The Power of Splunk Enterprise.
We use Splunk Enterprise in our Organization to achieve the following. Consolidate logs from all sources in one place. Create Custom …
Splunk Enterprise Security (ES)
Overview
What is Splunk Enterprise Security (ES)?
Splunk Enterprise Security (SIEM) is the company's flagship SIEM product, offered as a premium service to subscribers of Splunk Cloud or Splunk Enterprise.
Recent Reviews
Awards
Products that are considered exceptional by their customers based on a variety of criteria win TrustRadius awards. Learn more about the types of TrustRadius awards to make the best purchase decision. More about TrustRadius Awards
Popular Features
- Centralized event and log data collection (100)9.393%
- Custom dashboards and workspaces (102)9.191%
- Incident indexing/searching (101)8.888%
- Deployment flexibility (101)8.383%
Reviewer Pros & Cons
Pricing
N/A
Unavailable
What is Splunk Enterprise Security (ES)?
Splunk Enterprise Security (SIEM) is the company's flagship SIEM product, offered as a premium service to subscribers of Splunk Cloud or Splunk Enterprise.
Entry-level set up fee?
- No setup fee
For the latest information on pricing, visithttps://www.splunk.com/en_us/products/p…
Offerings
- Free Trial
- Free/Freemium Version
- Premium Consulting/Integration Services
Would you like us to let the vendor know that you want pricing?
67 people also want pricing
Alternatives Pricing
What is Microsoft Sentinel?
Microsoft Sentinel (formerly Azure Sentinel) is designed as a birds-eye view across the enterprise. It is presented as a security information and event management (SIEM) solution for proactive threat detection, investigation, and response.
What is InsightIDR?
In addition to their incident response service, Rapid7 offers InsightIDR, a combined XDR and SIEM that provides user behavior and threat analytics.
Features
Return to navigation
Product Details
- About
- Competitors
- Tech Details
- FAQs
What is Splunk Enterprise Security (ES)?
Splunk Enterprise Security is an analytics-driven SIEM that helps to combat threats with actionable intelligence and advanced analytics at scale. Ingest machine data from any source for full visibility to detect malicious threats in an environment. Investigate and correlate activities across multicloud and on-premises sources in one unified view to identify and remediate security incidents. Splunk Enterprise Security supports cloud, on-premises, and hybrid deployment models to meet the needs of the business. When deployed as a cloud-based SIEM, the vendor states Splunk Enterprise Security can deliver improved time to value, allowing teams to focus on higher value security tasks instead of managing infrastructure hardware and manual upgrades.
Splunk Enterprise Security (ES) Video
Threat intelligence capabilities can be found in a variety of products. In this video, the TrustRadius team goes over 4 leading products in the space, including Splunk Enterprise Security (ES).
Splunk Enterprise Security (ES) Competitors
Splunk Enterprise Security (ES) Technical Details
| Operating Systems | Unspecified |
|---|---|
| Mobile Application | No |
Frequently Asked Questions
Splunk Enterprise Security (SIEM) is the company's flagship SIEM product, offered as a premium service to subscribers of Splunk Cloud or Splunk Enterprise.
IBM Security QRadar SIEM, LogRhythm NextGen SIEM Platform, and Securonix Next-Generation SIEM are common alternatives for Splunk Enterprise Security (ES).
Reviewers rate Centralized event and log data collection highest, with a score of 9.3.
The most common users of Splunk Enterprise Security (ES) are from Enterprises (1,001+ employees).
Comparisons
Compare with
Reviews and Ratings
(250)
Community Insights
TrustRadius Insights are summaries of user sentiment data from TrustRadius reviews and, when necessary, 3rd-party data sources. Have feedback on this content? Let us know!
- Pros
- Cons
- Recommendations
Intuitive User Interface: Users have consistently found the user interface of the product intuitive and easy to use, allowing for quick completion of tasks. Many reviewers praised its simplicity and user-friendly design.
Efficient Log Correlation: The automation capabilities in XDR were highly appreciated by users as they enable efficient log correlation and turning data into meaningful insights. Several reviewers mentioned that this feature saves them time and enhances their overall productivity.
Comprehensive Security Monitoring: Users highlighted the product's ability to monitor firewall traffic, mail systems, and AWS infrastructure, providing comprehensive security monitoring. This feature was commended for its effectiveness in identifying potential threats from various sources.
User Interface: Users have found the user interface of Splunk Enterprise Security to be confusing and not user-friendly, with a steep learning curve. Some users suggest improving the UI by reducing the number of clicks required.
Troubleshooting and Integration: Several users have experienced difficulty troubleshooting and integrating Splunk with other products. They mention that customizations often require technical support which may not always be on point. There is a need for optimization when it comes to handling multiple data sources.
Default Searches and Alerts: Many users find the default searches and alerts provided by Splunk Enterprise Security to be not valuable and in need of customization. They suggest better alert suppression, improved permissions, and more support for certain tools. Furthermore, users desire a more polished version of the miter coverage dashboard.
