Share your experience using Blackberry AtHoc

When configuring our use cases and describing the overall purpose of Splunk Enterprise Security, I would focus on the main use cases that I encountered with this tool.

The ease of use and building queries, specifically SQL queries, is notably beneficial as it is easy to build, and the data model itself is very simple. The advanced correlation capabilities are very useful for identifying patterns or malicious activity of users.

I have worked with Splunk Enterprise Security for two years.

I have contacted the Splunk Enterprise Security support team once, but mainly the other team responsible for onboarding contacted them.

I am preparing my master's degree and conducting this review for completing it at KFUPM University, King Fahd University of Petroleum and Minerals, located in Saudi Arabia, to prepare for my defense. I have experience with blue team tools, specifically Splunk Enterprise Security and some other solutions.

The company name is Cyberani Solutions, and my email is first name dot last name at cyberanisolutions.com. PeerSpot will create an account and email the login credentials, and my feedback will be published and possibly shared with third parties if I choose to not remain anonymous.

I would rate Splunk Enterprise Security an eight.

I'm a technical support engineer for Cortex XDR at the moment and in my company, we are selling the Cortex XDR solution to other companies. 

I also have experience with Splunk Enterprise Security and CrowdStrike too; we are using those products in my company. For Splunk Enterprise Security, I am using the Enterprise Security module and base Splunk for developing rules.

The deployment server is very good and is one of the best features of Splunk Enterprise Security for me; you can use that deployment server even for distributing any agents, upgrading automatically, and universal forwarders. Its search is very flexible, allowing you to search anything by typing a sentence.

Splunk Enterprise Security is a wonderful solution, however, the background configuration process could be better as the administration process is very complicated. As an analyst rather than a Splunk engineer, some background configurations might be easier.

I'm working with Splunk Enterprise Security for six months, however, I have been using Splunk for one year.

Splunk Enterprise Security is a very stable product; I have never been in trouble with any stability problems if you set it up correctly.

I would give support a seven out of ten as Splunk Enterprise Security's advanced support is very skillful, however, to reach that advanced support, first they send you some beginner-level support that mostly does not solve problems for me. That said, when they escalate it, it completely finds a solution.

Before Splunk Enterprise Security, I didn't use any other solution.

I did not set up the Splunk Enterprise Security; my admin colleagues from another department set it up for me.

I'm just using and revising the rules. I'm a Cortex admin, so I'm involved in the process for Cortex, not for Splunk Enterprise Security.

My company is a partner with Splunk Enterprise Security. As an engineer and layer two security analyst, I'm solving problems with Splunk Enterprise Security, editing rules on customers, reviewing alerts, and developing rules.

I'm not aware of the price of the tool. My company and other departments arange the licensing. 

On Splunk Enterprise Security, we imported from the content library, specifically from the content management page that contains many rules; we are importing rules from there, enabling rules, and editing them. I'm not a deep down administrator of Splunk Enterprise Security, so I'm not arranging the data models. I'm mostly editing the rules.

On a scale of one to ten, I rate Splunk Enterprise Security an eight out of ten.