Splunk ES, a great tool to use with some caveats!
September 12, 2023
Splunk ES, a great tool to use with some caveats!
Score 8 out of 10
Vetted Review
Verified User
Overall Satisfaction with Splunk Enterprise Security (ES)
I use the product to help monitor, analyze and potentially mitigate certain security issues that may come up. This includes acting as a secondary for escalations and looking at some alerts.
- Monitoring log activity for potential security problems
- The interface for investigations is pretty easy to use
- Enjoy the high level detail the product gives for alerting
- Nice playground for keeping track of investigations
- Ease to create new notables to track further items.
- Crazy awful latency when loading
- Sometimes the events tab won't show any logs
- Difficult to follow certain parts of investigations, but this is being addressed with Mission Control. (I'm talking about the original interface)
- Fast MTTD but no specific numbers
- Excellent integration with other tools so we don't have to pay for an additional service
I did not choose this product. Overall although I like ES, I think Sentinel in certain ways is the superior product. The Kusto Query language is a lot easier to use. For instance anything that requires manual parsing in query can be more difficult with this product. Also some of the logs are hard to find and you have to have a better knowledge of the environment to know which logs you need to look through. It's not just listed on the side.
Do you think Splunk Enterprise Security (ES) delivers good value for the price?
Not sure
Are you happy with Splunk Enterprise Security (ES)'s feature set?
Yes
Did Splunk Enterprise Security (ES) live up to sales and marketing promises?
I wasn't involved with the selection/purchase process
Did implementation of Splunk Enterprise Security (ES) go as expected?
No
Would you buy Splunk Enterprise Security (ES) again?
Yes