Splunk Enterprise Security

Splunk Enterprise Security (ES) is a SIEM software that provides insight into machine data generated from security technologies such as network, endpoint, access, malware, vulnerability and identity information to enables security teams to quickly detect and respond to internal and external attacks to simplify threat management while minimizing risk and safeguarding business

Languages supported:

8.4/10 (Expert Score) ★★★★★
Product is rated as #16 in category Security Information and Event Management (SIEM) Software
Ease of use
8.0
Support
8.6
Ease of Setup
7.5

Splunk Enterprise Security is an analytic-driven SIEM solution that can combat threats with actionable intelligence and advanced analytics at scale. With the goal of perfecting your security operations and reducing risks, Splunk is the security platform that enables you to detect, investigate, and respond in real-time. With Splunk, you can streamline your entire security stack, minimize unplanned downtime, and explore and visualize business processes for increased transparency all in one platform.

Splunk Enterprise Security
Splunk Enterprise Security

Show more categories

Customer Reviews

Splunk Enterprise Security Reviews

User in Information Technology and Services

Advanced user of Splunk Enterprise Security
★★★★★
The best SIEM out there, if you're willing to learn

What do you like best?

You can customize all aspects of the platform, automate workflow actions, design rules with detailed drill down searches, enrich the notables with valuable context, and if you're willing to get creative and hack it a little bit, you can do unexpected things.

If you choose to follow this route, there is a great and active community ready to help you achieve even the weirdest of goals.

What do you dislike?

Hard to ensure the logs are processed into CIM compliance, if this is not done right, the product becomes mediocre. This process can require professional services and lots of maintenance.

Recommendations to others considering the product:

Invest in training your personnel properly, since it's very easy to misuse this tool and get low performance or inconsistent results. Also adhere to logging standards, Splunk ES works amazingly as long as you keep your logs CIM compliant and in good shape, if that's not the case you'll get an expensive, unreliable, and even slow tool.

What problems are you solving with the product? What benefits have you realized?

Using it as a SIEM, allowing to generate alerts for the SOC to triage and then kick off more in-depth investigations, providing different views of your overall security stance under the concept of domains, you can analyze dashboards related to hosts, malware, network activity and so on. It also integrates with threat intelligence frameworks so your detection rules have a higher relevance.

Review source: G2.com

Leave a reply

Your total score

B2B Software Guide