Splunk ES Review
September 06, 2023

Splunk ES Review

Anonymous | TrustRadius Reviewer
Score 9 out of 10
Vetted Review
Verified User

Overall Satisfaction with Splunk Enterprise Security (ES)

We use Splunk ES to monitor security-relevant events, create notables for our Analysts to review, and overall improve our organization's security and security hygiene. Splunk ES is a service we offer to our clients as an MSSP and SOC-as-a-service, giving potential customers another great option to use for their own organization.

Pros

  • Breakdown event logs into easy-to-search fields
  • Provide relevant trends and metrics for events
  • Develop dashboards and notables to track security-relevant details

Cons

  • Ease-of-use for new users
  • Better options to export events/notables
  • More streamlined UI
  • Faster MTTR
  • Training ended up being costly, but over projected to be high ROI over time
  • Dashboards provide better context for our executives
It is very easy to connect data sources and manipulate data sets of any size
AlienVault is much more user and beginner friendly, however Splunk ES very much so provides more capability for mass data manipulation, report and dashboard customization, and trend analytics.

Do you think Splunk Enterprise Security (ES) delivers good value for the price?

Yes

Are you happy with Splunk Enterprise Security (ES)'s feature set?

Yes

Did Splunk Enterprise Security (ES) live up to sales and marketing promises?

I wasn't involved with the selection/purchase process

Did implementation of Splunk Enterprise Security (ES) go as expected?

I wasn't involved with the implementation phase

Would you buy Splunk Enterprise Security (ES) again?

Yes

It has nearly limitless potential for security uses, but the learning curve is very steep

Splunk Enterprise Security (ES) Feature Ratings

Centralized event and log data collection
9
Correlation
9
Event and log normalization/management
9
Deployment flexibility
6
Integration with Identity and Access Management Tools
6
Custom dashboards and workspaces
9
Host and network-based intrusion detection
8
Log retention
10
Data integration/API management
6
Behavioral analytics and baselining
6
Rules-based and algorithmic detection thresholds
6
Response orchestration and automation
9
Reporting and compliance management
9
Incident indexing/searching
10

Comments

More Reviews of Splunk Enterprise Security (ES)