Splunk ES Review
September 06, 2023
Splunk ES Review
Score 9 out of 10
Vetted Review
Verified User
Overall Satisfaction with Splunk Enterprise Security (ES)
We use Splunk ES to monitor security-relevant events, create notables for our Analysts to review, and overall improve our organization's security and security hygiene. Splunk ES is a service we offer to our clients as an MSSP and SOC-as-a-service, giving potential customers another great option to use for their own organization.
Pros
- Breakdown event logs into easy-to-search fields
- Provide relevant trends and metrics for events
- Develop dashboards and notables to track security-relevant details
Cons
- Ease-of-use for new users
- Better options to export events/notables
- More streamlined UI
- Faster MTTR
- Training ended up being costly, but over projected to be high ROI over time
- Dashboards provide better context for our executives
Splunk ES has definitely helped us attain our security goals. Within our own organization we have been able to improve our own security hygiene, while with clients we have been able to better present their own security concerns or points of focus and provide relevant solutions through dashboards and custom reports.
AlienVault is much more user and beginner friendly, however Splunk ES very much so provides more capability for mass data manipulation, report and dashboard customization, and trend analytics.
Do you think Splunk Enterprise Security delivers good value for the price?
Yes
Are you happy with Splunk Enterprise Security's feature set?
Yes
Did Splunk Enterprise Security live up to sales and marketing promises?
I wasn't involved with the selection/purchase process
Did implementation of Splunk Enterprise Security go as expected?
I wasn't involved with the implementation phase
Would you buy Splunk Enterprise Security again?
Yes
Comments
Please log in to join the conversation