Great product But pricey and lacking XDR story
Overall Satisfaction with Splunk Enterprise Security (ES)
Splunk Enterprise Security is used as primary siem for security Operations and used for threat detection based on mitre framework.
Pros
- Threat hunting
- Investigation assistance
- Threat integration
- Customer use cases
Cons
- Log optimization
- Self-building lookups from incoming data to be used as insight from data
- Automated response
- Address the gap which EDR are leveraging against Splunk Enterprise Security
- Very good in detecting hidden attackers if analysts use it optimally. It may be the best available tool for hunting
- Licensing based on the amount of data is perceived as costly
- CIM model still has the possibility of expansion. Many important fields of log sources data are not possible to bring in a data model
Splunk Enterprise Security is much more flexible and effective.
Do you think Splunk Enterprise Security (ES) delivers good value for the price?
No
Are you happy with Splunk Enterprise Security (ES)'s feature set?
Yes
Did Splunk Enterprise Security (ES) live up to sales and marketing promises?
Yes
Did implementation of Splunk Enterprise Security (ES) go as expected?
Yes
Would you buy Splunk Enterprise Security (ES) again?
Yes
Comments
Please log in to join the conversation