Splunk Enterprise Security Reviews

My customers subscribe to many different tools, like CrowdStrike. They ingest all that into Splunk and use it as an aggregator to launch their investigations into any threats detected.

The solution has improved our organization by providing a centralized place to start investigations. It allows us to consolidate everything into one place that kicks everything off so we can map it back to at least that Splunk instance.

The solution's most valuable feature is its data modeling. Splunk has data from so many different vendors. Moving all that or normalizing that to the data models allows us to look at one place holistically across all the different inputs.

The one problem Splunk has is writing correlation searches. My analysts are intimidated to write queries to create correlation searches. It would be good if the solution had some kind of copilot to automate or help write correlation searches. Splunk Enterprise Security should include more automation, AI, and machine learning capabilities.

I have been using Splunk Enterprise Security for three to four months.

We haven’t faced any issues with the solution’s stability.

We haven’t faced any scalability issues with Splunk Enterprise Security.

The end-to-end visibility the tool provides is not that big of a deal. They have so many tools that can do that kind of part. Splunk doesn't have to be the one place for total visibility, but at least for visibility when it consolidates on threats.

Splunk has helped improve our organization's ability to ingest and normalize data. The tool pretty much consumes everything that we have. Everything from dozens of different vendor products gets ingested into Splunk. Splunk Enterprise Security is just that one central place where everything goes.

Splunk Enterprise Security has helped speed up our security investigations. Something that requires someone to work on it at the beginning of the day would not take more than 15 minutes with Splunk Enterprise Security.

Overall, I rate the solution an eight out of ten.

Splunk just acts as an extra presentation layer, and we tried it because of the plugins they have to try and get more logs into the environment.

Splunk would be my choice for the presentation layer because it comes with inbuilt reports and a dashboard that you can customize.

Aside from the 5GB limit on the community version, I believe it is the same as ELK. It's a useful tool, and nothing comes to mind right now.

I haven't found a way for me to create my own plugins and integrate them into Splunk, but this isn't necessarily a limitation; it could simply be a lack of knowledge on my part.

Splunk is a stable solution. I am very happy with the stability of Splunk.

Splunk can be scaled to any environment. The way it's designed, it's cloud-ready, and it has a lot of performance, in-built indexing, and performance tuning options. Splunk is easily scalable.

I am happy to report that I've never needed to contact technical support. The README tutorials and the existing forums provide me with practically everything I need. So far, I haven't had to do so. This should be a testament to the solution.

We broaden the scope of IT governance and IT security.

We look at everything from SIEM to network management to endpoint protection, server protection, database protection, and anything else that can aid in visibility, policy enforcement, and monitoring.

Our organization is using a combination of Splunk and Elasticsearch. We get most of what we need from the ELK suite. ELK Stack is usually the primary focus.

ELK has the same inbuilt reports and dashboards that you can customize, but ELK is better for central logging and log aggregation. Once they've all been aggregated, you'll be able to run any kind of queries and APIs to query the logs on ELK and then use Splunk as a presentation layer for the consumers to use.

Security tools, in my opinion, are business tools and should be used by businesses rather than security engineers. I'm experimenting with a hybrid of the two, in which ELK serves as the engine for central logging and Splunk handles the presentation layer and aggregation of additional third-party logs from tools that might be difficult to integrate into ELK.

I would rate Elasticsearch a ten out of ten.

It's a cloud-ready package. It has the same characteristics as ELK. From a deployment standpoint, I don't have any issues with it. The material is freely accessible to anyone who wishes to use it. There is a virtual machine option. You can get a virtual machine by downloading it. The deployment options are simply numerous, and it is up to the implementer.

It wasn't that difficult for me. There are no complaints from me. The material is present, and there are numerous options for deployment. It's relatively simple to go from zero to viewing data with Splunk. ELK is the same way. It is now up to the implementers and their environment to provide you with more data about it.

They could improve their discounts. I think it's a good solution, and it's gaining a lot of traction, maybe they are recouping their R&D costs, Further reductions would be fantastic, and I believe that more and more people would flock to it.

We provide IT consulting services. Our customers occasionally ask us to assist them in locating specific solutions.

I would recommend this solution to others who are interested in using this solution.

I would say the forums and READMEs provide more than enough information about Splunk. Most people struggle because they move too quickly through the implementation process. As long as you follow the guidelines, particularly the specifications for environment requirements and implementation methodology, these solutions should work out of the box.

Splunk is a very good solution, I would rate it a ten out of ten.

