Splunk Enterprise Security can take our jobs!!
June 20, 2022

Splunk Enterprise Security can take our jobs!!

Matt Esolen | TrustRadius Reviewer
Score 8 out of 10
Vetted Review
Verified User

Overall Satisfaction with Splunk Enterprise Security (ES)

We currently use Splunk Enterprise Security for our daily alerting and ticket escalation tool. Automating alerts and notables allows our team to dive deeper into specific alerts that require a human to check. Splunk Enterprise Security allows our team to edit alerts for tools such as EDR and Defender and create alerts without ever having to log in to the actual console.
  • Save Time
  • Automation
  • Custom Configuration
  • Macros
  • Tuning notables
  • permissions
  • Easy to rule out false positives
  • More time to investigate actual incidents
  • Quick turn around with reporting when requested
Splunk Enterprise Security is not a perfect solution alone but if paired with a good team and engineering department it can definitely help and escalate your organization. There are some requirements that a small company with a smaller IT department will not be able to complete. I have been fortunate enough to have started my original Splunk journey 8 years ago so my knowledge has been growing.

Do you think Splunk Enterprise Security (ES) delivers good value for the price?

Not sure

Are you happy with Splunk Enterprise Security (ES)'s feature set?


Did Splunk Enterprise Security (ES) live up to sales and marketing promises?

I wasn't involved with the selection/purchase process

Did implementation of Splunk Enterprise Security (ES) go as expected?


Would you buy Splunk Enterprise Security (ES) again?


As a security engineer, I have created over 100 dashboards in Splunk Enterprise Security to go to different teams across the company. They can be daily, weekly, monthly, or yearly reports but at the end of the day I know they are getting their information without our team having to apply for any additional support with time we do not always have.

Splunk Enterprise Security (ES) Feature Ratings

Centralized event and log data collection
Event and log normalization/management
Deployment flexibility
Not Rated
Integration with Identity and Access Management Tools
Custom dashboards and workspaces
Host and network-based intrusion detection
Log retention
Data integration/API management
Behavioral analytics and baselining
Rules-based and algorithmic detection thresholds
Response orchestration and automation
Reporting and compliance management
Incident indexing/searching