Splunk Enterprise in the Cloud empowers me as an analyst
Overall Satisfaction with Splunk Enterprise
Splunk Enterprise is the basis for our log correlation and analysis. We're using it primarily for IT Security, and occasionally to assist with operations was helpful. It is the basis of our SIEM, Splunk Enterprise security. We pull in events from a wide variety of data sources. The ability of Splunk to ingest and normalize just about any sort of data is one of its strongest points.
Pros
- Gets data from anywhere
- Variety of supported alert types
- Real-time insights
Cons
- They should not remove support for Duo 2fa.
- Accepts data from a variety of sources
- Pre-built apps exist to help with bringing in data from many systems
- The event correlation is the basis for security use cases
- Splunk helps us to be aware of security events before they become issues
- Splunk helps us diagnose operational issues
We had an old version of QRadar before Splunk. It was difficult to customize and difficult to pull in our data sources. It wound up being neglected and not providing value for us as an institution. We have also looked into other things like AlienVault but in general, the customizability to pull in things like an Oracle audit trail or nonstandard multiline SSO logs have been much easier in Splunk, if in fact, it was possible on other platforms.
Do you think Splunk Enterprise delivers good value for the price?
Yes
Are you happy with Splunk Enterprise's feature set?
Yes
Did Splunk Enterprise live up to sales and marketing promises?
Yes
Did implementation of Splunk Enterprise go as expected?
Yes
Would you buy Splunk Enterprise again?
Yes
Comments
Please log in to join the conversation