Item: Splunk Enterprise Security (ES)
Rating: 9
Author: Phótis Deligiánnis

Use Cases and Deployment Scope

I use it mainly for configurations, onboardings, and maintenance. Moreover, users ask for dashboards/alerts/reports creation and troubleshooting.

Pros and Cons

Monitoring
Security
Troubleshooting
Graphs/Dashboards

Automation in configuration

Return on Investment

Faster mean time to detect
Faster mean time to respond
Increased cost

Scalability

That is my personal opinion. Things are going well, but there is always room for improvement.

Alternatives Considered

Elasticsearch, IBM Security QRadar and Tanium

Difficult to choose, each one has pros and cons. Splunk has the best interface, QRadar has strong capabilities but ES is free.

Key Insights

Do you think Splunk Enterprise Security (ES) delivers good value for the price?

Not sure

Are you happy with Splunk Enterprise Security (ES)'s feature set?

Yes

Did Splunk Enterprise Security (ES) live up to sales and marketing promises?

I wasn't involved with the selection/purchase process

Did implementation of Splunk Enterprise Security (ES) go as expected?

Yes

Would you buy Splunk Enterprise Security (ES) again?

Yes

Other Software Used

IBM Security QRadar, Elastic Security (Elastic SIEM + Elastic Agent, formerly endgame), Tanium

I really believe Splunk Enterprise Security (ES) is a great tool for security monitoring. There are nice features like SOAR Phantom which give you amazing capabilities. Moreover, I believe it provides amazing opportunities for troubleshooting within an organization that keeps logs and monitors everything that is happening.

Great Tool, I Really Like Working With

Overall Satisfaction with Splunk Enterprise Security (ES)