I use Splunk for testing purposes. It is used for school research and to learn how to use Splunk. 

Splunk is mainly used for collecting logs and dashboards.

Splunk provides a free version so you can test it before purchasing.  It's better than IBM, in my opinion, because it's an independent entity. IBM, for example, if you want to use EDR, and other features, you must use the features of other companies, such as ServiceNow and Jira.

I am still exploring the features provided in Splunk. As I have not used it for a long time, I don't have a clear vision of it.

As a student, I'd like to see more labs and things for students to test in order to learn.

Having a trial version or more training on Splunk would be helpful.

There is a free version, but it is insufficient for training and learning because it is a little bit difficult to work with, especially if you are a beginner. It's difficult to improve when you're just starting out with logs and SOC. As a result, we require a longer free version.

Splunk is not used in my company. During my internship, I am being taught how to use it at school.

I have been using Splunk for one month.

I did not have any issues with the stability of Splunk. It was quite stable.

There was technical assistance available. When you require assistance, they provide it, they will respond.

We integrate Jira with QRadar which is helpful.

The initial setup was simple because there is available support and tutorials.

I completed the installation with the help of some friends, in the IT department.

I'm only using the free version for the time being.

The cost is reasonable.

Splunk's costing is a little more difficult. The pricing method is complicated, and the way that costing is calculated in Splunk is a little more difficult.

When compared to QRadar, QRadar, it's simple to pay. 

I did some research for a school project. I needed to compare it to Splunk and a few other tools. As a result, I'm not particularly interested in purchasing them.

I would rate Splunk an eight out of ten.

We are using Splunk for querying data from different sources.

Splunk has machine learning which is a valuable feature.

The algorithms customization of Splunk could improve. They have limited algorithms for machine learning support. If they can allow the user to add more machine learning algorithms, such as the ability to choose the algorithm that a user might want. Additionally, they should provide the required libraries for those algorithms, and then analyzes the data for use.

I have used Splunk within the past 12 months.

Splunk is a stable solution.

We have contacted the support and most of the reasons we have contact support has been project-related. For example, we want the APAs to work in a certain way or for certain fixes.

I have been using Splunk for approximately 

We primarily use the solution for log management and security purposes.

The log management is great.

It has a very good alert tool that you can create with the logs that Splunk gets.

You can check up on security from the dashboards. We use some custom applications which we have created by ourselves. It's very helpful to have custom dashboards with knowledge of the system of what we monitor.

The initial setup is simple. 

We have found the solution to be stable.

Its scalability is quite good.

Right now, everything is good. I don't really have notes for aspects of improvement. 

There can be a bit of complexity around some fields during the initial setup. There are some places where you have to use regular expressions to parse logs. The part of parsing logs correctly is the most, let's say, difficult thing, and when this is done, all of the other things are easier. Anyway, the regex part is a very good feature and in my opinion, it should stay like it is, because it gives a lot of flexibility. Customers may learn to use it or use technical support.

The cost of the solution is a little bit high.

I've used the solution since 2016. I've used it for around six years at this point.

In terms of stability, it's reliable. There aren't bugs or glitches. it works well. It doesn't crash or freeze. 

The solution is scalable. If a company needs to expand it, it can do so.

We have a technical support contract.  

For the most part, we can do it probably ourselves. When technical support helps us, however, everything goes pretty smoothly. We are quite satisfied with them. We typically get immediate support and assistance.

The ease or difficulty of the initial setup depends on the infrastructure of the organization. However, when we have installed it, it was pretty simple. That said, there are some fields that are complex, and for this, we have support.

We did get support to assist us with a few complex fields.

We pay a yearly license. You do need to set up a contract for technical support.

While I don't have details about the exact pricing, my understanding is that it can be a bit expensive. 

We are a customer and an end-user.

I would rate the solution at a nine out of ten. We've been very happy with its capabilities in general. 

The only downside is the pricing. If the price would be lower, you would have the possibility to buy more capacity for parsing logs per day. In Splunk, you have a daily limit of logs that will be parsed. If you place that limit several times, the Splunk license will be blocked and you have to talk with support to get a recovery license. With the capacity, you can include, let's say, 30 servers, but if you want to include another 20 servers, you have to buy an additional license, which is very costly.

That said, for medium and large enterprise businesses it's really necessary to have. Even in smaller businesses, it is good to have. It's just the price that would stop small businesses from taking it on. 

If a small business has less than 500 MB logs/day, they may use a splunk free license.

