Splunk Enterprise Security - a notable SIEM cornerstone for the enterprise environment
June 20, 2022
Splunk Enterprise Security - a notable SIEM cornerstone for the enterprise environment
Score 9 out of 10
Vetted Review
Verified User
Overall Satisfaction with Splunk Enterprise Security (ES)
By having Splunk ingest log files from all of our security tools, Splunk Enterprise Security acts as a single event collection point reducing the need to involve tool-specific administrators to get involved in event detection and analysis and instead allowing a focus group of SOC analysts and IR teams to investigate and quickly respond to potential threats.
- Notable email alerts contain enough info to determine if further action is required
- Risk based alerts reduce alert fatigue for SOC analysts
- Data ingestion scalability normally equates to real-time events appearing in Splunk
- Initial setup time - alert configurations, rule development, building relevant queries for our environment, sometimes requires development type folks (or Splunk contractors) rather than Splunk admin types
- Improved server health monitoring - we're deploying Meta Woot to give us specifics on hosts that are not sending log files or performing poorly, it seems like that should be part of Splunk IP
- I do not get involved in licensing costs, I am strictly a Splunk admin
N/A - Have only used Splunk Enterprise Security since coming to Deloitte
Do you think Splunk Enterprise Security (ES) delivers good value for the price?
Not sure
Are you happy with Splunk Enterprise Security (ES)'s feature set?
Yes
Did Splunk Enterprise Security (ES) live up to sales and marketing promises?
Yes
Did implementation of Splunk Enterprise Security (ES) go as expected?
I wasn't involved with the implementation phase
Would you buy Splunk Enterprise Security (ES) again?
Yes