TrustRadius: an HG Insights company

Splunk Enterprise Security Manufacturing Reviews & Insights

Score9.8 out of 10

253 Reviews and Ratings

Community insights

TrustRadius Insights for Splunk Enterprise Security (ES) are summaries of user sentiment data from TrustRadius reviews and, when necessary, third party data sources.

Pros

Intuitive User Interface: Users have consistently found the user interface of the product intuitive and easy to use, allowing for quick completion of tasks. Many reviewers praised its simplicity and user-friendly design.

Efficient Log Correlation: The automation capabilities in XDR were highly appreciated by users as they enable efficient log correlation and turning data into meaningful insights. Several reviewers mentioned that this feature saves them time and enhances their overall productivity.

Comprehensive Security Monitoring: Users highlighted the product's ability to monitor firewall traffic, mail systems, and AWS infrastructure, providing comprehensive security monitoring. This feature was commended for its effectiveness in identifying potential threats from various sources.

Splunk Enterprise Security Reviews

8 Reviews
ManufacturingAutomotive1Electrical & Electronic Manufacturing1Machinery1Pharmaceuticals1Computer Hardware1Defense & Space2Aviation & Aerospace1

Splunk ES Alert Reduction

Rating: 10 out of 10
Incentivized

Use Cases and Deployment Scope

Our analysts use ES to gain a broad perspective on all the security events coming in from our customer devices. We have multiple internal customers with different environments, so it’s useful having a central place in each SIEM to find events. ES is vital to our business as it allows us to use risk based alerting, which decreases the amount of alerts our analysts have to review each day. We’re able to easily tune these rules to filter out false positives and noisy notables to ensure our analysts have an easy time identifying real threats in a timely manner.

Pros

  • Risk based alerting
  • Single pane of glass
  • Easy to use UI

Cons

  • Sometimes runs slowly
  • Some incident review panels have never worked in our environment
  • More dashboards

Likelihood to Recommend

It is well suited for our analysts reviewing the alerts that come in each day. The risk based alerting system allows us to tune detections to eliminate noisy notables and ensure our analysts don’t get stuck dealing with alert fatigue. The information generated by ES allows us to create dashboards that easily communicate our accomplishments to higher leadership.
Vetted Review
Splunk Enterprise Security
3 years of experience

The Power and Robustness of Spunk Enterprise Security

Rating: 9 out of 10
Incentivized

Use Cases and Deployment Scope

Splunk Enterprise Security has helped me be able to have detection of threats in real-time, have analysis of alert generation and investigation.Log management and retention. I also use it for data visualization and analysis.

Pros

  • Superb reporting and visualization abilities.
  • Offers for creation and customization of dashboards used for file, log, and data monitoring.
  • Allows for collection of data from multiple sources.

Cons

  • The only issue I have with this software is that it's pricing is quite high.

Likelihood to Recommend

Splunk Enterprise Security is well suited to departments or organizations that have to deal with issues of real-time alerting to deal with threats ASAP.

Excellent log analysis and monitoring tool for software and hardware

Rating: 7 out of 10
Incentivized

Use Cases and Deployment Scope

In terms of log analysis and monitoring, it is one of the best tools available. It uses charts and graphs to present data in a way that is highly interactive. It also has a simple integration process. In terms of ease of use, the UI is excellent.

Pros

  • A variety of threats can be more easily understood and managed.
  • Provide assistance to departments responsible for ensuring company compliance
  • The co-relation searches make it easier to complete the task.

Cons

  • Customizing an investigation is more difficult than you might think.
  • A more user-friendly user interface
  • Incorporate some of the classic dashboard features into the Glass table's functionality.
  • When moving from the homepage to another page, we notice a larger delay in response time.

