Splunk ES Alert Reduction
July 21, 2023
Splunk ES Alert Reduction
Score 8 out of 10
Vetted Review
Verified User
Overall Satisfaction with Splunk Enterprise Security (ES)
Our analysts use ES to gain a broad perspective on all the security events coming in from our customer devices. We have multiple internal customers with different environments, so it’s useful having a central place in each SIEM to find events. ES is vital to our business as it allows us to use risk based alerting, which decreases the amount of alerts our analysts have to review each day. We’re able to easily tune these rules to filter out false positives and noisy notables to ensure our analysts have an easy time identifying real threats in a timely manner.
- Risk based alerting
- Single pane of glass
- Easy to use UI
- Sometimes runs slowly
- Some incident review panels have never worked in our environment
- More dashboards
- Mean time to detection
- Mean time to response
- Communication with higher management
- Alert fatigue reduction
- Splunk User Behavior Analytics (UBA)
Splunk enterprise is the only solution that we’ve been able to identify that provides risk based alerting, which allows our SOC to reduce analyst fatigue which would be a huge problem without it. Before RBA, there were thousands of alerts a day and it was impossible to review all of them.
Do you think Splunk Enterprise Security (ES) delivers good value for the price?
No
Are you happy with Splunk Enterprise Security (ES)'s feature set?
Yes
Did Splunk Enterprise Security (ES) live up to sales and marketing promises?
Yes
Did implementation of Splunk Enterprise Security (ES) go as expected?
Yes
Would you buy Splunk Enterprise Security (ES) again?
Yes