Splunk as a SIEM
June 13, 2022
Splunk as a SIEM
Score 9 out of 10
Vetted Review
Verified User
Overall Satisfaction with Splunk Enterprise Security (ES)
We use Splunk Enterprise Security (ES) as a SIEM. It's used by our SOC for both Incident Review and also for investigations. The Use Cases out of the box have been valuable as we use many of them in our analytics. We also used a previous SIEM which did not perform as well as Splunk Enterprise Security (ES) does, so it has been a huge improvement for us.
- Incident Review
- Dashboarding
- Analytics
- A little more user friendly. SPL Searching is a learning curve for some.
- The ability to map better to the MITRE ATT&CK framework. We have had to manually map to MITRE, which has been a lot of work.
- Maybe combine some of the ES apps for ease of use.
- Reduced time on incidents
- More visual displays of where our SOC stands via Custom Dashboards
- Better management of incidents via Incident Review
It most certainly has. We went from a clunky slow SIEM to one that is much higher performance and has better visualizations that we had prior.
It is worlds better than the other products I have used as it provides more benefits via the add on and apps that the other vendors can't compete with.
Do you think Splunk Enterprise Security (ES) delivers good value for the price?
Yes
Are you happy with Splunk Enterprise Security (ES)'s feature set?
Yes
Did Splunk Enterprise Security (ES) live up to sales and marketing promises?
Yes
Did implementation of Splunk Enterprise Security (ES) go as expected?
Yes
Would you buy Splunk Enterprise Security (ES) again?
Yes