Splunk ES - deep dive to see all the data flow across devices
Updated February 28, 2022

Splunk ES - deep dive to see all the data flow across devices

Anonymous | TrustRadius Reviewer
Score 10 out of 10
Vetted Review
Verified User

Overall Satisfaction with Splunk Enterprise Security (ES)

We use Splunk Enterprise Security (ES) for Risk Analysis and Threat Intelligence with deep integration with firewall logs (infra components on-prem as well in the cloud). Out-of-the-box setup doesn't offer deep insights, but with a little ramp-up, teams can easily make decisions and monitor various metrics. ES is also horizontally as well as vertically scalable, and it handles a burst of data volumes easily.

Pros

  • Firewall
  • Antivirus
  • Infra
  • 3rd party security logs

Cons

  • Out-of-the-box setup
  • Steep learning curve
  • Scattered documentation
  • Faster MTTD
  • Better Insights
ES is highly scalable from a horizontal as well as vertical point of view. As I noted in the question regarding whether ES helps us achieve our security goals, with this software we are doing things like ingesting network logs, identity logs, endpoint logs, server logs, and application logs with help of machine learning and doing anomaly classification, such as suspicious data movement to identify threat intelligence. In all these activities we are increasing the amount of data being indexed, as we increase servers monitored.
  • Microsoft Sentinel (formerly Azure Sentinel)
Enterprise Security splits analytics into multiple domains allowing us to easily perform investigation and analytics on specific aspects of our networks. Endpoint, Identity, Access, and Network domains allow a great distribution of well-classified events and assets. The Risk Analytics Dashboard allows an executive-level overview of what is going on in an understandable format that can be viewed by nontechnical personnel. It incorporates MITRE, NIST as well as CIS identifiers for threat activity allowing high-level classification of assets and communication behavior. Adaptive response center for tracking of users and assets allows easy alerting of risk and notable events without having to search or drill down into searches.

Do you think Splunk Enterprise Security (ES) delivers good value for the price?

Yes

Are you happy with Splunk Enterprise Security (ES)'s feature set?

Yes

Did Splunk Enterprise Security (ES) live up to sales and marketing promises?

Yes

Did implementation of Splunk Enterprise Security (ES) go as expected?

Yes

Would you buy Splunk Enterprise Security (ES) again?

Yes

ES is well suited for getting out the best of the farm of servers/endpoints. For a non-technical person, starting with ES can be a bit of a challenge. However, for someone who has used it, it's easy to navigate. Also, as we scale up the resource demand increase exponentially, the license model is flexible.

Splunk Enterprise Security (ES) Feature Ratings

Centralized event and log data collection
10
Correlation
9
Event and log normalization/management
10
Deployment flexibility
8
Integration with Identity and Access Management Tools
9
Custom dashboards and workspaces
10
Host and network-based intrusion detection
9
Log retention
9
Data integration/API management
10
Behavioral analytics and baselining
10
Rules-based and algorithmic detection thresholds
10
Response orchestration and automation
9
Reporting and compliance management
10
Incident indexing/searching
10

Comments

More Reviews of Splunk Enterprise Security (ES)