1. Home
  2. Security Information and Event Management (SIEM) Software
  3. Splunk Enterprise Security (ES) Reviews
  4. User Review of Splunk Enterprise Security (ES)
Powerful SIEM Tool
February 10, 2022

Powerful SIEM Tool

Gourab Sahoo | TrustRadius Reviewer
Score 10 out of 10
Vetted Review
Verified User

Overall Satisfaction with Splunk Enterprise Security (ES)

We had a requirement where we needed to collect log reports from multiple servers and the data velocity was huge (Big Data), Splunk assisted us in collecting logs from numerous sources and alerting us when any threats are detected in the logs. We can produce bespoke reports and extract real-time logs much more quickly now. We can actively do threat intelligence and analysis with Splunk Enterprise Security, and the results are presented in an easy-to-understand format. It's a fantastic SIEM solution, and its ability to integrate with practically any network and security device sets it apart from the competition. It aids in the capture of real-time data, security operations, data indexing, and the generation of graphical dashboards using visualizations.
  • Threat detection
  • Collecting log reports from multiple sources
  • Best for Big data architecture
  • Pricing is too expensive as there are some open source ELK stack
  • It was a bit tricky to configure the tool for multiple sources
  • Require documentation regarding the licensing which describes for which business requirement it is best suited
  • Although it's expensive but it's worth it, so it has a good ROI
  • Faster responses to the threats as the detection is instant.
  • Operating cost is minimal.
We have deployed this tool in our cloud with multiple instances. The best part is we can also monitor the logs and check the uptime and downtime of all the servers. The initial setup was very complicated but we resolved it with the help of documentation, it was quite challenging.
Splunk performed great in terms of handling data capacity as compared to its competitors. The indexing and querying are quite faster. We can completely rely on Splunk when it comes to threat detection and log reporting. Although it is a bit expensive in terms of licensing it is a suitable tool for big data architecture.

Do you think Splunk Enterprise Security (ES) delivers good value for the price?

Yes

Are you happy with Splunk Enterprise Security (ES)'s feature set?

Yes

Did Splunk Enterprise Security (ES) live up to sales and marketing promises?

Yes

Did implementation of Splunk Enterprise Security (ES) go as expected?

Yes

Would you buy Splunk Enterprise Security (ES) again?

Yes

This is a quite powerful SIEM tool and it works seamlessly on Big Data architecture. If the volume of the data is quite high and if there are multiple sources then we can integrate this tool to analyze the threat and log reports and server up and downtime. In the end, we can represent these in graphical representation.

Splunk Enterprise Security (ES) Feature Ratings

Security Information and Event Management (SIEM)
8.6
Centralized event and log data collection
7
Correlation
9
Event and log normalization/management
9
Deployment flexibility
8
Integration with Identity and Access Management Tools
8
Custom dashboards and workspaces
7
Host and network-based intrusion detection
9
Log retention
10
Data integration/API management
10
Behavioral analytics and baselining
9
Rules-based and algorithmic detection thresholds
9
Response orchestration and automation
8
Reporting and compliance management
8
Incident indexing/searching
9