Splunk Enterprise Security Information Reviews & Insights

Score9.7 out of 10

253 Reviews and Ratings

Community insights

TrustRadius Insights for Splunk Enterprise Security (ES) are summaries of user sentiment data from TrustRadius reviews and, when necessary, third party data sources.

Pros

Intuitive User Interface: Users have consistently found the user interface of the product intuitive and easy to use, allowing for quick completion of tasks. Many reviewers praised its simplicity and user-friendly design.

Efficient Log Correlation: The automation capabilities in XDR were highly appreciated by users as they enable efficient log correlation and turning data into meaningful insights. Several reviewers mentioned that this feature saves them time and enhances their overall productivity.

Comprehensive Security Monitoring: Users highlighted the product's ability to monitor firewall traffic, mail systems, and AWS infrastructure, providing comprehensive security monitoring. This feature was commended for its effectiveness in identifying potential threats from various sources.

Splunk Enterprise Security Reviews

14 Reviews

InformationComputer Software7Internet2Telecommunications3Information Services1Computer Games1

Splunk Enterprise Security: My Review

Rating: 9 out of 10

Incentivized

October 24, 2023

Use Cases and Deployment Scope

It's easy to build queries & integrate with other systems and applications. There are a lot of add ons you can integrate to Splunk that can save you a lot of time. Correlation and investigation are easy due to Splunk's effective data parsing capability. There are endless options to customize searching. It provides a very accurate Data Analytics platform that can be adopted by users of all levels. E.x. From tools like Data Tables for Novices to Splunk's Web Framework for Experts.

Pros

It gives visuals to the client when we select a graphical portrayal, enabling us to change signs into visual outlines, for example, pie outlines, diagrams, tables, and so on.
Dashboard UI is intuitive and exceptionally educational, so one can easily find whatever they are looking for.

Cons

Sometimes, it's very, very slow! It also takes a long time to refresh.
UI for pattern searching can be a little better.

Likelihood to Recommend

Well Suited: What we admire most about Splunk is the significant improvements and capabilities it brings to the software with every major release. It is simply mind-blowing and easy to set up from a backend developer's point of view, as it is compatible with existing popular enterprise frameworks using microservice architecture (Spring Boot). Less Suited: Their enterprise plans are frankly costly. Cost wise, maybe it won't be suitable for small startups.

Yash Dabhi

Software Engineer in Information Technology at Maruti Techlabs (Computer Software, 201-500 employees)

Vetted Review

2 years of experience

The Power of Splunk Enterprise.

Rating: 9 out of 10

Incentivized

September 12, 2023

Use Cases and Deployment Scope

We use Splunk Enterprise in our Organization to achieve the following. Consolidate logs from all sources in one place. Create Custom Correlation alerts to paint the bigger picture effectively. Create Sophisticated Dashboards and reports using multiple data sources for better and non-redundant visualization. Create some basic automation like CSV updates. Perform Threat Hunting to discover unknown threats. Manage Incidents in one place and track Analyst Performance.

Pros

Writes Powerful Queries: The queries that can be written using the Splunk Query Language are very powerful and highly customizable to meet every need. Ex: Writing queries to search the intersection of two different sources like Network and Endpoint Logs.
Offers Dashboard Abilities: Helps build complex panels for Dashboards in addition to providing several out-of-the-box panels. Ex: creating panels to calculate the performance of analysts in a given timezone.
Helpful Search Aids: It helps to set up complex custom alerts very easily. The interesting fields section is very helpful while threat hunting. Ex: It shows all the users and the frequency of each in a failed login event. The user list on the interesting fields is useful to look for suspicious logins.

Cons

Dashboard Builder: It needs more out-of-the-box panels for beginners to learn.
Autofill: The query autofill isn't that great. It needs better suggestions for beginners especially.
Speed: The speed of the search isn't that great. It can be improved. For some queries, it takes too long.
Error handler: The error messages in the case of wrong syntax can be more descriptive. The messages are sometimes vague and are not helpful.

