Splunk ES - deep dive to see all the data flow across devices
Updated February 28, 2022
Splunk ES - deep dive to see all the data flow across devices
Score 10 out of 10
Vetted Review
Verified User
Overall Satisfaction with Splunk Enterprise Security (ES)
We use Splunk Enterprise Security (ES) for Risk Analysis and Threat Intelligence with deep integration with firewall logs (infra components on-prem as well in the cloud). Out-of-the-box setup doesn't offer deep insights, but with a little ramp-up, teams can easily make decisions and monitor various metrics. ES is also horizontally as well as vertically scalable, and it handles a burst of data volumes easily.
Pros
- Firewall
- Antivirus
- Infra
- 3rd party security logs
Cons
- Out-of-the-box setup
- Steep learning curve
- Scattered documentation
- Faster MTTD
- Better Insights
- Microsoft Sentinel (formerly Azure Sentinel)
Enterprise Security splits analytics into multiple domains allowing us to easily perform investigation and analytics on specific aspects of our networks. Endpoint, Identity, Access, and Network domains allow a great distribution of well-classified events and assets. The Risk Analytics Dashboard allows an executive-level overview of what is going on in an understandable format that can be viewed by nontechnical personnel. It incorporates MITRE, NIST as well as CIS identifiers for threat activity allowing high-level classification of assets and communication behavior. Adaptive response center for tracking of users and assets allows easy alerting of risk and notable events without having to search or drill down into searches.
Do you think Splunk Enterprise Security (ES) delivers good value for the price?
Yes
Are you happy with Splunk Enterprise Security (ES)'s feature set?
Yes
Did Splunk Enterprise Security (ES) live up to sales and marketing promises?
Yes
Did implementation of Splunk Enterprise Security (ES) go as expected?
Yes
Would you buy Splunk Enterprise Security (ES) again?
Yes
Comments
Please log in to join the conversation