Splunk Enterprise Security for life
June 15, 2022

Splunk Enterprise Security for life

Anonymous | TrustRadius Reviewer
Score 10 out of 10
Vetted Review
Verified User

Overall Satisfaction with Splunk Enterprise Security (ES)

We are using Splunk Enterprise Security for a long time but we are quite new to Splunk Enterprise Security. We were using Qradar before and I can easily say building a rule is quite easy with Qradar but flexibility is everything. If you are an advanced SIEM user you can deploy every rule with Splunk Enterprise Security but you cannot do this with Qradar. Anomaly detection and ML capabilities are big plusses as well. Right tech is important these days and Splunk is more comfortable than the competitors.
  • Flexibility
  • Machine learning
  • Ease to use
  • Fast
  • Rule development ease of use
  • Pricing
  • Licensing
Splunk can be easily deployed with different platforms. User management is easy and deployment capabilities are improving.
Qradar is easy for first-timers. Easy to deploy and manage but if you need an advanced solution for ML, Anomaly Detection you need to use Splunk. Qradar is solid, too. But Splunk has advanced functionality for detection and automation.

Do you think Splunk Enterprise Security (ES) delivers good value for the price?

Not sure

Are you happy with Splunk Enterprise Security (ES)'s feature set?


Did Splunk Enterprise Security (ES) live up to sales and marketing promises?


Did implementation of Splunk Enterprise Security (ES) go as expected?


Would you buy Splunk Enterprise Security (ES) again?


Splunk Enterprise, IBM Resilient Security Orchestration, Automation and Response (SOAR), Microsoft Advanced Threat Analytics (discontinued), Fortinet FortiGate
Everyone can use Splunk Enterprise Security for anomaly detection use cases. ML capabilities are great. 3rd party integrations are acceptable. Use Splunk to detect, investigate, and respond in a couple of mins. The investigation has to be improved and you should be more user-friendly for new users. The deployment environment is hard to manage.

Splunk Enterprise Security (ES) Feature Ratings

Centralized event and log data collection
Event and log normalization/management
Deployment flexibility
Integration with Identity and Access Management Tools
Custom dashboards and workspaces
Host and network-based intrusion detection
Log retention
Data integration/API management
Behavioral analytics and baselining
Rules-based and algorithmic detection thresholds
Response orchestration and automation
Reporting and compliance management
Incident indexing/searching