One of the Best Premium Applications Designed and Developed by Splunk!
February 09, 2022

One of the Best Premium Applications Designed and Developed by Splunk!

Anonymous | TrustRadius Reviewer
Score 10 out of 10
Vetted Review
Verified User

Overall Satisfaction with Splunk Enterprise Security (ES)

Earlier, we were not able to keep track of asset and identity management, security intelligence, email security monitoring along with threat intel feeds. With the help of the premium app, Splunk Enterprise Security, developed by Splunk, we could get the benefit of threat hunting, asset and identity monitoring, malware, and other security incident management. Also, we could map the MITRE framework with Splunk data models to get most of out it.
  • Asset and inventory
  • Incident review
  • Security intelligence
  • Windows monitoring
  • Threat intel feed
  • It could provide more permissions for customization in this app.
  • It could add the UBA capability to the datamodel to prevent false positives.
  • I believe it should limit the size of the threat intel feed.
  • We could improve security incident monitoring and response.
  • It has definitely reduced MTTR and MTTD.
  • It integrates all the devices and security tools easily.
  • The reporting part has been improved.
Till now, Splunk Enterprise Security has provided most of the benefits to our organization with a correlation of events, lookup files (with modifications), especially with threat intel feed, asset and identity management, security intelligence, protocol monitoring, email security, malware analysis, and threat hunting. It can be improved more with AI-based correlation rules to reduce false positives in an organization.
First of all, Splunk Enterprise Security is one of the best premium applications, or as we say SAAS (Software as a service), that Splunk designed and developed. Since it is managed by Splunk support in their cloud environment, backend customization does not allow much but, still, it gives the best results.
Sumo Logic is also one of the best tools in the market nowadays. It is very similar to Splunk from a writing-search processing query and functionality point of view. Sumo Logic is not as customizable as Splunk. And with Qualys Cloud Platform, we can scan our assets and web apps, so it is altogether a different product.

Do you think Splunk Enterprise Security (ES) delivers good value for the price?


Are you happy with Splunk Enterprise Security (ES)'s feature set?


Did Splunk Enterprise Security (ES) live up to sales and marketing promises?


Did implementation of Splunk Enterprise Security (ES) go as expected?


Would you buy Splunk Enterprise Security (ES) again?


Splunk Enterprise Security can be used when there is no bar for pricing in security projects and with this premium app, security admins can quickly investigate the issue with the great mapping of asset and identity in the incident review dashboard. Also, it will help you with the number of dashboards from various apps that will provide most benefits from a monitoring point of view, and at the same time, we can implement the incident response in this app.

Splunk Enterprise Security (ES) Feature Ratings

Centralized event and log data collection
Event and log normalization/management
Deployment flexibility
Integration with Identity and Access Management Tools
Custom dashboards and workspaces
Host and network-based intrusion detection
Log retention
Data integration/API management
Behavioral analytics and baselining
Rules-based and algorithmic detection thresholds
Response orchestration and automation
Reporting and compliance management
Incident indexing/searching