ES the best platform to wipe out attackers and malicious behaviours.
March 24, 2022
ES the best platform to wipe out attackers and malicious behaviours.

Score 7 out of 10
Vetted Review
Verified User
Overall Satisfaction with Splunk Enterprise Security (ES)
ES is being useful to me for many security-related aspects the key role ES played is well known Data models where we can make index data CIM Compliant which coming from any indexes e.g Email, Authentication, Endpoint, etc we can map those Data models to create use cases for user authentication to identify threats and anomalies which can be further addresses in Dashboards to analyze the problem.
Pros
- Security use cases creation using data models to make data CIM compliant will be useful in further analysis.
- Dashboards and other knowledge objects which are created in ES are other keys to identifying the threats.
- Users present in the organization can set up them in lookup and gain information about User Behaviour to run analysis to find other threats and anomalies.
Cons
- To identify User Behaviour analysis is lacking component which we get in Splunk UBA.
- The documentation part is hard to work on because if the new user tries to learn ES then the documentation is not user-friendly.
- ES must ass more Knowledge objects by default to make security-related aspects more reliable and enhance the details.
- ES has highly impacted ROI because as the customer of the ES the work we do for creating use cases for clients in terms of security-related aspects by their logs has given more return than investment.
- The correlation searches we run to get detailed results from the Data models are very less time-consuming than Splunk Enterprise itself we can get quick responses to the use cases and dashboards populated because of ES.
- The CIM compliance feature is ES has made more jobs easy in the terms of finding more Authentication related data we can get data onboarded in the Email data model from O365 and search is email data model instead of searching for particular indexes.
Apart from ES I have used Dynatrace and Qradar SIEM tool to work on security findings in organization where in Dynatrace with the help of collector agent we can monitor proper host data and it can be further classified in host process, memory usage, cpu usage etc as per Qradar it is again the best tool for analysis but the offenses o create is troublesome which is more user friendly in Splunk ES
Do you think Splunk Enterprise Security (ES) delivers good value for the price?
Yes
Are you happy with Splunk Enterprise Security (ES)'s feature set?
Yes
Did Splunk Enterprise Security (ES) live up to sales and marketing promises?
I wasn't involved with the selection/purchase process
Did implementation of Splunk Enterprise Security (ES) go as expected?
Yes
Would you buy Splunk Enterprise Security (ES) again?
Yes
Comments
Please log in to join the conversation