Likelihood to Recommend

Well suited: Splunk ES is highly recommended in an environment with many data sources and experienced computer engineers. It has a steep learning curve, but once that hurdle is crossed, it is absolutely a beast. It is also very expensive, so a company putting a high amount of budget in Security is needed. Not well suited: Splunk ES is not recommended if a company has only a few sources and some non-technical IT users. The price won't justify the fewer data sources and scratching just the surface level. Moreover, non-technical IT users would be better off with something that has a query builder, unlike Splunk.

Verified User

Engineer in Information Technology (Computer Software company, 1001-5000 employees)

Vetted Review

4 years of experience

excellent platform for the collection and management of logs from multiple sources

Rating: 9 out of 10

Incentivized

September 11, 2023

Use Cases and Deployment Scope

splunk ES is a very useful and powerful tool as a SIEM platform, we send logs from multiple sources such as winodws servers, linux, RH, Firewalls, WAF, O365, etc, the installation process of UF is not complicated, the deployment of the information is fast and the language for the visualization of tables or graphs can be a little complicated but there are guides and KB to support these tasks.

Pros

Customization of dashboards
Creating apps based on your needs.
Search queries can be saved for future or even can be converted to apps

Cons

high cost
slow interface

Likelihood to Recommend

We send logs from multiple sources such as winodws servers, linux, RH, Firewalls, WAF, O365, etc,

Verified User

Professional in Information Technology (Internet company, 5001-10,000 employees)

Vetted Review

2 years of experience

Splunk Enterprise security is a powerful tool to explore

Rating: 9 out of 10

Incentivized

June 21, 2022

Use Cases and Deployment Scope

Splunk Enterprise Security is being used in our company to quickly detect security issues and respond to internal and external attacks. The security department is currently working on exploring all use cases for ES. Splunk is widely used for all types of monitoring, detecting issues, threats, security, cybercrime, DDOS, etc.

Pros

Good graphical UI to learn and detect threat and perform quick recovery action.
ES is very useful in detecting security issues in enterprise infrastructures such as devices, systems, and applications.
Using AI and ML features to detect anomalies and trigger alerts to NOC.

Cons

Limited use cases, need to be expanded and include all the other use cases in the ES to detect security issues.

Likelihood to Recommend

Splunk ES helps my team to detect threats and issues in real-time, drill down to detail issues helped in investigating the root cause, and solve problems quickly. Our team relies on Splunk logs analysis and Machine learning for early detection and correction. ES is one of the tools we are currently exploring all use cases and trying to build some dashboard for overall monitoring of all technologies nodes.

Verified User

Engineer in Information Technology (Telecommunications company, 10,001+ employees)

Vetted Review

4 years of experience

Splunk Enterprise Security is one of best solution Splunk has provided.

Rating: 7 out of 10

Incentivized

June 17, 2022

Use Cases and Deployment Scope

We use Splunk Enterprise Security to manage threat connect and other security-related issues, as security is the backbone of any industry.WE also used to address akamai, malicious email, and other network-related threats. This is really helpful to address PCI content and is easy to include or exclude or monitor particular email IDs or websites that may be suspicious.

Pros

Threat Connect
PCi compliance
Akamai

Cons

may be more in PCI compliance
and more in malicious emails

Likelihood to Recommend

Splunk Enterprise Security search head works so well for threat connect and Paul alto networks along with monitoring incidents and dashboards are working great. We would like to see more AI for help in the detection of suspicious mail activity as day by day these kinds of activities are increasing so if there will be more scanning with the help of AI that would be more helpful.

Shilpi Jain

Intermediate Enterprise Support Analyst in Information Technology at Shaw Communications (Telecommunications, 5001-10,000 employees)

Vetted Review

4 years of experience

View profile

Splunk keeps our system safe from attacks.

Rating: 9 out of 10

Incentivized

April 14, 2022

Use Cases and Deployment Scope

Splunk Enterprise Security has allowed us to identify possible incidents on our networks while allowing a deep position of disquisition into circumstances. It has addressed a gap in security intelligence by offering links to multiple intelligence feeds while performing active trouble analytics and threat-grounded reporting. Splunk Enterprise Security (ES) stores raw data and manages them according to different attributes. This allows a critic to dig into the data and find implicit pointers of concession to remediate security incidents.

