Great product But pricey and lacking XDR story
February 14, 2022

Great product But pricey and lacking XDR story

Himanshu Porwal | TrustRadius Reviewer
Score 8 out of 10
Vetted Review
Verified User

Overall Satisfaction with Splunk Enterprise Security (ES)

Splunk Enterprise Security is used as primary siem for security Operations and used for threat detection based on mitre framework.

Pros

  • Threat hunting
  • Investigation assistance
  • Threat integration
  • Customer use cases

Cons

  • Log optimization
  • Self-building lookups from incoming data to be used as insight from data
  • Automated response
  • Address the gap which EDR are leveraging against Splunk Enterprise Security
  • Very good in detecting hidden attackers if analysts use it optimally. It may be the best available tool for hunting
  • Licensing based on the amount of data is perceived as costly
  • CIM model still has the possibility of expansion. Many important fields of log sources data are not possible to bring in a data model
Splunk Enterprise Security is much more flexible and effective.

Do you think Splunk Enterprise Security (ES) delivers good value for the price?

No

Are you happy with Splunk Enterprise Security (ES)'s feature set?

Yes

Did Splunk Enterprise Security (ES) live up to sales and marketing promises?

Yes

Did implementation of Splunk Enterprise Security (ES) go as expected?

Yes

Would you buy Splunk Enterprise Security (ES) again?

Yes

Microsoft Defender for Endpoint (formerly Microsoft Defender ATP), Microsoft Defender for Cloud Apps (formerly Microsoft Cloud App Security), Recorded Future
Splunk Enterprise Security is very flexible and quick to deliver benefits.

Splunk Enterprise Security (ES) Feature Ratings

Centralized event and log data collection
9
Correlation
8
Event and log normalization/management
7
Deployment flexibility
8
Integration with Identity and Access Management Tools
9
Custom dashboards and workspaces
10
Host and network-based intrusion detection
8
Log retention
8
Data integration/API management
8
Behavioral analytics and baselining
10
Rules-based and algorithmic detection thresholds
8
Response orchestration and automation
8
Reporting and compliance management
8
Incident indexing/searching
9

Comments

More Reviews of Splunk Enterprise Security (ES)