Splunk Enterprise Security for life
June 15, 2022

Splunk Enterprise Security for life

Anonymous | TrustRadius Reviewer
Score 10 out of 10
Vetted Review
Verified User

Overall Satisfaction with Splunk Enterprise Security (ES)

We are using Splunk Enterprise Security for a long time but we are quite new to Splunk Enterprise Security. We were using Qradar before and I can easily say building a rule is quite easy with Qradar but flexibility is everything. If you are an advanced SIEM user you can deploy every rule with Splunk Enterprise Security but you cannot do this with Qradar. Anomaly detection and ML capabilities are big plusses as well. Right tech is important these days and Splunk is more comfortable than the competitors.

Pros

  • Flexibility
  • Machine learning
  • Ease to use
  • Fast

Cons

  • Rule development ease of use
  • Pricing
  • Licensing
  • Automation
Splunk can be easily deployed with different platforms. User management is easy and deployment capabilities are improving.
Qradar is easy for first-timers. Easy to deploy and manage but if you need an advanced solution for ML, Anomaly Detection you need to use Splunk. Qradar is solid, too. But Splunk has advanced functionality for detection and automation.

Do you think Splunk Enterprise Security (ES) delivers good value for the price?

Not sure

Are you happy with Splunk Enterprise Security (ES)'s feature set?

Yes

Did Splunk Enterprise Security (ES) live up to sales and marketing promises?

No

Did implementation of Splunk Enterprise Security (ES) go as expected?

Yes

Would you buy Splunk Enterprise Security (ES) again?

Yes

Splunk Enterprise, IBM Resilient Security Orchestration, Automation and Response (SOAR), Microsoft Advanced Threat Analytics (discontinued), Fortinet FortiGate
Everyone can use Splunk Enterprise Security for anomaly detection use cases. ML capabilities are great. 3rd party integrations are acceptable. Use Splunk to detect, investigate, and respond in a couple of mins. The investigation has to be improved and you should be more user-friendly for new users. The deployment environment is hard to manage.

Splunk Enterprise Security (ES) Feature Ratings

Security Information and Event Management (SIEM)
9.6
Centralized event and log data collection
10
Correlation
10
Event and log normalization/management
10
Deployment flexibility
7
Integration with Identity and Access Management Tools
10
Custom dashboards and workspaces
10
Host and network-based intrusion detection
10
Log retention
10
Data integration/API management
10
Behavioral analytics and baselining
10
Rules-based and algorithmic detection thresholds
10
Response orchestration and automation
10
Reporting and compliance management
8
Incident indexing/searching
10

Comments

More Reviews of Splunk Enterprise Security (ES)

  1. Home
  2. Security Information and Event Management (SIEM) Software
  3. Splunk Enterprise Security (ES) Reviews
  4. User Review of Splunk Enterprise Security (ES)