The Best SIEM Solution the market has to offer!
June 21, 2022

The Best SIEM Solution the market has to offer!

Saibal Banerjee | TrustRadius Reviewer
Score 9 out of 10
Vetted Review
Verified User

Overall Satisfaction with Splunk Enterprise Security (ES)

Splunk ES is used as the SIEM solution in my organization for centralized logging and monitoring of Threats. We create new use cases as per our environment requirement and also leverage the different Analytical stories published by Splunk and tune them to our requirements. Splunk Incident review is used for Analysts Eye on the glass monitoring on a 24*7 basis.

Splunk ES is the single platform the SOC team uses to ingest new Threat Intelligence, Manage Assets, identify and also work towards identifying new threats.

Splunk ES can also be used to develop business use cases which focus on operational metrics and the alerts once triggered are sent out as notifications to different business teams.
  • Threat Intelligence Management - Splunk ES does a great job in automating the Intelligence collection from different sources like STIX and TAXII feeds, other third-party sources as well as internally built IOC repository.
  • Incident Review - The Incident Review tab is the single most important view on the Splunk ES which provides analysts with a crisp view of all newly triggered alerts and also provides enough filtering options.
  • The Search tab - The Splunk search tab is a very powerful utility to work on custom queries in SPL and also investigate ad-hoc detections and work towards building new use cases. This is where the real deep-dive investigation truly happens.
  • Investigations - The Splunk Investigations tab provides a unified view of all details pertaining to an incident to an analyst and it helps in faster triaging and remediation of incidents.
  • Alert Suppression - There should be a more user-friendly mechanism of performing alert suppressions and also a single console to track all use cases that have suppression enabled and what are those suppressions.
  • Extracting of new fields can be made simpler with fewer items to select so that even beginner-level analysts can extract fields as per requirement.
  • There should be dedicated options to search for IOCs in Splunk. SOC on a daily basis needs to hunt for IOCs and a copy-paste style of IOC hunting would help instead of writing queries.
  • Greater visibility of the organization infrastructure.
  • Faster detection and response ( MTTD, MTTA and MTTR) were reduced.
  • Improved storytelling with ES Investigations feature.
  • Better Intelligence management and risk reduction.
The scalability options for Splunk are absolutely insane, it caters to companies as small as a 10-member firm to a company as huge as Walmart. The offering of Splunk as a service over the cloud is great for small-scale companies and the hybrid options are a great solution for organizations that still have not completely migrated to the cloud, so Splunk helps to monitor both their cloud infra as well as on-prem infra.
Splunk ES is by far the best solution in the market as per flexibility, features and support. Cost-wise, it is the most expensive option to go with, but that has its own advantages as the product that we get is premium and superior to other SIEM. The best thing about Spunk ES is that it can also serve as a business intelligence tool for Data Analytics so both Security and Business teams can create use cases and monitor dashboards as per their needs.

Do you think Splunk Enterprise Security (ES) delivers good value for the price?


Are you happy with Splunk Enterprise Security (ES)'s feature set?


Did Splunk Enterprise Security (ES) live up to sales and marketing promises?


Did implementation of Splunk Enterprise Security (ES) go as expected?


Would you buy Splunk Enterprise Security (ES) again?


Having used multiple SIEM solutions over the past 8 years, can confidently say that Splunk is the single most versatile Platform for all Security Monitoring as well as Data Analytics needs. The platform just has enough flexibility for new integrations for apps and also fast rolling out of new features for customers. Also Splunk Docs is one excellent resource to refer to for anything related to Splunk. The platform offers great reporting options for management as well. The dashboards are super customizable so it serves as a perfect suite for any organization that needs to collect data for security monitoring as well as Big Data analytics.

Organizations that do not have a high budget for security, may choose the cloud only instances of Splunk, but if even that is expensive, and the company is too small and doesn't need that much work with data, they are better off with any other affordable alternative to Splunk, like LogRythm or Sentinel One. Splunk is the single most expensive SIEM and well it justifies the cost.

Splunk Enterprise Security (ES) Feature Ratings

Centralized event and log data collection
Event and log normalization/management
Deployment flexibility
Integration with Identity and Access Management Tools
Custom dashboards and workspaces
Host and network-based intrusion detection
Log retention
Data integration/API management
Behavioral analytics and baselining
Rules-based and algorithmic detection thresholds
Response orchestration and automation
Reporting and compliance management
Incident indexing/searching