Splunk Enterprise Security is especially compelling for large scale organizations and/or those already using the Splunk platform
June 20, 2022

Splunk Enterprise Security is especially compelling for large scale organizations and/or those already using the Splunk platform

Anonymous | TrustRadius Reviewer
Score 7 out of 10
Vetted Review
Verified User

Overall Satisfaction with Splunk Enterprise Security (ES)

Splunk Enterprise Security is our one-stop-shop for gaining visibility and insight into most of our secops tooling. We currently use it as our primary alerting platform (via Splunk On-Call) and share access/administration with a third-party hybrid SOC. Assets are our biggest pain point, with our current methodology relying on reading a CSV each day, performing data cleaning/sanitization, and using macros to define key fields like category and risk. This is really only feasible for our critical assets, so the remaining hosts are very inconsistent and unreliable at times, especially for our cloud assets.
  • Powerful searching
  • Handles large sets of logs
  • Integrates with our sec-ops tooling
  • Out of the box correlation searches
  • Out of the box RBA
  • Out of the box data normalisation
  • Allowing fine control of user access
  • Reduced operating costs
  • Faster MTTD
  • Faster MTTR
Flexibility is definitely there, not much more to say
LogRhythm is a superior SIEM from a purely security/SOC perspective in my opinion. However, Splunk shines if you have an expert behind the wheel or if the organization is quite large - as my experience with LogRhythm indicated it couldn't handle large-size organizations.

Do you think Splunk Enterprise Security (ES) delivers good value for the price?

Not sure

Are you happy with Splunk Enterprise Security (ES)'s feature set?


Did Splunk Enterprise Security (ES) live up to sales and marketing promises?


Did implementation of Splunk Enterprise Security (ES) go as expected?


Would you buy Splunk Enterprise Security (ES) again?


Large organizations, especially with an existing Splunk platform in place, are most suited for Splunk Enterprise Security. Smaller organizations, especially those with minimal sec-ops experience or staffing would probably not get the immediate value expected from an investment into a SIEM solution. Competitors like LogRhythm are more closely aligned with the small business ideology.

Splunk Enterprise Security (ES) Feature Ratings

Centralized event and log data collection
Event and log normalization/management
Deployment flexibility
Integration with Identity and Access Management Tools
Custom dashboards and workspaces
Host and network-based intrusion detection
Log retention
Data integration/API management
Behavioral analytics and baselining
Rules-based and algorithmic detection thresholds
Response orchestration and automation
Reporting and compliance management
Incident indexing/searching