Splunk Enterprise Security is the best security we can get for our working network
February 26, 2022

Splunk Enterprise Security is the best security we can get for our working network

Anonymous | TrustRadius Reviewer
Score 7 out of 10
Vetted Review
Verified User

Overall Satisfaction with Splunk Enterprise Security (ES)

I have been using Splunk Enterprise Security for the last year, and it helps me to analyze security-related aspects that I encountered from my organization of users. I used Splunk Enterprise Security for creating use-cases from the data I am onboarding. The dashboards help me to identify various threats and anomalies generated in my working environment among users, the data models, and the CIM mapping with various data indexes of Authentication, Endpoint, Email, Intrusion, and Detection data helps to monitor and analyze the problems more effectively.
  • We can create security use-cases to monitor the organization users record
  • Dashboards are widely used to analyze threats and anomalies
  • Data models which were used helps to find proper insights of the data
  • Splunk Enterprise Security can be merged with getting users related insights just like UBA
  • User Behaviour Analysis is the key factor in any organization to keep track of the users' activity is much more needed, and features can be added in Splunk Enterprise Security to get it done quickly
  • Splunk Enterprise Security can be documented more effectively to get it to understand more easily if any new users try to learn Splunk Enterprise Security for the first time
  • As compared to tradition, Splunk Enterprise Security has overall more licensing costs appeared
  • The Business has led to high availability and more profit when Splunk Enterprise Security comes into the picture
  • The query searching is fast; data model mapping helps to consume less time, and effective searching of queries
When it comes to onboarding a large amount of data in Splunk Enterprise Security, it is basically dependent on the licensing cost, which I feel is the same for other Splunk Enterprise Security, so there is nothing new in that for me. In a hybrid environment, UBA comes into the picture, and it is more likely getting more light than Splunk Enterprise Security.
As Sumo Logic and QRadar are the same SIEM Tool, the reason for selecting Splunk Enterprise Security above those was Splunk Enterprise Security is more handy than these two. The SPL query we write to get more effective results to create Alerts, Reports, and Dashboards are more prominent than the above two. Getting notified in terms of alerts, Splunk Enterprise Security is top-notch.

Do you think Splunk Enterprise Security (ES) delivers good value for the price?


Are you happy with Splunk Enterprise Security (ES)'s feature set?


Did Splunk Enterprise Security (ES) live up to sales and marketing promises?


Did implementation of Splunk Enterprise Security (ES) go as expected?

I wasn't involved with the implementation phase

Would you buy Splunk Enterprise Security (ES) again?


The very good use of Splunk Enterprise Security is to work on security-related aspects to onboard data. It Makes it CIM compliant, which will get easier to make data models and search the right amount of data with more information which gets easier with data model mappings. DM Authentication, Malware, Intrusion detection is more effective in many ways, and sending the Data to Splunk UBA to do furthermore analysis upon threats and anomalies by users and devices.

Splunk Enterprise Security (ES) Feature Ratings

Centralized event and log data collection
Event and log normalization/management
Deployment flexibility
Integration with Identity and Access Management Tools
Not Rated
Custom dashboards and workspaces
Host and network-based intrusion detection
Log retention
Data integration/API management
Behavioral analytics and baselining
Reporting and compliance management
Incident indexing/searching