Likelihood to Recommend

As a hardware engineer, I use ES on a daily basis to protect our clients' hardware, and I recommend it to all security analysts because it combines threat detection features with exceptional security incident management. All structured and/or large companies should be able to benefit from it, in my opinion. Small businesses find it difficult to implement because of the high costs. System flaws, industrial espionage through networks of computer devices, or models that we believe to be safe thanks to Splunk have occurred repeatedly in our cases.
Vetted Review
Splunk Enterprise Security
1 year of experience

Security and better performance with Splunk

Rating: 10 out of 10
Incentivized

Use Cases and Deployment Scope

We use Splunk to apply analytics techniques to gain business insights. The applications generate information, logs, which are stored in their own files causing, in this way we improve the analysis of our data. The grouping of the log files in a single place makes it easy to analyze the performance of our system and continuously propose possible improvements. It allows us to debug the applications, that is, to carry out the necessary tests to prevent possible problems.

Pros

  • Easy installation and minimal need for hardware resources for its use
  • It has a huge community behind it and has extensive and detailed documentation.
  • Semi-structured data logging, using the JSON format.
  • Supports multiple languages.
  • Architecture based on an extensive catalog of plugins (in_http, in_tail, out_mongo, out_webhdfs, out_kafka2…) that allows us to extend its functionality.
  • It features high stability and good performance.
  • Excellent configuration of alarms and triggers.
  • Extraction of additional information, secondary data can be accessed, such as the HTTP codes of requests to servers invoked by the APIs of our programs.

Cons

  • Splunk has, mainly, two negative aspects. The first, which is rather subjective, is that it is an on-premise solution, which implies a configuration that is costly both in terms of money and complexity
  • To deploy it in a high-scale environment, a dedicated cluster will need to be installed and configured. As a developer, that's not often what you could or would want to do, at least not as a first option.
  • The second con of Splunk is that it is expensive. To support a real-life application, tens of thousands of dollars will be needed.

Likelihood to Recommend

Splunk is packed with features to reduce and search huge amounts of data. Among all the SaaS log analysis tools, it is probably the richest in possibilities. Likewise, the fact that it is a service offered in the cloud implies a simpler configuration and operation. One of Splunk's main strengths is its ability to set benchmarks and actively notify you when key stats change after a certain event, such as a new release or porting attempt.

Best siem on the market

Rating: 9 out of 10
Incentivized

Use Cases and Deployment Scope

The module performs data analysis within our Data Indexers. Everything related to the administration of the elements of operation, including alarms, the administration of our cases, the workflow, the automated responses, and the administration of the platform is carried out by the administrators of this platform. There is a module for interaction with the platform that we have installed in stand-alone mode and in multiple instances. We can also find the Cloud which is a complementary solution provided through a cloud service that provides UEBA capabilities.

Pros

  • It supports a flexible architecture and great ease of scaling.
  • It provides us with a wide variety of complementary applications related to use cases such as Security Essentials and Stream.
  • The entire architecture can be implemented on physical or virtual machines, as well as in the cloud.
  • It also provides us with SaaS solutions or by the client.
  • It natively allows us solutions of type MSPs and MSSP.
  • Wide range of native analysis that is used to generate a very robust SIEM solution.
  • It has several modules such as Splunk ES, Splunk UBA, and Splunk Phantom which work perfectly.

Cons

  • One disadvantage of Splunk is that it is intended to be deployed in large organizations, offering a robust platform for detecting and responding to existing threats. Although it is preferably prepared to provide solutions to large companies, it can also be implemented within smaller organizations, adapting its content to the environment where it is implemented.

Likelihood to Recommend

It is centrally integrated to manage and improve the detection of our security threats, instead of using other types of native and complementary tools. Integrations with these appliances are done through our applications and plugins that we can find within Splunkbase. All this using the APIs.Splunk Stream uses the collection of our network traffic to determine the application, the protocol, even if it is encrypted. All this is sent for later analysis.
Vetted Review
Splunk Enterprise Security
2 years of experience

Splunk Review

Rating: 9 out of 10
Incentivized

Use Cases and Deployment Scope

Splunk provides us with excellent SIEM and security enhancement with in-depth log analysis that makes it a very well-suited software for our business. For the company, it generated a large volume of records and data from our users, customers, and suppliers. Splunk has become one of the best options since it offers us security analysis and event management in a matter of minutes. Thanks to this SW we monitor all the company's data in real-time.

