The Power of Splunk Enterprise.
We use Splunk Enterprise in our Organization to achieve the following. Consolidate logs from all sources in one place. Create Custom …
Splunk Enterprise Security (ES)
Overview
What is Splunk Enterprise Security (ES)?
Splunk Enterprise Security (SIEM) is the company's flagship SIEM product, offered as a premium service to subscribers of Splunk Cloud or Splunk Enterprise.
Recent Reviews
Awards
Products that are considered exceptional by their customers based on a variety of criteria win TrustRadius awards. Learn more about the types of TrustRadius awards to make the best purchase decision. More about TrustRadius Awards
Popular Features
- Centralized event and log data collection (100)9.393%
- Custom dashboards and workspaces (102)9.191%
- Incident indexing/searching (101)8.888%
- Deployment flexibility (101)8.383%
Reviewer Pros & Cons
Pricing
N/A
Unavailable
What is Splunk Enterprise Security (ES)?
Splunk Enterprise Security (SIEM) is the company's flagship SIEM product, offered as a premium service to subscribers of Splunk Cloud or Splunk Enterprise.
Entry-level set up fee?
- No setup fee
For the latest information on pricing, visithttps://www.splunk.com/en_us/products/p…
Offerings
- Free Trial
- Free/Freemium Version
- Premium Consulting/Integration Services
Would you like us to let the vendor know that you want pricing?
67 people also want pricing
Alternatives Pricing
What is Microsoft Sentinel?
Microsoft Sentinel (formerly Azure Sentinel) is designed as a birds-eye view across the enterprise. It is presented as a security information and event management (SIEM) solution for proactive threat detection, investigation, and response.
What is InsightIDR?
In addition to their incident response service, Rapid7 offers InsightIDR, a combined XDR and SIEM that provides user behavior and threat analytics.
Features
Return to navigation
Product Details
- About
- Competitors
- Tech Details
- FAQs
What is Splunk Enterprise Security (ES)?
Splunk Enterprise Security is an analytics-driven SIEM that helps to combat threats with actionable intelligence and advanced analytics at scale. Ingest machine data from any source for full visibility to detect malicious threats in an environment. Investigate and correlate activities across multicloud and on-premises sources in one unified view to identify and remediate security incidents. Splunk Enterprise Security supports cloud, on-premises, and hybrid deployment models to meet the needs of the business. When deployed as a cloud-based SIEM, the vendor states Splunk Enterprise Security can deliver improved time to value, allowing teams to focus on higher value security tasks instead of managing infrastructure hardware and manual upgrades.
Splunk Enterprise Security (ES) Video
Threat intelligence capabilities can be found in a variety of products. In this video, the TrustRadius team goes over 4 leading products in the space, including Splunk Enterprise Security (ES).
Splunk Enterprise Security (ES) Competitors
Splunk Enterprise Security (ES) Technical Details
| Operating Systems | Unspecified |
|---|---|
| Mobile Application | No |
Frequently Asked Questions
Splunk Enterprise Security (SIEM) is the company's flagship SIEM product, offered as a premium service to subscribers of Splunk Cloud or Splunk Enterprise.
IBM Security QRadar SIEM, LogRhythm NextGen SIEM Platform, and Securonix Next-Generation SIEM are common alternatives for Splunk Enterprise Security (ES).
Reviewers rate Centralized event and log data collection highest, with a score of 9.3.
The most common users of Splunk Enterprise Security (ES) are from Enterprises (1,001+ employees).
Comparisons
Compare with
Reviews and Ratings
(250)
Community Insights
TrustRadius Insights are summaries of user sentiment data from TrustRadius reviews and, when necessary, 3rd-party data sources. Have feedback on this content? Let us know!
- Pros
- Cons
- Recommendations
Intuitive User Interface: Users have consistently found the user interface of the product intuitive and easy to use, allowing for quick completion of tasks. Many reviewers praised its simplicity and user-friendly design.
Efficient Log Correlation: The automation capabilities in XDR were highly appreciated by users as they enable efficient log correlation and turning data into meaningful insights. Several reviewers mentioned that this feature saves them time and enhances their overall productivity.
Comprehensive Security Monitoring: Users highlighted the product's ability to monitor firewall traffic, mail systems, and AWS infrastructure, providing comprehensive security monitoring. This feature was commended for its effectiveness in identifying potential threats from various sources.
User Interface: Users have found the user interface of Splunk Enterprise Security to be confusing and not user-friendly, with a steep learning curve. Some users suggest improving the UI by reducing the number of clicks required.
Troubleshooting and Integration: Several users have experienced difficulty troubleshooting and integrating Splunk with other products. They mention that customizations often require technical support which may not always be on point. There is a need for optimization when it comes to handling multiple data sources.
Default Searches and Alerts: Many users find the default searches and alerts provided by Splunk Enterprise Security to be not valuable and in need of customization. They suggest better alert suppression, improved permissions, and more support for certain tools. Furthermore, users desire a more polished version of the miter coverage dashboard.