The project we are working on with Splunk is short as the customer has given us two months to implement. My company is a Splunk partner.

Splunk is quite flexible for our customers. Splunk does not filter from a specific lock, you can define it later.

I would like Splunk to add more integration. QRadar has many indications with more products than Splunk.

I have been working with Splunk for three months.

Splunk is quite good if you want to scale it.

My client has some pain points with QRadar and does not feel the kilogram function is accurate. Other features do not match with the customer behavior as well. They want to replace QRadar with Splunk because they are familiar with this solution.

The initial setup of Splunk is complex. It requires a lot of equipment and uploads.

My company provides the implementation and maintenance services to our customers.

Splunk licensing requires you to purchase licenses for any feature per user. For example, if you need UEBA, it is difficult to propose in the project. QRadar has a free upcharge for UEBA. Customers cannot calculate the additional costs based on gigabytes per day because they can not forecast the future.

Due to the cost of Splunk, I recommend it for larger companies. Splunk is powerful when sorting huge amounts of data. 

Implementation of Splunk takes preparation. It requires a lot of resources and needs the infrastructure to support the project.

I would rate the solution an 8 out of 10.

The connections to the database are very good and updating the data files is simple to do. The dashboards are useful and user-friendly.

We had some connections issues with the solution at the beginning.

I have used Splunk within the last 12 months.

Splunk is a highly stable solution.

The scalability is good.

We have approximately 50 users using this solution in my organization.

I am satisfied with the support from Splunk.

We were previously using Excel.

We used a consultant for the implementation of the solution. The full process took approximately one week.

We had a big problem with communication sometimes during the implementation. Some files in our network were a little difficult to receive. This was our fault because of some of our firewall configurations.

We have a five-person maintenance team that works on this solution.

I rate Splunk an eight out of ten.

I need the product for SIEM, Security Identity Event Management. I also need it for security operations, automated response, as well as mapping adjusting of security components as well. It helps us with how best to look at various events, and orchestrate between various different hyper-scalers.

The solution has made us more secure and has allowed for more definable mapping.

The SIEM is the most valuable feature of the product.

Having a better integration method and then ingesting and mapping the information have been somewhat easier than some of the other tools that I've used previously (other than QRadar and Rapid7).

The initial setup is pretty simple.

The solution is scalable.

Stability has been quite good. 

The pricing is pretty decent.

The documentation is in definite need of improvement. 

There are pieces of it that are somewhat just daunting and there should be better orchestration and automation. 

I've done some automation with it, with Terraform, and also with some other sources. If it wasn't so proprietary, that would be ideal.

I'd like to have it so that Splunk integrates better with Terraform and Python.

I've used the solution for eight years. I've used it for quite a while. 

Splunk is probably the best brand in terms of stability. I'd rate its reliability at a four out of five. There aren't bugs or glitches. It doesn't crash or freeze.

The scalability is great. I'd give it a score of four out of five. If a company needs to expand, it can do so. 

We have 450 people in our organization that use the product. We've also done this for clients that needed access for over 200,000 people.

We use the solution extensively and likely will increase usage.

The support is okay, however, there are a couple of things that they couldn't figure out and they couldn't help me with automation or stuff like that. It could have been better from there, however, it's not that bad. 

I've previously used QRadar and it wasn't ideal.

There were certain times I integrated with other solutions too.

The initial implementation is pretty simple and straightforward. It's not too complex. I'd rate the experience at an eight out of ten.

The initial deployment took us about two weeks or so.

The amount of personnel you need for deployment and maintenance tasks depends on the size of the deployment. Typically, it's just one or two people. That said, it needs to be proportionate to certain sizes. Usually, the staff is from procurement or provisioning.

I handled the implementation myself. I didn't need any outside assistance from any integrators. I'm a consultant myself.  

We've seen quite extensive ROI, however, it's more of a qualitative assessment and I don't have numbers to share. It works well and customers are happy. That's what counts. 

It's a little bit more expensive than some of the other tools. It's not as expensive as QRadar. That said, it's more expensive than LogRhythm or Sentinel.

There aren't really other fees beyond the standard costs of licensing. 

I evaluated other things. I also integrated with other solutions too. I decided to go with Splunk due to the fact that it worked well.

I'm a consultant. I'm also a customer and use it myself. 

We use multiple deployment models, including public and private clouds. 

We typically use the latest version of the solution. 

I'd advise potential new users to get a proper plan. They should have a good partner or someone that can help them and quickly map and orchestrate.

I'd rate the solution at a ten out of ten.