping field, all correlation search was customized using index as grouping field, for threst intelligence, it was needed to modify one ot the Splunk Python script for index grouping.
Our project was a migration from RSA Security Analytics to Splunk ES, so we had to create one Correlation Search for each Use Case to have the same Use Cases of the precedent installation.
In addition, out customer had two Threat Intelligence sources (MISP and Crowdstrike) and we had to customize the information update process taking data from that sources.
In addition, out customer had two Threat Intelligence sources (MISP and Crowdstrike) and we had to customize the information update process taking data from that sources.
I worked with Splunk Professional Services only one time and I was very satisfied of them.
They are very expensive (probably too much and out of market) but I hada all the answers that me and the customer needed.
They are very expensive (probably too much and out of market) but I hada all the answers that me and the customer needed.
Yes
They always answerd in a quick time with the solution, or, at least a workaround to pass the situation.
In my last project, we opened a case for a problem that should be solved in a past release of Splunk, but it's still present.
The support gave us a workaround to immediately solve the problem waiting if in the next release it will be solved.
The support gave us a workaround to immediately solve the problem waiting if in the next release it will be solved.
- Threat Intelligence
- Correlation Searches
- I know that ES isn't Multi Tenant, but it's very difficoult to configure and use it on many customers
- Investigations could be more easy to use
Yes, but I don't use it
- our DSS platform
Our DSS platform is developed in Splunk Enterprise environment so integration was very easy!
- Vulnerability Management
- Asset Management
- Anti Fraud Management System
Most of them have a Splunk App or Add-On, so I think that it will be very easy to do this.
- File import/export
- Single Signon
- API (e.g. SOAP or REST)
We usualy use file import/export for integration and, when available, APIs to extract data from external systems (e.g. Cyber Quant or Tenable Security Center).
The Splunk Enterprise smart integration featutes is the reason why we choosed this environment to develop out DSS solution that integrates information from many external systema.
The Splunk Enterprise smart integration featutes is the reason why we choosed this environment to develop out DSS solution that integrates information from many external systema.
As I said many timkes in this review, I'd like to have some feature for integration of external systems as Asset Management, Vulnerability Management and so on, but also in multi tenancy mode.
In other words, I'd like to have the possibility to integrate many different asset managent sources from different final customers.
In other words, I'd like to have the possibility to integrate many different asset managent sources from different final customers.
In our experience there are many negotiations with Splunk:
usually they are ready and available to find the best approach for the customer.
I experienced only one negative situation: when a big price redution is needed to take the customer, Splunk sales need approvation from their management that sometimes isn't so flexible to understand the situation.
usually they are ready and available to find the best approach for the customer.
I experienced only one negative situation: when a big price redution is needed to take the customer, Splunk sales need approvation from their management that sometimes isn't so flexible to understand the situation.
As I already said, I hint to have more discount flexibility, expecially with new customers, because there are competitors less expensive and very aggressive that are dangerous. In addition the possibility to don't pay the license for the development period could be a very interesting feature for the final customers.
Yes
I didn't experienced big problems in the upgrading process, even if the ES packages start to be large and heavy.
If it's possible to divide in separated packages the full installation package, probably the upgrade process could be easier.
I say this because I experienced an installation and an upgrade of ES in a customer with a slow connection and usually the process was aborted for timeout, so I needed to upload the package using SSH and instaling it via CLI, to avoid installation timeouts.
If it's possible to divide in separated packages the full installation package, probably the upgrade process could be easier.
I say this because I experienced an installation and an upgrade of ES in a customer with a slow connection and usually the process was aborted for timeout, so I needed to upload the package using SSH and instaling it via CLI, to avoid installation timeouts.
- bug solving
- new Correlation searches available
- multi tenancy (but I know that there isn't!)
No
No
April 25, 2022
Secured network is impressive.
Because of its versatility, Splunk Enterprise Security has been quite popular in the industry. It may be combined with a variety of different third-party products to create a very comprehensive architecture that allows an organization to have complete visibility. It has the ability to monitor and correlate events in real-time for all network devices and systems.
- Customizable reports and graphs are available.
- Immediate retaliation in the event of an attempted attack.
- Speedy and dependable.
- Integration with various third-party tools has been improved.
- The paperwork is a little shabby and might be better.
81.42857142857142%
8.1
- Threat attempts can be detected and mitigated.
- Security is interconnected with other management solutions.
No
- Price
- Product Features
- Product Usability
Yes, the steps in learning curve.
Yes, as per our need, this was needed.
No
April 23, 2022
Incredible enterprise security.
Spunk business security has aided us in a variety of ways and will continue to do so with its many capabilities. To begin with, it aids us in classifying the various activities in our networks; it also has the capacity to identify risks, do correct diagnostics, and respond accordingly. It gives us a better understanding of our network, allowing us to conduct a complete analysis. Its ability to interact with a variety of platforms sets it apart from other products in its area.