Users commonly recommend the following for Splunk Enterprise:
-
Invest in proper training for personnel to avoid misuse and low performance. Users suggest that investing in training for staff is crucial to ensure effective use of the software and prevent any potential issues or underutilization.
-
Consider other products in the market and evaluate compatibility with your business needs. While users recommend Splunk Enterprise, they also suggest exploring alternative solutions to determine which one best suits their specific requirements and environment.
-
Try Splunk Enterprise for free and explore its documentation. Users advise others to take advantage of the free trial offered by Splunk Enterprise and thoroughly explore the product documentation. This will help users evaluate whether the software meets their needs and understand its features before making a purchase decision.
Attribute Ratings
- 8.9Likelihood to Renew
- 9.1Availability
- 8.2Performance
- 7.6Usability
- 6.6Support Rating
- 8.2Online Training
- 9.1In-Person Training
- 9.1Implementation Rating
- 7.3Configurability
- 9.3Product Scalability
- 6.4Ease of integration
- 8.2Vendor pre-sale
- 8.2Vendor post-sale
- 9.1Professional Services
- 7.3Contract Terms and Pricing Model
Reviews
(1-25 of 103)Companies can't remove reviews or game the system. Here's why
March 25, 2024
The Power of Splunk Enterprise.
- Writes Powerful Queries: The queries that can be written using the Splunk Query Language are very powerful and highly customizable to meet every need. Ex: Writing queries to search the intersection of two different sources like Network and Endpoint Logs.
- Offers Dashboard Abilities: Helps build complex panels for Dashboards in addition to providing several out-of-the-box panels. Ex: creating panels to calculate the performance of analysts in a given timezone.
- Helpful Search Aids: It helps to set up complex custom alerts very easily. The interesting fields section is very helpful while threat hunting. Ex: It shows all the users and the frequency of each in a failed login event. The user list on the interesting fields is useful to look for suspicious logins.
- Dashboard Builder: It needs more out-of-the-box panels for beginners to learn.
- Autofill: The query autofill isn't that great. It needs better suggestions for beginners especially.
- Speed: The speed of the search isn't that great. It can be improved. For some queries, it takes too long.
- Error handler: The error messages in the case of wrong syntax can be more descriptive. The messages are sometimes vague and are not helpful.
October 24, 2023
Splunk Enterprise Security: My Review
- It gives visuals to the client when we select a graphical portrayal, enabling us to change signs into visual outlines, for example, pie outlines, diagrams, tables, and so on.
- Dashboard UI is intuitive and exceptionally educational, so one can easily find whatever they are looking for.
- Sometimes, it's very, very slow! It also takes a long time to refresh.
- UI for pattern searching can be a little better.
September 12, 2023
Highly Recommended!
- Advanced Threat Detection and Correlation: ES stands out in its ability to detect sophisticated threats by correlating data from multiple sources. For instance, it can identify unusual patterns in user behavior, cross-referencing with network logs to flag potential insider threats.
- Real-time Monitoring and Alerting: ES offers robust real-time monitoring capabilities. It excels in promptly alerting us to critical security events, such as suspicious network traffic spikes or unauthorized access attempts, allowing for immediate response.
- Comprehensive Log Analysis: ES ingests and analyzes an extensive range of log data. It's particularly adept at parsing and making sense of complex log formats, making it a versatile tool for understanding system activities and security events.
- Improved User Interface Customization: While the interface is generally intuitive, providing more options for users to customize their dashboards and views would enhance the overall user experience. Tailoring the interface to specific roles or use cases could be a valuable addition.
- Simplified Alert Management: Streamlining the process of managing alerts, such as grouping or categorizing them based on severity or type, would make it easier for security teams to prioritize and respond to incidents effectively.
- Expanded Threat Intelligence Feeds: Increasing the variety and sources of threat intelligence feeds available within ES would provide a broader context for identifying and mitigating emerging threats, ensuring a more comprehensive defense against evolving attack vectors.
September 12, 2023
Splunk ES Review
- Develop dashboards and notables to track security-relevant details
- Data correlation
- threat monitoring and detection
- more efficient searches
- Multiple ways of creating report and alert is confusing
- Multiple ways of creating report and alert is confusing
September 12, 2023
Splunk ES, a great tool to use with some caveats!
- Monitoring log activity for potential security problems
- The interface for investigations is pretty easy to use
- Enjoy the high level detail the product gives for alerting
- Nice playground for keeping track of investigations
- Ease to create new notables to track further items.
- Crazy awful latency when loading
- Sometimes the events tab won't show any logs
- Difficult to follow certain parts of investigations, but this is being addressed with Mission Control. (I'm talking about the original interface)
September 11, 2023
excellent platform for the collection and management of logs from multiple sources
- Customization of dashboards
- Creating apps based on your needs.
