The main SOC application
February 13, 2026

The main SOC application

Anonymous | TrustRadius Reviewer
Score 8 out of 10
Vetted Review
Verified User

Overall Satisfaction with Splunk Enterprise Security

Splunk Enterprise Security is used as the primary SIEM solution in my company, used by tens of SOC users for the detection and investigation of suspicious activities

Pros

  • Detection of abnormal events at scale
  • Support of the SOC activity
  • Can be customized in depth

Cons

  • the mapping of the data with the Common Information Model is difficult to maintain over time
  • Data format changes are not detected automatically
  • Splunk Enterprise Security support tens of SOC operators to track and investigate hundreds of security events every day.
  • The SOC is a critical activity. Splunk Enterprise Security is one of if not the best solutions that makes it possible, and at scale
Maintaining hundreds or even 1000+ SOC use cases is really difficult, considering that the Data sources may not always send the data.
A module that detects data freshness issues and detect data format changes would be a great help. the main challenge today using Splunk Enterprise Security is making sure that the detection rules are still working properly given all the changes that occur in data source applications.
Also, maintaining the data collects on tens of thousands of servers and more than 100k workstations is a real company IT challenge: the splunkbase forwarder may not support old OS anymore, while these are the most important to monitor. Moving to the Open Telemetry collector has become essential so that only 1 agent is required for both SIEM and application observability.
The fact that it is used by many large companies was a strong reason for selecting Splunk Enterprise Security.
After several demos and POCs, the teams were convinced of the value it brings: it demands the right amount of customization to fit with the company data sources.
Also the fact that my company also required a solution for application monitoring at the time was an reason to decrease the number of solutions used.

Do you think Splunk Enterprise Security delivers good value for the price?

Not sure

Are you happy with Splunk Enterprise Security's feature set?

Yes

Did Splunk Enterprise Security live up to sales and marketing promises?

Yes

Did implementation of Splunk Enterprise Security go as expected?

Yes

Would you buy Splunk Enterprise Security again?

Yes

Very appropriate to structure the SOC activities, trace the actions, with a lot of customization possibilities.
It has been used for 6 years in my company as the main SOC solution.

Splunk Enterprise Security Feature Ratings

Security Information and Event Management (SIEM)
8.6
Centralized event and log data collection
9
Correlation
7
Event and log normalization/management
8
Deployment flexibility
7
Integration with Identity and Access Management Tools
10
Custom dashboards and workspaces
10
Host and network-based intrusion detection
9
Log retention
10
Data integration/API management
7
Rules-based and algorithmic detection thresholds
Not Rated
Response orchestration and automation
8
Reporting and compliance management
8
Incident indexing/searching
10

Comments

More Reviews of Splunk Enterprise Security

  1. Home
  2. Security Information and Event Management (SIEM) Software
  3. Splunk Enterprise Security Reviews
  4. User Review of Splunk Enterprise Security