- The network's potential dangers are identified.
- Application programs can be integrated.
- We can keep track of our application's logs in a systematic way.
- The product's price can be decreased.
- Can have a more capable and responsive customer service workforce.
81.42857142857142%
8.1
- Splunk's simplicity of use for in-house workers is very important to the company.
- Splunk ES's flexibility allows the organization to better utilize its existing security investments.
No
- Price
- Product Features
- Product Usability
The steps in learning the algorithm in the application.
Yes, as per our need we needed the full version.
No
February 19, 2022
Leveraging Splunk ES and the Splunk ecosystem to make quick progress in a nascent SOC environment
We utilize Splunk Enterprise Security to collect our logging into a centralized platform then, off the back of the logs that have been ingested into Splunk, design and implement the relevant alerting via appropriate Splunk SPL syntax that is required for our teams, auditors, merchants, etc. By ensuring our alerts trigger notable events on the Incident Review page, Splunk ES has helped us and our analysts have a single pane of view where they can easily investigate and triage possible security incidents. The customisability of the SPL syntax makes creating new use cases very simple and gives us more flexibility compared to competing for open source solutions such as Elasticsearch. Furthermore, our leverage of the hosted Splunk Cloud service enables us to avoid the burden of having to manage the Splunk architecture and infrastructure itself which doesn't bring any real value to our users whereas having that extra freed up time focusing on the actual content and use cases means we can easily and quickly deliver new alerting as required. Additionally, the fantastic Splunk community is a valuable resource to obtain solutions from other advanced Splunk users plus multiple Splunk apps and integrations with different products and vendors are great
- Centralise alerting
- Ingest logs from many different tools, vendors and system
- Enable easy and quick creation of new alerting
- Integrate identity components into each alert so you can reconcile different IP addresses, usernames, email conventions for your corporate staff
- Easy and intuitive case management inbuilt
- Lots of relevant dashboards and alerting out of the box
- Tons of integrations and apps for different vendors
- Performance can sometimes be a letdown depending on implementation
- The whole log ingestion pipeline is quite complex to understand
- There is sometimes a need to disable inbuilt alerting for non-relevant systems e.g. if you don't use a particular OS in your estate to improve performance
- Infrastructure and architecture is complex to maintain if not using hosted Splunk Cloud
- License can be expensive even for modest amounts of data ingested
72.14285714285714%
7.2
- Enables a single pane of glass for our SOC
- Reduces triage times
- Enables quick deployment of new use cases
- Speeds up log normalisation and ingestion of new data feeds
- Lowers alert fatigue with customisable suppression rules
Exabeam is Elasticsearch based which has major limitations compared to Splunk's SPL language. Furthermore, in my previous company, we were using Exabeam and there were a lot of false-positive detections caused by the machine learning algorithms, Bayesian inference, and other risk-based alerting Exabeam employed, which unfortunately were not too customizable in the way they worked. Splunk's rule-based approach is less prone to false positives if you invest the appropriate time to tweak the syntax and eliminate major false-positive sources. Furthermore, Exabeam being a product that was new to the market and relatively WIP was much less stable and more prone to random crashes caused by malfunctioning software components. These outages also led to secondary problems with data that could not be accepted by Exabeam having to be temporarily backed up and retained on the Syslog forwarders feeding Exabeam. Splunk so far has been very stable.
No
- Product Features
- Prior Experience with the Product
I've worked with Splunk before at previous companies and was aware of its strong ecosystem with regards to the Splunk community, the powerful SPL syntax language and the wide variety of mature integrations with third party vendors and products.
Elasticsearch doesn't yet have the same maturity of their ecosystem or the feature stability offered by Splunk despite the prices of Elasticsearch based solutions most times being lower than the similar data ingestion Splunk price.
Elasticsearch doesn't yet have the same maturity of their ecosystem or the feature stability offered by Splunk despite the prices of Elasticsearch based solutions most times being lower than the similar data ingestion Splunk price.
We would make the process a bit more comprehensive with regards to evaluation of feature parity between the functionality that Splunk's SPL syntax language offers compared with Elasticsearch's language so that we can evidence why Splunk's slightly higher price is justified by the long term time savings obtained by being able to use the inbuilt features in SPL.
Also, we would evaluate the difference between Splunk Cloud and other vendor hosted solutions against the alternative of having a solution hosted in our own cloud tenant and have this be managed by ourselves rather than fully managed by the vendor.
Also, we would evaluate the difference between Splunk Cloud and other vendor hosted solutions against the alternative of having a solution hosted in our own cloud tenant and have this be managed by ourselves rather than fully managed by the vendor.