This solution is used more for the analytics available on the platform.
The main use was for a COVID-19 White House initiative that was handled by the Vice President, Michael Pence.
The easiest route - we'll conduct a 15 minute phone interview and write up the review for you.
Use our online form to submit your review. It's quick and you can post anonymously.
This solution is used more for the analytics available on the platform.
The main use was for a COVID-19 White House initiative that was handled by the Vice President, Michael Pence.
It has been the platform for end to end data processing, manipulations, and reporting, greatly improved org's data reporting effort.
The solution offers very good end-to-end capabilities.
It works very seamlessly. Behind the scenes, the workflow is pretty decent.
The stability is good.
The product can scale.
Technical support is very good.
The workflow could be improved. Although it works rather seamlessly, the workflow too complicated sometimes. Maybe they can reduce the complexity of the workflow. It could be more modularized in the future.
The performance of the engine could be better.
I've been using the solution for three years or so.
The solution is pretty stable. There are no bugs or glitches. However, the performance could be a bit better.
The solution can scale well. If a company needs to expand, it can do so pretty easily.
The solution has pretty good technical support. They are helpful and responsive and we have been satisfied with their services so far.
Positive
As implementors, we can deploy the solution for our clients. We don't need the assistance of consultants.
We're implementors.
There are still place the solution can have room to improve, we've been mostly quite happy with it. I would rate the product at a nine out of ten.
I'd advise a company considering the solution gets a technical consultant for the platform. They also have sales training on their website. The modules range from simple to complex. You can do some pretty good self-training with your team if you need to.
I work in security and use Splunk for endpoint and application security, use case development reports, etc. I haven't used Splunk much for threat intelligence. We have a threat intel feed configured, and we create use cases based on those and the recommendations by the threat intel team. If something isn't covered, we create a use case for it. For example, if an application has an authentication interface enabled, we check all their authentication mechanisms and all the login policies.
Splunk speeds up our incident response by enabling us to automate some of the investigation steps, such as finding information about the user or the source of the incident on machines. We can then move directly into the remediation phase and assign those tickets to the remediation team. It also triggers automatic email alerts to the recipient user. If our security analyst wants to see the alert logs or anything, they can easily drill down to identify any information required.
It allows us to configure use cases involving our machine-learning toolkit, and we have an adaptive threshold in ITSI. Using these tools, we can eliminate false positives and do some whitelisting to weed out users who are performing benign activities. Removing the false positives reduces the incident response time.
We can start to see results immediately once we have achieved a steady state. For instance, we can easily show how much our mean resolution time for incidents has fallen and provide metrics in a way that is easy for our clients to understand.
Splunk's interface is user-friendly, and it has apps and add-ons for most applications. We can easily normalize the data to make it readable and understand the logs. We easily get all the field extractions and enrichment done by using the apps and add-ons. This helps us understand the application logs because the raw data is useless unless we extract some useful information from it. These add-ons make it so much easier.
Dashboards are useful when we present things to management. They want the numbers and the results. The leaders aren't interested in what we are working on. We need some visualization for our presentations. Splunk has beautiful and useful visualization and dashboard alerts. We can easily create visualizations using the available options and create different types of charts, reports, and graphs that are easy for management to understand. We can also provide our leaders direct access to the dashboards, so they don't need to reach out to our team to get this data or we can automatically send them the reports via email.
Splunk has several useful features, like asset and identity management. If we integrate our asset and identity management properly in this log, it's effortless to identify the user, device, or asset. We can get all the details if we integrate those things into the lookup engine.
It would be nice if Splunk reduced the cost of training. Their training sessions are way too costly.
We have used Splunk for around seven years.
Splunk is highly stable if you meet all the prerequisites and have enough physical memory for your local storage.
If you use the cloud version you can scale as much as your licensing allows. It's easy to scale, upgrade, or add instances according to your needs.
I rate Splunk support 8 out of 10. They're good, but I think there is room to improve because Splunk is the market leader, and they should strive to provide the best possible support.
Positive
I previously used QRadar and ArcSight. Splunk is one of the top products. Compared to Sentinel or QRadar, Splunk is the market leader in features and security. You can integrate application, physical, or cloud security and onboard those logs into Splunk, then tailor it to your requirements.
I've worked on multiple deployment models for Splunk, including hybrid, cloud, and on-prem. The deployment is straightforward. We do a POC and then scale it based on our requirements.
I feel like Splunk is worth our investment.
The cloud version of Splunk is somewhat expensive, but it does provide some flexibility because you do not need engineers to manage the system. Everything is hosted in the cloud because it is a SaaS service. It depends on the usage. It is costly, but everything good thing comes at a price.
I rate Splunk Enterprise Security 9 out of 10.