TrustRadius: an HG Insights company

Splunk Enterprise Security

Score9.7 out of 10

253 Reviews and Ratings

Get a Demo

Top Performing Features

+3%

Centralized event and log data collection

Effectiveness of real-time centralized event and log data collection

Cat avg: 9

+15%

Custom dashboards and workspaces

dashboards that can be customized to meet the needs of specific groups

Cat avg: 8

+5%

Incident indexing/searching

Effectiveness of searching across structured and unstructured events and incidents within SIEM

Cat avg: 8.8

+4%

Reporting and compliance management

Ease and quality of reporting and compliance functions

Cat avg: 8.3

Worst Performing Features

-2%

Response orchestration and automation

Quality of built-in response orchestration and automation in Next-Gen SIEM

Cat avg: 7.1

+2%

Behavioral analytics and baselining

How effectively activity and behavior baselines are established and maintained

Cat avg: 7.5

+1%

Integration with Identity and Access Management Tools

Integration with access control tools like Active Directory and LDAP

Cat avg: 7.7

Splunk Enterprise Security Features from Reviews

Security Information and Event Management (SIEM)

Security Information and Event Management is a category of security software that allows security analysts to look at a more comprehensive view of security logs and events than would be possible by looking at the log files of individual, point security tools

8.4+5%

  • Centralized event and log data collection

    Effectiveness of real-time centralized event and log data collection

    Category average: 9

  • Correlation

    Correlation of logs and events to pinpoint significant threats

    Category average: 8.4

  • Event and log normalization/management

    Ability to normalize event syntax so that logs can be compared and are machine-understandable

    Category average: 8.5

  • Deployment flexibility

    Ability to tune system to maximize threat detection and minimize false positives

    Category average: 7.7

  • Integration with Identity and Access Management Tools

    Integration with access control tools like Active Directory and LDAP

    Category average: 7.7

  • Custom dashboards and workspaces

    dashboards that can be customized to meet the needs of specific groups

    Category average: 8

  • Host and network-based intrusion detection

    Ability to detect both endpoint intrusion and network ingress detection

    Category average: 7.4

  • Data integration/API management

    Ease and quality of data integrations between SIEM and other systems

    Category average: 8.1

  • Behavioral analytics and baselining

    How effectively activity and behavior baselines are established and maintained

    Category average: 7.5

  • Rules-based and algorithmic detection thresholds

    Effectiveness of manually-established rules and algorithmically-determined detection thresholds

    Category average: 8.2

  • Response orchestration and automation

    Quality of built-in response orchestration and automation in Next-Gen SIEM

    Category average: 7.1

  • Reporting and compliance management

    Ease and quality of reporting and compliance functions

    Category average: 8.3

  • Incident indexing/searching

    Effectiveness of searching across structured and unstructured events and incidents within SIEM

    Category average: 8.8