1. Home
  2. Security Information and Event Management (SIEM) Software
  3. Splunk Enterprise Security (ES) Reviews
  4. User Review of Splunk Enterprise Security (ES)
Splunk ES review
February 24, 2022

Splunk ES review

Anonymous | TrustRadius Reviewer
Score 9 out of 10
Vetted Review
Verified User

Overall Satisfaction with Splunk Enterprise Security (ES)

Splunk ES is a great solution for collecting data from countless types of sources. This enables a company to centralize the monitoring, reporting, and alerting on security events and improve its overall security posture. I believe one of the powerful features is the ability to correlate Threat Intel feeds with actual event data.
  • Correlating Threat Intel feeds with event data
  • Enriching event data
  • Alerting and automating
  • Orchestration
  • Reduced operating costs by being "a single pane of glass"
  • Reduced MTTD due to Threat Intel integration
  • Reduced MTTR due to integrations
Splunk Enterprise Security has great flexibility. Personally, I have worked and deployed this solution in mostly all types of environments, ranging from On-Premise to Cloud. Great options to host it, it is fairly easy to spin up an instance and have it up and running quickly. Easy to integrate and use add-ons as well
Splunk Enterprise Security is overall a better choice due to multiple factors. It can be easily deployed in any type of environment, whether you are looking for On-Premise or Cloud hosting. It scales amazingly well and it is very intuitive to use. It has a strong community, great support and can be integrated with lots of environments

Do you think Splunk Enterprise Security (ES) delivers good value for the price?

Yes

Are you happy with Splunk Enterprise Security (ES)'s feature set?

Yes

Did Splunk Enterprise Security (ES) live up to sales and marketing promises?

Yes

Did implementation of Splunk Enterprise Security (ES) go as expected?

Yes

Would you buy Splunk Enterprise Security (ES) again?

Yes

Splunk Enterprise Security is a well-rounded, robust solution that can increase the overall security posture of an organization. The main use would be within a Security Operation Center, which will enable real-time alerting, monitoring, and reporting. Also, it can be integrated with other solutions to produce automated responses to security alerts.

Splunk Enterprise Security (ES) Feature Ratings

Security Information and Event Management (SIEM)
8.3
Centralized event and log data collection
9
Correlation
9
Event and log normalization/management
9
Deployment flexibility
7
Integration with Identity and Access Management Tools
8
Custom dashboards and workspaces
10
Host and network-based intrusion detection
8
Log retention
8
Data integration/API management
8
Behavioral analytics and baselining
7
Rules-based and algorithmic detection thresholds
8
Response orchestration and automation
7
Reporting and compliance management
8
Incident indexing/searching
10