Splunk Enterprise Security (ES)
Overview
What is Splunk Enterprise Security (ES)?
Splunk Enterprise Security (SIEM) is the company's flagship SIEM product, offered as a premium service to subscribers of Splunk Cloud or Splunk Enterprise.
TrustRadius Insights
Splunk Enterprise Security: My Review
Highly Recommended!
Splunk ES Review
Splunk ES, a great tool to use with some caveats!
excellent platform for the collection and management of logs from multiple sources
Splunk ES Review
Secure with Splunk Enterprise Security (ES)
a good tool for threat hunting and response
Splunk Enterprise Security is a must!
Splunk ES Alert Reduction
Splunk Enterprise Security (ES) - Clear Market Leader
Best siem on the market
Automated Reporting and monitoring tool
Securing Your Environment with Splunk Enterprise Security.
Awards
Products that are considered exceptional by their customers based on a variety of criteria win TrustRadius awards. Learn more about the types of TrustRadius awards to make the best purchase decision. More about TrustRadius Awards
Popular Features
- Centralized event and log data collection (100)9.393%
- Custom dashboards and workspaces (102)9.191%
- Incident indexing/searching (101)8.888%
- Deployment flexibility (101)8.383%
Reviewer Pros & Cons
Pricing
What is Splunk Enterprise Security (ES)?
Splunk Enterprise Security (SIEM) is the company's flagship SIEM product, offered as a premium service to subscribers of Splunk Cloud or Splunk Enterprise.
Entry-level set up fee?
- No setup fee
Offerings
- Free Trial
- Free/Freemium Version
- Premium Consulting/Integration Services
Would you like us to let the vendor know that you want pricing?
67 people also want pricing
Alternatives Pricing
What is Microsoft Sentinel?
Microsoft Sentinel (formerly Azure Sentinel) is designed as a birds-eye view across the enterprise. It is presented as a security information and event management (SIEM) solution for proactive threat detection, investigation, and response.
What is InsightIDR?
In addition to their incident response service, Rapid7 offers InsightIDR, a combined XDR and SIEM that provides user behavior and threat analytics.
Features
Security Information and Event Management (SIEM)
Security Information and Event Management is a category of security software that allows security analysts to look at a more comprehensive view of security logs and events than would be possible by looking at the log files of individual, point security tools
- 9.3Centralized event and log data collection(100) Ratings
Effectiveness of real-time centralized event and log data collection
- 8.8Correlation(99) Ratings
Correlation of logs and events to pinpoint significant threats
- 8.5Event and log normalization/management(100) Ratings
Ability to normalize event syntax so that logs can be compared and are machine-understandable
- 8.3Deployment flexibility(101) Ratings
Ability to tune system to maximize threat detection and minimize false positives
- 8Integration with Identity and Access Management Tools(96) Ratings
Integration with access control tools like Active Directory and LDAP
- 9.1Custom dashboards and workspaces(102) Ratings
dashboards that can be customized to meet the needs of specific groups
- 8.3Host and network-based intrusion detection(96) Ratings
Ability to detect both endpoint intrusion and network ingress detection
- 8.4Data integration/API management(98) Ratings
Ease and quality of data integrations between SIEM and other systems
- 7.9Behavioral analytics and baselining(95) Ratings
How effectively activity and behavior baselines are established and maintained
- 8.7Rules-based and algorithmic detection thresholds(96) Ratings
Effectiveness of manually-established rules and algorithmically-determined detection thresholds
- 7.4Response orchestration and automation(87) Ratings
Quality of built-in response orchestration and automation in Next-Gen SIEM
- 9.1Reporting and compliance management(95) Ratings
Ease and quality of reporting and compliance functions
- 8.8Incident indexing/searching(101) Ratings
Effectiveness of searching across structured and unstructured events and incidents within SIEM
Product Details
- About
- Competitors
- Tech Details
- FAQs
What is Splunk Enterprise Security (ES)?
