Excellent product for our cybersecurity team
February 27, 2020

Excellent product for our cybersecurity team

Anonymous | TrustRadius Reviewer
Score 9 out of 10
Vetted Review
Verified User

Overall Satisfaction with Splunk Enterprise

Splunk Enterprise has been used by our Cybersecurity Department for almost five years to be the single dashboard for our Security Incident and Event Monitoring. On top of that, we are also using the Enterprise Security, and it helps us to focus on the most notable events that need to be followed up asap.
  • Central dashboard for all logs
  • Enterprise Security
  • Better dashboard graphics
  • The total cost is expensive compared to the upfront benefit that my organization experienced, probably due to the lack of our technical team knowledge.
All the logs from those security devices or systems are pumping to the Splunk Enterprise and being correlated by the Enterprise Security. However, there are some difficulties in tuning the Data Model, which results in a lot of false positive. This could occur due to the lack of technical skills our team has. To compensate that we are planning to engage with the Splunk Professional Service to fix the issue.
Support from the Splunk team has been great. They could answer most of our questions with a relatively acceptable time. However, there is a forum that we extensively been utilizing to find answers and some hints. There have been quite successful and great events that Splunk has been organizing, which benefit our team to learn continuously.

Do you think Splunk Enterprise delivers good value for the price?

Not sure

Are you happy with Splunk Enterprise's feature set?

Yes

Did Splunk Enterprise live up to sales and marketing promises?

I wasn't involved with the selection/purchase process

Did implementation of Splunk Enterprise go as expected?

Yes

Would you buy Splunk Enterprise again?

Yes

Splunk Enterprise is very well suited for correlating all the logs that need to be monitored and to be analyzed. It has performed very well with a vast amount of logs data. Furthermore, Splunk Enterprise can be pumped in and do parsing for numerous security device logs.
However, it needs certain technical skills to be able to correlate the logs and do the query in the Splunk Enterprise.

Splunk Enterprise Feature Ratings

Centralized event and log data collection
9
Correlation
9
Event and log normalization/management
7
Deployment flexibility
9
Integration with Identity and Access Management Tools
Not Rated
Custom dashboards and workspaces
7
Host and network-based intrusion detection
9