1. Home
  2. Security Information and Event Management (SIEM) Software
  3. Splunk Enterprise Security (ES) Reviews
  4. User Review of Splunk Enterprise Security (ES)
Aligning on Splunk means a cheaper and far more flexible security monitoring solution.
August 02, 2022

Aligning on Splunk means a cheaper and far more flexible security monitoring solution.

Anonymous | TrustRadius Reviewer
Score 8 out of 10
Vetted Review
Verified User

Overall Satisfaction with Splunk Enterprise Security (ES)

We use Splunk Enterprise Security since a couple of years for our Security monitoring solution. We needed another supplier as the previous one was too big for our needs and Splunk offered us a way to fit our requirement and a little bit more. We started with a few use-cases but since then have expanded into a complete monitoring solution.
  • Very customisable.
  • With a little knowledge your can do elaborate searches.
  • Continuous security monitoring.
  • The product is pricey.
  • Learning curve is steep.
  • Far better security monitoring compared to our previous choice of product.
  • Though learning curve is steep, the rewards are excellent: customisation and endless querying SPL variations for anomalies.
  • Splunk is pricey but even then cheaper than our previous SOC/SIEM solution.
Splunk ES is very customisable and scalable in its implementation. We use the cloud hosted version but have some locally installed modules for efficiency. We are an international company and have aligned our SIEM solution to Splunk ES. This works very well and though each country is 90% separate, the remaining 10% is shared.
Even though Splunk ES is not the cheapest solution on the markt, we found it was still cheaper compared to Secureworks we had before. Also the level of flexibility and "thinking with the customer" is much better now.

Do you think Splunk Enterprise Security (ES) delivers good value for the price?

Yes

Are you happy with Splunk Enterprise Security (ES)'s feature set?

Yes

Did Splunk Enterprise Security (ES) live up to sales and marketing promises?

Yes

Did implementation of Splunk Enterprise Security (ES) go as expected?

Yes

Would you buy Splunk Enterprise Security (ES) again?

Yes

If you need a very customisable SIEM product this is a very good contender in the SIEM market. Having used SaaS solutions before that were not very customisable, Splunk ES is a welcome product. It has a wide user adoption so even the user-driven support is great, this helps a lot in creating your queries.

Splunk Enterprise Security (ES) Feature Ratings

Security Information and Event Management (SIEM)
7.9
Centralized event and log data collection
9
Correlation
8
Event and log normalization/management
9
Deployment flexibility
7
Integration with Identity and Access Management Tools
8
Custom dashboards and workspaces
9
Host and network-based intrusion detection
8
Log retention
8
Data integration/API management
7
Behavioral analytics and baselining
7
Rules-based and algorithmic detection thresholds
8
Response orchestration and automation
8
Reporting and compliance management
7
Incident indexing/searching
8

Using Splunk Enterprise Security (ES)

20 - Our internal security operations team of 6 is using the Splunk instance daily. We use a third party SOC which also have access.
6 - We have an international security operation team of 6 that is using Splunk ES on a daily basis. They also create SPL queries and dashboards for internal use. Any advanced level Splunk usage is directed to our 3rd party SOC people.
  • Continuous security monitoring.
  • Creating dashboards for internal use.
  • Our previous SIEM didn't allow use to create our own queries. Having Splunk allows us to both learn more and get more information out of our log data.
We are very happy with Splunk and would advise anyone to take a serious look at it. It might look pricey but the rewards Splunk offers seem endless.