Fun with Splunk Enterprise Security as a SIEM
Updated April 18, 2022

Fun with Splunk Enterprise Security as a SIEM

Holt Archer | TrustRadius Reviewer
Score 8 out of 10
Vetted Review
Verified User

Overall Satisfaction with Splunk Enterprise Security (ES)

Our SOC uses Splunk Enterprise Security as a SIEM, it is the heart of our security monitoring program. Having all our security logs in one place with the built-in intelligence allows us to satisfy customers, regulatory, and actual security requirements with one pane of glass. Standardizes our information and language as we troubleshoot security issues.

Pros

  • One pane of glass for all log sources
  • Easy to search with
  • Prioritize basic security issues

Cons

  • Built in SOAR would be a great addition
  • Quickly identifying security issues
  • Visibility across security tooling leads to faster problem identification
In my experience, it has helped our SOC identify several real security issues as well as several misconfiguration issues across our fleet. The interface allows our teams to quickly see the same issues the same way, helping to accelerate problem solving and communication. We are investigating the SOAR add-on which would further accelerate our workflows.
We have integrated several cloud-native services, hybrid, and on-prem log sources into the platform with great success. The only scalability issues have been with the correct sizing of the resources we have deployed for Splunk Enterprise Security components.
In my experience with Splunk Enterprise Security, the SIEM is far superior to my experience with Alienvault or Security Onion. Splunk Enterprise Security is FAR more stable, extensible, functional, easy to set up, and easier to use than either of these tools, so much so that I would not put them in the same class as Splunk Enterprise Security. My experience with Sumo is that it is an equivalent offering but does not have some of the deployment flexibility that Splunk Enterprise Security does as it is fully cloud-native and at the time I was deploying it we were unable to have an on-prem presence.

Do you think Splunk Enterprise Security delivers good value for the price?

Yes

Are you happy with Splunk Enterprise Security's feature set?

Yes

Did Splunk Enterprise Security live up to sales and marketing promises?

I wasn't involved with the selection/purchase process

Did implementation of Splunk Enterprise Security go as expected?

Yes

Would you buy Splunk Enterprise Security again?

Yes

I was previously using Sumo Logic for our SIEM function and my company was purchased and the purchaser is using Splunk Enterprise Security so the decision was not mine to make as to what was the best fit for our uses. With that said, I am finding Splunk Enterprise Security to be a great and intuitive log search SIEM product suitable for SOC teams and for security engineers to find and troubleshoot security issues. It could have a better UI for basic users, maybe autocomplete or drop-down lists for searching.

Splunk Enterprise Security Feature Ratings

Security Information and Event Management (SIEM)
6.6
Centralized event and log data collection
8
Correlation
7
Event and log normalization/management
8
Deployment flexibility
6
Integration with Identity and Access Management Tools
7
Custom dashboards and workspaces
6
Log retention
5
Data integration/API management
6
Behavioral analytics and baselining
6
Rules-based and algorithmic detection thresholds
6
Incident indexing/searching
8

Comments

More Reviews of Splunk Enterprise Security

  1. Home
  2. Security Information and Event Management (SIEM) Software
  3. Splunk Enterprise Security Reviews
  4. User Review of Splunk Enterprise Security