One SIEM to rule them all
Updated July 20, 2022
One SIEM to rule them all

Score 8 out of 10
Vetted Review
Verified User
Overall Satisfaction with Splunk Enterprise Security (ES)
Using Splunk Enterprise Security is just amazing. Splunk Enterprise Security is like no other SIEMs solutions.
Splunk gives us:
- Advanced dashboarding and alerting options.
- Real-time security investigations.
- Anomaly detection.
- With MLTK and SPL, we are implementing some advanced use cases which are included statistics and ML.
- With lookups and data models, we created many custom models to run our Threat Intel schemas and Threat hunting processes.
Splunk gives us:
- Advanced dashboarding and alerting options.
- Real-time security investigations.
- Anomaly detection.
- With MLTK and SPL, we are implementing some advanced use cases which are included statistics and ML.
- With lookups and data models, we created many custom models to run our Threat Intel schemas and Threat hunting processes.
Pros
- Security investigation.
- Threat hunting and threat intel processes.
- Search efficiency with data models.
- Creating investigation workflows.
Cons
- Splunk Enterprise Security and UEBA could be one platform.
- Real time searches could be improve. (should be added more real time searches etc.)
- Configuration and management is hard for newbies.
- Creating investigation workflows for specific rules or groups.
- Faster search, index retention and weekly updated Security Content.
- Reduced time in Threat intel workflows.
- Schema on the fly indexing --> Gives you faster index searches. Even if you use Datamodes, it's 100x time faster as well.
- Correlation with other domains easily gives you total visibility and reduces the time to investigate and understand the problem.
- With lookups and trust, you can easily ingest your TI platforms and look for backlog and real-time data.
- Splunkbase
- RBA is using unsupervised learning also, so it's not like Qradar or McAfee. If we look at Qradar or McAfee, they are giving some magnitude values with static rules and define incident levels with that.
- Advanced investigation option and out-of-box security metrics tell you that where you are.
- Correlation with other domains easily gives you total visibility and reduces the time to investigate and understand the problem.
- With lookups and trust, you can easily ingest your TI platforms and look for backlog and real-time data.
- Splunkbase
- RBA is using unsupervised learning also, so it's not like Qradar or McAfee. If we look at Qradar or McAfee, they are giving some magnitude values with static rules and define incident levels with that.
- Advanced investigation option and out-of-box security metrics tell you that where you are.
Do you think Splunk Enterprise Security (ES) delivers good value for the price?
Yes
Are you happy with Splunk Enterprise Security (ES)'s feature set?
Yes
Did Splunk Enterprise Security (ES) live up to sales and marketing promises?
Yes
Did implementation of Splunk Enterprise Security (ES) go as expected?
Yes
Would you buy Splunk Enterprise Security (ES) again?
Yes
Comments
Please log in to join the conversation