Pros

Its best feature is its user interface, which is easy to navigate and understand. All you need is a little tutorial on how to use the Splunk query language and you're done.
Logs can be easily uploaded or shared across multiple platforms and display a highly insightful graphical representations of data using graphs, tables, and many other formats.

Cons

It has so many features that it took me a while to understand them.

Likelihood to Recommend

A quick dashboard for common issues. It is used for security so that you can see various servers' vulnerabilities, time, and page errors, employee logins, account changes, and incorrect login attempts. Most importantly, it is used against various malware and hackers trying to access it. In short, Splunk Enterprise Security (ES) should be in the toolbox of any organization that needs to protect itself from attack.

Verified User

Engineer in Information Technology (Computer Software company, 501-1000 employees)

Vetted Review

1 year of experience

The best way to secure a network with detection and mitigation

Rating: 10 out of 10

Incentivized

April 7, 2022

Use Cases and Deployment Scope

Our company has been using the Splunk Enterprise Security solution for a year and a few months. It has made a major upgrade in technical issues of monitoring, detecting, and mitigating cyber threats and external attack attempts. Splunk ES is easy to implement and configure through an intuitive and user-friendly configuration interface. Our IT Infrastructure team uses it every day, 24 hours a day, to monitor and combat cyber threats that try to access and seek security holes in our data network. We created custom routines and rules that have improved the search and mitigation of threats.

Pros

Cyber threat protection with prevention of before, during, and after threat attempts.
Custom reports and display charts.
Full protection 24 hours a day.
Immediate response to attempted attacks.
Stable and fast.

Cons

Improved integration with other third-party tools.
Documentation is a little weak and should be improved.

Likelihood to Recommend

Since the implementation of this tool, we no longer suffer damage due to attacks. This solution allied with the Firewall solution is a wall of protection against any internet threat. The great differential of the Splunk Enterprise Security solution is to provide detection by monitoring the entire network including servers, applications, cloud services, storage systems, and databases, as well as by mitigating and alarming incidents seeking to solve the problem. Splunk's technical support is one of the best. They are very fast and efficient.

Verified User

Analyst in Information Technology (Computer Software company, 10,001+ employees)

Vetted Review

1 year of experience

proactive problem solving 24/7

Rating: 9 out of 10

Incentivized

April 1, 2022

Use Cases and Deployment Scope

We use it to investigate, predict and defend against threats, therefore, ensuring modern infrastructure and flawless uptime. We have automated threat hunting every three months and we have been able to block more than ten thousand threats. Sometimes we offer discounts to our customers which lead to an increase in online traffic and this is bound to create threats to our data. Splunk Enterprise Security enables us to detect those threats and work on them.

Pros

Troubleshooting. It trouble shoots issues faster hence preventing future disasters.
Live dashboards.
Defense against threats.

Cons

Cost. It's expensive to buy and maintain and uses a lot of data.
Not user friendly as you have to learn syntax before you begin using it.
It needs to be complemented with cloud service to work effectively.

Likelihood to Recommend

Our company had an insertion anomaly that led to inconsistencies due to the omission of some characters led to a slow down of workloads and Splunk Enterprise Security was able to detect and respond with automated workflows that saved us a lot of losses that were about to be incurred. On the downside, it slows down with large queries.

maggie hall

Software Engineer in Engineering at AppStar Financial (Computer Software, 201-500 employees)

Vetted Review

3 years of experience

View profile

Just try Splunk once. You wouldn't have to find an alternative.

Rating: 8 out of 10

Incentivized

March 22, 2022

Use Cases and Deployment Scope

Splunk has acted as a one-stop solution for all our cyber security requirements. We have extensively used Splunk for log analysis and monitoring. The best part has been the onboarding time required for the team. The ease of use has amazed the entire team. We developed a workflow for monitoring and identifying key issues from the logs that are generated. We initially set up Splunk on our premises which were easy thanks to the Splunk customer service team. Later our team set up an index to store the data, We also designed a listener to receive the data systematically. Later we installed Splunk universal forwarder. This specific tool has single-handedly acted as a backbone for the architecture. We set up a forward server to monitor and connected it with the forwarder. Later we developed a program to search and view the generated reports. Finally, the metrics were collected and could be viewed in the dashboard. Windows OS generates logs during its lifecycle. They will be collected; also we can monitor the event log channels and files which are forwarded by the in-Splunk cloud. Creating Dashboards and the use of panels in the Splunk applications gives a no-code experience. This architecture ensures high compliance, efficiency and also improves sales/ Marketing.