Splunk Enterprise Security (ES) Video
Splunk Enterprise Security (ES) Competitors
Splunk Enterprise Security (ES) Technical Details
Operating Systems | Unspecified |
---|---|
Mobile Application | No |
Frequently Asked Questions
Comparisons
Compare with
Reviews and Ratings
(250)Community Insights
- Pros
- Cons
- Recommendations
Intuitive User Interface: Users have consistently found the user interface of the product intuitive and easy to use, allowing for quick completion of tasks. Many reviewers praised its simplicity and user-friendly design.
Efficient Log Correlation: The automation capabilities in XDR were highly appreciated by users as they enable efficient log correlation and turning data into meaningful insights. Several reviewers mentioned that this feature saves them time and enhances their overall productivity.
Comprehensive Security Monitoring: Users highlighted the product's ability to monitor firewall traffic, mail systems, and AWS infrastructure, providing comprehensive security monitoring. This feature was commended for its effectiveness in identifying potential threats from various sources.
User Interface: Users have found the user interface of Splunk Enterprise Security to be confusing and not user-friendly, with a steep learning curve. Some users suggest improving the UI by reducing the number of clicks required.
Troubleshooting and Integration: Several users have experienced difficulty troubleshooting and integrating Splunk with other products. They mention that customizations often require technical support which may not always be on point. There is a need for optimization when it comes to handling multiple data sources.
Default Searches and Alerts: Many users find the default searches and alerts provided by Splunk Enterprise Security to be not valuable and in need of customization. They suggest better alert suppression, improved permissions, and more support for certain tools. Furthermore, users desire a more polished version of the miter coverage dashboard.
Users commonly recommend the following for Splunk Enterprise:
-
Invest in proper training for personnel to avoid misuse and low performance. Users suggest that investing in training for staff is crucial to ensure effective use of the software and prevent any potential issues or underutilization.
-
Consider other products in the market and evaluate compatibility with your business needs. While users recommend Splunk Enterprise, they also suggest exploring alternative solutions to determine which one best suits their specific requirements and environment.
-
Try Splunk Enterprise for free and explore its documentation. Users advise others to take advantage of the free trial offered by Splunk Enterprise and thoroughly explore the product documentation. This will help users evaluate whether the software meets their needs and understand its features before making a purchase decision.
Attribute Ratings
- 8.9Likelihood to Renew3 ratings
- 9.1Availability1 rating
- 8.2Performance1 rating
- 7.6Usability2 ratings
- 6.6Support Rating6 ratings
- 8.2Online Training1 rating
- 9.1In-Person Training1 rating
- 9.1Implementation Rating1 rating
- 7.3Configurability1 rating
- 9.3Product Scalability100 ratings
- 6.4Ease of integration1 rating
- 8.2Vendor pre-sale1 rating
- 8.2Vendor post-sale1 rating
- 9.1Professional Services1 rating
- 7.3Contract Terms and Pricing Model1 rating
Reviews
(1-25 of 103)The Power of Splunk Enterprise.
Splunk Enterprise Security: My Review
Highly Recommended!
Splunk ES Review
Splunk ES, a great tool to use with some caveats!
excellent platform for the collection and management of logs from multiple sources
Splunk ES Review
Secure with Splunk Enterprise Security (ES)
a good tool for threat hunting and response
Splunk Enterprise Security is a must!
Splunk ES Alert Reduction
Best siem on the market
Automated Reporting and monitoring tool
Splunk ES help you aggregate to achieve visibility and leverage security intelligence across the organization
Aligning on Splunk means a cheaper and far more flexible security monitoring solution.
One SIEM to rule them all
Splunk gives us:
- Advanced dashboarding and alerting options.
- Real-time security investigations.
- Anomaly detection.
- With MLTK and SPL, we are implementing some advanced use cases which are included statistics and ML.
- With lookups and data models, we created many custom models to run our Threat Intel schemas and Threat hunting processes.