- Search queries can be saved for future or even can be converted to apps
- high cost
- slow interface
September 06, 2023
Splunk ES Review
- Breakdown event logs into easy-to-search fields
- Provide relevant trends and metrics for events
- Develop dashboards and notables to track security-relevant details
- Ease-of-use for new users
- Better options to export events/notables
- More streamlined UI
September 06, 2023
Secure with Splunk Enterprise Security (ES)
- Threat detection
- Security
- Vulnerability
- Use case
- Pre defined Data models
- End point frame works
- Data loss protection use cases and framework
August 31, 2023
a good tool for threat hunting and response
- incident review show up all the risk case so that we can review it in a convenience way
- security posture combine very useful information and do analysis and trend in overall
- security intelligence give a score to judge which is true risk
- may be join search
- more depend on log if log not received in time
- need professional train to use
July 24, 2023
Splunk Enterprise Security is a must!
- Data detail
- Timeline
- Charts and data presentation
- Data correlation
- Third party app support
- Simplify management
- More automation
July 21, 2023
Splunk ES Alert Reduction
- Risk based alerting
- Single pane of glass
- Easy to use UI
- Sometimes runs slowly
- Some incident review panels have never worked in our environment
- More dashboards
- Notable event detection
- search correlation
- threat monitoring and detection
- more efficient searches
- less app dependencies
- app/TA consolidation
June 05, 2023
Best siem on the market
- It supports a flexible architecture and great ease of scaling.
- It provides us with a wide variety of complementary applications related to use cases such as Security Essentials and Stream.
- The entire architecture can be implemented on physical or virtual machines, as well as in the cloud.
- It also provides us with SaaS solutions or by the client.
- It natively allows us solutions of type MSPs and MSSP.
- Wide range of native analysis that is used to generate a very robust SIEM solution.
- It has several modules such as Splunk ES, Splunk UBA, and Splunk Phantom which work perfectly.
- One disadvantage of Splunk is that it is intended to be deployed in large organizations, offering a robust platform for detecting and responding to existing threats. Although it is preferably prepared to provide solutions to large companies, it can also be implemented within smaller organizations, adapting its content to the environment where it is implemented.
May 30, 2023
Automated Reporting and monitoring tool
- Error alert
- Monitoring
- Reporting
- Dashboard
- More clear menus
- Multiple ways of creating report and alert is confusing
- Include more help documents
- Security incident investigation.
- Insider threat detection.
- Reporting and metrics.
- Learning curve - requires subject matter expertise and Splunk administration knowledge.
- Automated response limitations - requires SOAR to unlock its full potential.
- Classifying accounts according to privileges allows for better control.
- Malware detection.
- Account monitoring requires advanced knowledge and also prior configuration.
- Dashboard customization can improve them.
Score 10 out of 10
Vetted Review
Verified User
- Security monitoring
- Threat response and investigation
- security metrics
- user behavior analytics
- more dashboards
- content aggregation
November 08, 2022
Splunk ES help you aggregate to achieve visibility and leverage security intelligence across the organization
- Incident Review and Classification
- Risk-Based Analysis
- Endpoint Protection
- Palo Alto logs integration
- Bluecoat logs integration
Score 10 out of 10
Vetted Review
Verified User
- Risk Analysis Dashboard.
- Perfect for identifying security risks and targets in internal systems.
- Process automation with intelligence to detect and combat threats.
- Easy to use and configure interface.
- Requires advanced learning to know all the features and configure in the best possible way.
August 02, 2022
Aligning on Splunk means a cheaper and far more flexible security monitoring solution.
- Very customisable.
- With a little knowledge your can do elaborate searches.
- Continuous security monitoring.
- The product is pricey.
- Learning curve is steep.
- Search and analyze cyber Security Threats
- cyber risk quantification of customer assents and identities
- manage notable events and security incidents
- investigate alerts from Splunk
- create always new security Use Cases
- reporting for board
- support company compliance functions in their activities
- we hard-worked to customize ES for multitenancy because this feature isn't present in ES
- Investigations aren't so easy to customize
- integration of ES with external Asset Management system isn't so easy to implement
- I should be very useful an integration with an external Vulnerability Management system (e.g. Tenable) to highlight dangerous areas and asset risk quantification
July 20, 2022
One SIEM to rule them all
- Security investigation.
- Threat hunting and threat intel processes.
- Search efficiency with data models.
- Creating investigation workflows.
- Splunk Enterprise Security and UEBA could be one platform.
- Real time searches could be improve. (should be added more real time searches etc.)
- Configuration and management is hard for newbies.
July 19, 2022
Top class security alerting with excellent outbreak handling and precise vulnerability analysis.
- Detailed security and threat reports available.
- Root case of a bug could be easily identified.
- Excellent and precise penetration testing.
- Lacks Real-time dashboards and live threat monitoring.
- Advanced monitoring features are a bit expensive.
- Suitable only for users with advanced networking knowledge.
- I perform risk searches correlation several times a day. Splunk adds annotations to enrich correlation search results.
- Greatly reduces alert volumes.
- Demands incorporation of several risk factors to identify unauthorized usage which is quite complex and time-consuming.
- In depth log analysis.
- Customisable and user-friendly threat dashboard.
- Detailed research module integration.
- Dashboard lacks live monitoring features.
- Not suitable for Amateurs in networking.
- Enterprise features are less budget friendly.