Overall Satisfaction with Splunk Enterprise Security (ES)
We utilize it to generate notable events and alerts on enterprise-wide activity. It also enhances our threat intelligence posture to bolster security sharing with our partners. Splunk Enterprise Security helps our organization solve the problem of creating alerts based on a variety of sources through data normalization. I enjoy the Common Information Model and how it helps normalize data across sources. Our analysts don't need to know every single source but can search off one field to collect a variety of events.
- Normalize data
- Search efficiency
- Reporting and dashboards
- Data visualization
- Alerting and reporting
- Improved user interface
- Resource requirement
- Admin overhead
- Consolidated dashboarding
- Improved response time
- Reduced hours for IOC analysis
- Streamlined analyst workflow
- Improved threat intelligence
Splunk Enterprise Security allows for data normalization that does not compare to other SIEMs such as QRadar or Trustwave. QRadar requires custom dsm parsers before the data can be onboarded. I appreciate that Splunk Enterprise Security can ingest any source of data and normalize it based on a simple app that is available from Splunkbase. It is a much more streamlined process.
Do you think Splunk Enterprise Security (ES) delivers good value for the price?
Yes
Are you happy with Splunk Enterprise Security (ES)'s feature set?
Yes
Did Splunk Enterprise Security (ES) live up to sales and marketing promises?
Yes
Did implementation of Splunk Enterprise Security (ES) go as expected?
Yes
Would you buy Splunk Enterprise Security (ES) again?
Yes