Overall Satisfaction with Splunk Enterprise Security (ES)
Splunk ES is used as the SIEM solution in my organization for centralized logging and monitoring of Threats. We create new use cases as per our environment requirement and also leverage the different Analytical stories published by Splunk and tune them to our requirements. Splunk Incident review is used for Analysts Eye on the glass monitoring on a 24*7 basis.
Splunk ES is the single platform the SOC team uses to ingest new Threat Intelligence, Manage Assets, identify and also work towards identifying new threats.
Splunk ES can also be used to develop business use cases which focus on operational metrics and the alerts once triggered are sent out as notifications to different business teams.
Splunk ES is the single platform the SOC team uses to ingest new Threat Intelligence, Manage Assets, identify and also work towards identifying new threats.
Splunk ES can also be used to develop business use cases which focus on operational metrics and the alerts once triggered are sent out as notifications to different business teams.
- Threat Intelligence Management - Splunk ES does a great job in automating the Intelligence collection from different sources like STIX and TAXII feeds, other third-party sources as well as internally built IOC repository.
- Incident Review - The Incident Review tab is the single most important view on the Splunk ES which provides analysts with a crisp view of all newly triggered alerts and also provides enough filtering options.
- The Search tab - The Splunk search tab is a very powerful utility to work on custom queries in SPL and also investigate ad-hoc detections and work towards building new use cases. This is where the real deep-dive investigation truly happens.
- Investigations - The Splunk Investigations tab provides a unified view of all details pertaining to an incident to an analyst and it helps in faster triaging and remediation of incidents.
- Alert Suppression - There should be a more user-friendly mechanism of performing alert suppressions and also a single console to track all use cases that have suppression enabled and what are those suppressions.
- Extracting of new fields can be made simpler with fewer items to select so that even beginner-level analysts can extract fields as per requirement.
- There should be dedicated options to search for IOCs in Splunk. SOC on a daily basis needs to hunt for IOCs and a copy-paste style of IOC hunting would help instead of writing queries.
- Greater visibility of the organization infrastructure.
- Faster detection and response ( MTTD, MTTA and MTTR) were reduced.
- Improved storytelling with ES Investigations feature.
- Better Intelligence management and risk reduction.
Splunk ES is by far the best solution in the market as per flexibility, features and support. Cost-wise, it is the most expensive option to go with, but that has its own advantages as the product that we get is premium and superior to other SIEM. The best thing about Spunk ES is that it can also serve as a business intelligence tool for Data Analytics so both Security and Business teams can create use cases and monitor dashboards as per their needs.
Do you think Splunk Enterprise Security (ES) delivers good value for the price?
Yes
Are you happy with Splunk Enterprise Security (ES)'s feature set?
Yes
Did Splunk Enterprise Security (ES) live up to sales and marketing promises?
Yes
Did implementation of Splunk Enterprise Security (ES) go as expected?
Yes
Would you buy Splunk Enterprise Security (ES) again?
Yes