Pros

This allowed us to comply with the organizational and Global security policies and regulations. This also helps the companies auditing easier and the response to data breaches a lot easier. The filtering ability for the logs and the latency for search responses are amazing indeed.
The ability for third-party adapters support is phenomenal. There are plenty of configurable options for data and reporting. This also allows the integration of external endpoints.
As a company that generates TBs of data, Splunk's ability to handle large datasets surprises me.

Cons

The product is pretty much on the expensive side.
The User interface and experience could improve as these things matter a lot nowadays. The number of clicks required could be minimized.
The RAM consumption is very huge. Could optimize and improve.

Likelihood to Recommend

In our team, while we had set up the architecture for log analysis we had load balancers, ingresses, and Full TLS based deployment. The logs captured at ingress to server communications were not captured at all. The troubleshooting efforts required to solve this was too much. I think as the system architecture becomes complicated, the efforts in configuring Splunk become complicated too. This could be improved by providing use case-based documentation or more training materials.

Vaishakh S

Senior Full Stack Engineer in Research & Development at SAS (Information Services, 501-1000 employees)

Vetted Review

2 years of experience

View profile

It's an excellent platform for keeping track of the security of apps that are still being developed.

Rating: 6 out of 10

Incentivized

March 21, 2022

Use Cases and Deployment Scope

Software developers and anyone working in the IT business must pay close attention to the security of the apps they are creating. As a result, Splunk Enterprise Security comes into play, which provides a variety of security services to assist us safeguard our web applications. It allows security teams to carry out security policies and to improve security operations on the system with optimized and smaller response time. It also provides capabilities like end-to-end data visibility from numerous sources, enables us to detect and analyze threats early and faster, conducts data breach practices and analysis, extensive reporting and many more.'

Pros

On a regular basis, user activity dashboards provide a snapshot of the most common threats.
The ability to simultaneously set up several log sources.
In addition to safeguarding network equipment, the domains for network protection also provide detailed statistics on the network's usage.

Cons

The interface might be extremely slow at times, resulting in a prolonged reaction time.
It takes a long time and a lot of effort to install it on a server.
Duplicating dashboards is a waste of time. Creating new dashboards is a regular occurrence for us.

Likelihood to Recommend

Where you need to examine multiple logs to investigate system issues. Aids in large-scale log analysis, which it completes quickly and accurately. As soon as an issue is rectified, it sends out an alert to the relevant persons. This makes true reporting a lot easier. Investigations are aided by the availability of preserved logs.It also provides ideal protection for those of us who design video games to keep system intruders at bay.

Verified User

Project Manager in Engineering (Computer Games company, 1-10 employees)

Vetted Review

1 year of experience

Loading Reviews List....

Just try Splunk once. You wouldn't have to find an alternative.

Rating: 8 out of 10

Incentivized

March 22, 2022

Use Cases and Deployment Scope

Pros

This allowed us to comply with the organizational and Global security policies and regulations. This also helps the companies auditing easier and the response to data breaches a lot easier. The filtering ability for the logs and the latency for search responses are amazing indeed.
The ability for third-party adapters support is phenomenal. There are plenty of configurable options for data and reporting. This also allows the integration of external endpoints.
As a company that generates TBs of data, Splunk's ability to handle large datasets surprises me.

Cons

The product is pretty much on the expensive side.
The User interface and experience could improve as these things matter a lot nowadays. The number of clicks required could be minimized.
The RAM consumption is very huge. Could optimize and improve.

Likelihood to Recommend

Vaishakh S

Senior Full Stack Engineer in Research & Development at SAS (Information Services, 501-1000 employees)

Vetted Review

2 years of experience

View profile