Users commonly recommend the following for Splunk Enterprise:
-
Invest in proper training for personnel to avoid misuse and low performance. Users suggest that investing in training for staff is crucial to ensure effective use of the software and prevent any potential issues or underutilization.
-
Consider other products in the market and evaluate compatibility with your business needs. While users recommend Splunk Enterprise, they also suggest exploring alternative solutions to determine which one best suits their specific requirements and environment.
-
Try Splunk Enterprise for free and explore its documentation. Users advise others to take advantage of the free trial offered by Splunk Enterprise and thoroughly explore the product documentation. This will help users evaluate whether the software meets their needs and understand its features before making a purchase decision.
Attribute Ratings
- 8.9Likelihood to Renew
- 9.1Availability
- 8.2Performance
- 7.6Usability
- 6.6Support Rating
- 8.2Online Training
- 9.1In-Person Training
- 9.1Implementation Rating
- 7.3Configurability
- 9.3Product Scalability
- 6.4Ease of integration
- 8.2Vendor pre-sale
- 8.2Vendor post-sale
- 9.1Professional Services
- 7.3Contract Terms and Pricing Model
Reviews
(1-25 of 103)Companies can't remove reviews or game the system. Here's why
March 25, 2024
The Power of Splunk Enterprise.
We use Splunk Enterprise in our Organization to achieve the following. Consolidate logs from all sources in one place. Create Custom Correlation alerts to paint the bigger picture effectively. Create Sophisticated Dashboards and reports using multiple data sources for better and non-redundant visualization. Create some basic automation like CSV updates. Perform Threat Hunting to discover unknown threats. Manage Incidents in one place and track Analyst Performance.
October 24, 2023
Splunk Enterprise Security: My Review
It's easy to build queries & integrate with other systems and applications. There are a lot of add ons you can integrate to Splunk that can save you a lot of time. Correlation and investigation are easy due to Splunk's effective data parsing capability. There are endless options to customize searching. It provides a very accurate Data Analytics platform that can be adopted by users of all levels. E.x. From tools like Data Tables for Novices to Splunk's Web Framework for Experts.
September 12, 2023
Highly Recommended!
Splunk Enterprise Security (ES) is integral to our cybersecurity strategy. It swiftly detects and responds to threats, addressing compliance and incident response challenges. ES aggregates data from diverse sources, offering real-time monitoring and correlation. This agility minimizes security incident impact.
ES aids compliance management by providing detailed logs and reports, streamlining audits. Our use case spans the organization, integrating various data sources for a comprehensive security view. It also incorporates threat intelligence, bolstering proactive threat identification.
In summary, Splunk ES is a vital component, ensuring swift incident response and maintaining compliance with industry standards. Its scalability and adaptability make it a cornerstone of our security operations.
September 12, 2023
Splunk ES Review
I was evaluating Splunk for a potential client. Splunk is a great tool for anyone that needs a SIEM to monitor data, networks, users, etc. The customization of the Dashboard is ideal for anyone to setup and use for an easy display of information. The alerts are incredibly helpful for notification of any problems
September 12, 2023
Splunk ES, a great tool to use with some caveats!
I use the product to help monitor, analyze and potentially mitigate certain security issues that may come up. This includes acting as a secondary for escalations and looking at some alerts.
September 11, 2023
excellent platform for the collection and management of logs from multiple sources
splunk ES is a very useful and powerful tool as a SIEM platform, we send logs from multiple sources such as winodws servers, linux, RH, Firewalls, WAF, O365, etc, the installation process of UF is not complicated, the deployment of the information is fast and the language for the visualization of tables or graphs can be a little complicated but there are guides and KB to support these tasks.
September 06, 2023
Splunk ES Review
We use Splunk ES to monitor security-relevant events, create notables for our Analysts to review, and overall improve our organization's security and security hygiene. Splunk ES is a service we offer to our clients as an MSSP and SOC-as-a-service, giving potential customers another great option to use for their own organization.
September 06, 2023
Secure with Splunk Enterprise Security (ES)
I work for big organization and large infrastructure .Splunk Enterprise Security (ES) helps alot in security prospective and to chase threats and vulnerability detection, critical traffic detection firewall device Based on the risk score we can get incident notification and we can evaluate based on suggestions .SOC analyst best siem tool and good progress
August 31, 2023
a good tool for threat hunting and response
we use ES to analyse the risk of the organization and do actions to mitigate them to enhance our security Level in the environment faced variety of attacks from the world wide. we take much affort to imporve our rules to reduce the false positive and flase negative
July 24, 2023
Splunk Enterprise Security is a must!