Pros

  • It allows us to stream logs over HTTP/HTTPS. Supports Docker, AWS, Syslog, Heroku, Windows, and Linux logs. We can even create custom parsing rules for a new format
  • It has other features that make it one of the best options. It has a large number of tools, analyzes and indexes all data including machine data, event logs, server logs, and network events
  • We can monitor activity and issues in our facilities so we can see what can be improved and things that need to be removed from the infrastructure to increase performance.

Cons

  • Splunk is expensive. For large-scale companies where data is a top priority, it is perfect for adapting to all needs.
  • Spunk has another drawback of providing slower seek speed

Likelihood to Recommend

For ingesting structured, unstructured, and semi-structured data sets it works great. It allows us to convert the data for different platforms, services, and applications. is not a shipping or records management service; it only serves its collection of data and routing of that to the destination address. There are plugins that we can add to the system to perform another task that may not come in the package. We can create search parameters and apply them without writing a query. We can use them as alerts for updates and notifications. We can monitor our data in real-time without losing valuable information. Splunk helps us catch new bugs so we can remove them faster before they spread. Also, the web user interface is simple and easier to navigate

Splunk for the win.

Rating: 1 out of 10
Incentivized

Use Cases and Deployment Scope

We implemented Splunk Enterprise to monitor our network and employee users. We use Splunk to be on top of cyber security, which lets me monitor our firewall and any suspicious activity employees do. It alerts me when a user gets locked out or if a user is taking privileged actions, It also lets me know who is trying to access our network from the outside world.

Pros

  • Monitoring Users.
  • Monitoring firewalls and switches.
  • Alerting on specific activities.

Cons

  • Smaller learning curve.
  • Additional apps.
  • More informational help.

Likelihood to Recommend

Splunk Enterprise is less suited for businesses with fewer employees or where cybersecurity is not a big factor for them. It is well suited for mid-sized businesses to keep on top of everything that's going on within the business. It Alerts me when an employee gets locked out and alerts me when an external IP address is trying to access our firewall.

Thoughts from a Splunk Administrator - Who had zero Splunk experience before starting!

Rating: 9 out of 10
Incentivized

Use Cases and Deployment Scope

We utilize Enterprise Security at my organization to provide Enterprise Security Overview briefing on a weekly basis. Enterprise Security has been proven useful when understanding the security "health" of our organization. We don't currently utilize the investigative features of Enterprise Security, mostly due to the lack of resources. (I'm the sole Splunk Admin).

Pros

  • Detecting events of interest that could be security risks
  • Once set up, Enterprise Security is almost a full SIEM
  • Providing a birds-eye view of the Security posture of an organization
  • Integrating with IDS/IPS, Vulnerability Scanners, and other databases to enrich your data.

Cons

  • The initial setup could be more user-friendly. After a year of working with the organization, I still do not have ES fine-tuned. While we could pay to have Professional Services come out and spin up everything, it's not fair to have purchased a product like Enterprise Security and receive little to no instruction on setting it up. What does fine-tuning your notable events look like? What data should be mapped to the data models? What do I do when an ES index is not populating? If my Identity notables are not populating, where do I look? What does a healthy asset & identity manager look like?
  • I've placed tickets into Splunk Support for issues like these and to be fair, a premium product like Splunk does not offer premium support.

Likelihood to Recommend

Splunk Enterprise Security could be used for a broad array of organizations. We have entered the data age where data is gold. Splunk Enterprise Security allows you to work in tandem with Splunk to notify on Interesting/Notable events. If a company has the resources to dedicate a full team (more than one person) I believe any organization will appreciate what Splunk Enterprise Security has to offer. Enterprise Security is more of an investment to protect your data.