Powerful tool for Security
February 11, 2022

Powerful tool for Security

Anonymous | TrustRadius Reviewer
Score 10 out of 10
Vetted Review
Verified User

Overall Satisfaction with Splunk Enterprise Security (ES)

It offers a powerful analytics query writing capability to triage incidents, spikes in the data, and network and incident reporting. In addition, Splunk Enterprise Security also provides a lot of logs, events, and metrics as part of network telemetry data. This is then used in conjunction with development work in the cloud-like billing center to identify defects with applications. Also, how to remediate incidents and working on data examination and advanced analytics within Splunk Enterprise Security is key.

Pros

  • Analytics
  • Network telemetry
  • Automated response

Cons

  • Pricing of the tool, but the tool is worth it
  • More labs and test environments would help
  • More support for languages apart from JAVA, Python, etc.
  • Granularity of reporting
  • More development and use of APIs
  • Dashboards for faster analysis
The information we do in Splunk is also compared with the cloud platform. Billing center in Azure on the metrics and in identifying what is causing a spike in the data, for example. Also, this can help to define the architecture of data pipelines in the cloud-based on the data ingested in Splunk.
We felt New Relic is great for APM and Splunk has that and some more focus on being a SIEM with SOAR and ES. Splunk has been able to focus more on ES than New Relic in terms of the use cases.

Do you think Splunk Enterprise Security (ES) delivers good value for the price?

Yes

Are you happy with Splunk Enterprise Security (ES)'s feature set?

Yes

Did Splunk Enterprise Security (ES) live up to sales and marketing promises?

Yes

Did implementation of Splunk Enterprise Security (ES) go as expected?

Yes

Would you buy Splunk Enterprise Security (ES) again?

Yes

It is well suited for working with regular expressions (e.g., when it comes to looking at logs and having an index created). Also, it is well suited for customization on modules for applications and monitoring. It is not well suited for using sparingly as the price may be an issue to some but not anything that would conflict with the capabilities of the tool.

Splunk Enterprise Security (ES) Feature Ratings

Security Information and Event Management (SIEM)
8.9
Centralized event and log data collection
9
Correlation
9
Event and log normalization/management
9
Deployment flexibility
9
Integration with Identity and Access Management Tools
9
Custom dashboards and workspaces
8
Host and network-based intrusion detection
9
Log retention
9
Data integration/API management
9
Behavioral analytics and baselining
9
Rules-based and algorithmic detection thresholds
9
Response orchestration and automation
9
Reporting and compliance management
9
Incident indexing/searching
9

Comments

More Reviews of Splunk Enterprise Security (ES)

  1. Home
  2. Security Information and Event Management (SIEM) Software
  3. Splunk Enterprise Security (ES) Reviews
  4. User Review of Splunk Enterprise Security (ES)