Fun with Splunk Enterprise Security as a SIEM
Updated April 18, 2022
Fun with Splunk Enterprise Security as a SIEM
Score 8 out of 10
Vetted Review
Verified User
Overall Satisfaction with Splunk Enterprise Security (ES)
Our SOC uses Splunk Enterprise Security as a SIEM, it is the heart of our security monitoring program. Having all our security logs in one place with the built-in intelligence allows us to satisfy customers, regulatory, and actual security requirements with one pane of glass. Standardizes our information and language as we troubleshoot security issues.
- One pane of glass for all log sources
- Easy to search with
- Prioritize basic security issues
- Built in SOAR would be a great addition
- Quickly identifying security issues
- Visibility across security tooling leads to faster problem identification
In my experience with Splunk Enterprise Security, the SIEM is far superior to my experience with Alienvault or Security Onion. Splunk Enterprise Security is FAR more stable, extensible, functional, easy to set up, and easier to use than either of these tools, so much so that I would not put them in the same class as Splunk Enterprise Security. My experience with Sumo is that it is an equivalent offering but does not have some of the deployment flexibility that Splunk Enterprise Security does as it is fully cloud-native and at the time I was deploying it we were unable to have an on-prem presence.
Do you think Splunk Enterprise Security (ES) delivers good value for the price?
Yes
Are you happy with Splunk Enterprise Security (ES)'s feature set?
Yes
Did Splunk Enterprise Security (ES) live up to sales and marketing promises?
I wasn't involved with the selection/purchase process
Did implementation of Splunk Enterprise Security (ES) go as expected?
Yes
Would you buy Splunk Enterprise Security (ES) again?
Yes