I am a security analyst and so I use it on a day to day basis to triage and troubleshoot alerts and security incidents in my organization. We have several dozen data sources going to our Splunk environment and then we build correlation alerts for them
July 21, 2023
Splunk ES Alert Reduction
Our analysts use ES to gain a broad perspective on all the security events coming in from our customer devices. We have multiple internal customers with different environments, so it’s useful having a central place in each SIEM to find events. ES is vital to our business as it allows us to use risk based alerting, which decreases the amount of alerts our analysts have to review each day. We’re able to easily tune these rules to filter out false positives and noisy notables to ensure our analysts have an easy time identifying real threats in a timely manner.
Use it as the SIEM - data monitoring, threat detection and remediation.
June 05, 2023
Best siem on the market
The module performs data analysis within our Data Indexers. Everything related to the administration of the elements of operation, including alarms, the administration of our cases, the workflow, the automated responses, and the administration of the platform is carried out by the administrators of this platform. There is a module for interaction with the platform that we have installed in stand-alone mode and in multiple instances. We can also find the Cloud which is a complementary solution provided through a cloud service that provides UEBA capabilities.
May 30, 2023
Automated Reporting and monitoring tool
We use it for reporting error conditions. For example, whenever there is failed authentication beyond an acceptable rate, then we create alerts to the production support team to look into the actual issue before even the customer complains about it.
Our scope is actually quite large as my team is responsible for the protection of tens of thousands of devices. This is accomplished with the use of Enterprise Security, which we have used for the past several years to great effect. Enterprise Security enables us to detect and respond to threats in real time, monitor our environment's overall security compliance, and provide timely and insightful reports and metrics to management.
This software notifies the advances in the possible anomalies in the systems or in the applications with a search capacity system, which provides us with a more general vision of the risks that our systems may have. It is also widely used to always have a security tool working to completely fix and eliminate threats to our IT infrastructure with malware detection, suspicious activity, suspicious activity isolation with account classification feature based on privilege.
Score 10 out of 10
Vetted Review
Verified User
Splunk Enterprise Security Provides great and advanced threat detection and rapid response. Has a wide variety of features to transform security operations such as user behavior analytics and comprehensive dashboards. Is very easy to deploy and customize to your business needs using the walk through demo or tour experience to get the best of this Product.
November 08, 2022
Splunk ES help you aggregate to achieve visibility and leverage security intelligence across the organization
We are using Splunk ES to identify possible security risks and advice together with other legacy security tools. Splunk ES is helping us to correlate different logs in a single interface.
Score 10 out of 10
Vetted Review
Verified User
Splunk Intelligence Management has enhanced our company's security threat detection and mitigation security management using predictive analytics built on our risk analysis. It is a great ally of the firewall, intrusion, spam and e-mail protection system. In these two years of use we identified many vulnerable targets in our network and fixed the problem. We were able to automate security processes that are repetitive so that they happen automatically and generating logs for later consultation. The system is quite robust, comprehensive and allows creating many features to protect the network from threats.
August 02, 2022
Aligning on Splunk means a cheaper and far more flexible security monitoring solution.
We use Splunk Enterprise Security since a couple of years for our Security monitoring solution. We needed another supplier as the previous one was too big for our needs and Splunk offered us a way to fit our requirement and a little bit more. We started with a few use-cases but since then have expanded into a complete monitoring solution.
I'm a consultant in SIEM implementation for our customers. I implemented many ES installations in the last years for SIEMs and SOCs.
July 20, 2022
One SIEM to rule them all
Using Splunk Enterprise Security is just amazing. Splunk Enterprise Security is like no other SIEMs solutions.
Splunk gives us:
- Advanced dashboarding and alerting options.
- Real-time security investigations.
- Anomaly detection.
- With MLTK and SPL, we are implementing some advanced use cases which are included statistics and ML.
- With lookups and data models, we created many custom models to run our Threat Intel schemas and Threat hunting processes.
Splunk gives us:
- Advanced dashboarding and alerting options.
- Real-time security investigations.
- Anomaly detection.
- With MLTK and SPL, we are implementing some advanced use cases which are included statistics and ML.
- With lookups and data models, we created many custom models to run our Threat Intel schemas and Threat hunting processes.
July 19, 2022
Top class security alerting with excellent outbreak handling and precise vulnerability analysis.
Splunk Enterprise Security resolved many of our enterprise logging issues with accurate historic security logs with advanced threat analysis. We could identify most of the vulnerabilities easily this software. It was hard to manage earlier with our traditional hardware firewalls for log analysis and threat detections. We could also do the threat reporting easily with Splunk Enterprise Security.
We use Splunk Enterprise Security tools as our first line of defense in combating threats on our multicolored on-premises deployments. Splunk provides advanced threat intelligence that utilizes an efficient model to immensely cut down on false alerts. Splunk Enterprise Security delivers an efficient data exfiltration model to identify suspicious activity and isolate threats and user behaviors.
We have been using Splunk ES for log analysis and monitoring effectively for the last couple of years. Updated threats could be easily identified and we could take the necessary remedial measures. The machine learning toolkit has a lot of functionality. We could easily manage the overload of traditional logging in firewalls and monitor threats more effectively with Splunk.