Splunk Enterprise Security can take our jobs!!
June 20, 2022

Splunk Enterprise Security can take our jobs!!

Matt Esolen | TrustRadius Reviewer
Score 8 out of 10
Vetted Review
Verified User

Overall Satisfaction with Splunk Enterprise Security (ES)

We currently use Splunk Enterprise Security for our daily alerting and ticket escalation tool. Automating alerts and notables allows our team to dive deeper into specific alerts that require a human to check. Splunk Enterprise Security allows our team to edit alerts for tools such as EDR and Defender and create alerts without ever having to log in to the actual console.

Pros

  • Save Time
  • Automation
  • Custom Configuration

Cons

  • Macros
  • Tuning notables
  • permissions
  • Easy to rule out false positives
  • More time to investigate actual incidents
  • Quick turn around with reporting when requested
Splunk Enterprise Security alone has definitely helped our company but not without the addition of other tools with it. Our Splunk environment does not have SOAR or UBA. We utilize machine learning and try to automate and "set it and forget it" with as much as possible once we feel comfortable with a situation.
Splunk Enterprise Security is not a perfect solution alone but if paired with a good team and engineering department it can definitely help and escalate your organization. There are some requirements that a small company with a smaller IT department will not be able to complete. I have been fortunate enough to have started my original Splunk journey 8 years ago so my knowledge has been growing.

Do you think Splunk Enterprise Security delivers good value for the price?

Not sure

Are you happy with Splunk Enterprise Security's feature set?

Yes

Did Splunk Enterprise Security live up to sales and marketing promises?

I wasn't involved with the selection/purchase process

Did implementation of Splunk Enterprise Security go as expected?

Yes

Would you buy Splunk Enterprise Security again?

Yes

As a security engineer, I have created over 100 dashboards in Splunk Enterprise Security to go to different teams across the company. They can be daily, weekly, monthly, or yearly reports but at the end of the day I know they are getting their information without our team having to apply for any additional support with time we do not always have.

Splunk Enterprise Security Feature Ratings

Security Information and Event Management (SIEM)
6.5
Centralized event and log data collection
9
Correlation
8
Event and log normalization/management
6
Deployment flexibility
Not Rated
Integration with Identity and Access Management Tools
4
Custom dashboards and workspaces
8
Host and network-based intrusion detection
5
Log retention
5
Data integration/API management
6
Behavioral analytics and baselining
6
Rules-based and algorithmic detection thresholds
8
Response orchestration and automation
8
Reporting and compliance management
5
Incident indexing/searching
7

Comments

More Reviews of Splunk Enterprise Security

  1. Home
  2. Security Information and Event Management (SIEM) Software
  3. Splunk Enterprise Security Reviews
  4. User Review of Splunk Enterprise Security